Split LimitCollectionCreationDeletion into two database columns (#4709)

* Add new columns to `dbo.Organization` & its references * Feed existing data into new `dbo.Organization` column * Update Entity Framework database definitions * Move new EF columns out of the core entity definition * Generate Entity Framework migrations * Feed existing data into new `Organization` Entity Framework columns * Add a where clause to SQL migration
2025-06-30 23:52:50 -05:00 · 2024-10-03 13:43:54 -04:00
parent b196c8bfb9
commit 6a51e3b1a9
26 changed files with 17595 additions and 24 deletions
--- a/src/Core/AdminConsole/Entities/Organization.cs
+++ b/src/Core/AdminConsole/Entities/Organization.cs
@ -94,6 +94,7 @@ public class Organization : ITableObject<Guid>, IStorableSubscriber, IRevisable,
    /// they have Can Manage permissions for.
    /// </summary>
    public bool LimitCollectionCreationDeletion { get; set; }
+
    /// <summary>
    /// If set to true, admins, owners, and some custom users can read/write all collections and items in the Admin Console.
    /// If set to false, users generally need collection-level permissions to read/write a collection or its items.
--- a/src/Infrastructure.EntityFramework/AdminConsole/Configurations/OrganizationEntityTypeConfiguration.cs
+++ b/src/Infrastructure.EntityFramework/AdminConsole/Configurations/OrganizationEntityTypeConfiguration.cs
@ -12,10 +12,6 @@ public class OrganizationEntityTypeConfiguration : IEntityTypeConfiguration<Orga
            .Property(o => o.Id)
            .ValueGeneratedNever();

-        builder.Property(c => c.LimitCollectionCreationDeletion)
-            .ValueGeneratedNever()
-            .HasDefaultValue(true);
-
        builder.Property(c => c.AllowAdminAccessToAllCollectionItems)
            .ValueGeneratedNever()
            .HasDefaultValue(true);
--- a/src/Infrastructure.EntityFramework/AdminConsole/Models/Organization.cs
+++ b/src/Infrastructure.EntityFramework/AdminConsole/Models/Organization.cs
@ -9,6 +9,10 @@ namespace Bit.Infrastructure.EntityFramework.AdminConsole.Models;

 public class Organization : Core.AdminConsole.Entities.Organization
 {
+    // Shadow properties - to be introduced by https://bitwarden.atlassian.net/browse/PM-10863
+    public bool LimitCollectionCreation { get => LimitCollectionCreationDeletion; set => LimitCollectionCreationDeletion = value; }
+    public bool LimitCollectionDeletion { get => LimitCollectionCreationDeletion; set => LimitCollectionCreationDeletion = value; }
+
    public virtual ICollection<Cipher> Ciphers { get; set; }
    public virtual ICollection<OrganizationUser> OrganizationUsers { get; set; }
    public virtual ICollection<Group> Groups { get; set; }
@ -38,6 +42,9 @@ public class OrganizationMapperProfile : Profile
            .ForMember(org => org.ApiKeys, opt => opt.Ignore())
            .ForMember(org => org.Connections, opt => opt.Ignore())
            .ForMember(org => org.Domains, opt => opt.Ignore())
+            // Shadow properties - to be introduced by https://bitwarden.atlassian.net/browse/PM-10863
+            .ForMember(org => org.LimitCollectionCreation, opt => opt.Ignore())
+            .ForMember(org => org.LimitCollectionDeletion, opt => opt.Ignore())
            .ReverseMap();

        CreateProjection<Organization, SelfHostedOrganizationDetails>()
--- a/Procedures/Organization_Create.sql
+++ b/Procedures/Organization_Create.sql
@ -1,4 +1,4 @@
-CREATE PROCEDURE [dbo].[Organization_Create]
+CREATE PROCEDURE [dbo].[Organization_Create]
    @Id UNIQUEIDENTIFIER OUTPUT,
    @Identifier NVARCHAR(50),
    @Name NVARCHAR(50),
@ -51,12 +51,17 @@
    @MaxAutoscaleSmSeats INT= null,
    @MaxAutoscaleSmServiceAccounts INT = null,
    @SecretsManagerBeta BIT = 0,
-    @LimitCollectionCreationDeletion BIT = 0,
+    @LimitCollectionCreationDeletion BIT = NULL, -- Deprecated https://bitwarden.atlassian.net/browse/PM-10863
+    @LimitCollectionCreation BIT = NULL,
+    @LimitCollectionDeletion BIT = NULL,
    @AllowAdminAccessToAllCollectionItems BIT = 0
 AS
 BEGIN
    SET NOCOUNT ON

+    SET @LimitCollectionCreation = COALESCE(@LimitCollectionCreation, @LimitCollectionCreationDeletion, 0);
+    SET @LimitCollectionDeletion = COALESCE(@LimitCollectionDeletion, @LimitCollectionCreationDeletion, 0);
+
    INSERT INTO [dbo].[Organization]
    (
        [Id],
@ -111,7 +116,9 @@ BEGIN
        [MaxAutoscaleSmSeats],
        [MaxAutoscaleSmServiceAccounts],
        [SecretsManagerBeta],
-        [LimitCollectionCreationDeletion],
+        [LimitCollectionCreationDeletion], -- Deprecated https://bitwarden.atlassian.net/browse/PM-10863
+        [LimitCollectionCreation],
+        [LimitCollectionDeletion],
        [AllowAdminAccessToAllCollectionItems]
    )
    VALUES
@ -168,7 +175,9 @@ BEGIN
        @MaxAutoscaleSmSeats,
        @MaxAutoscaleSmServiceAccounts,
        @SecretsManagerBeta,
-        @LimitCollectionCreationDeletion,
+        COALESCE(@LimitCollectionCreation, @LimitCollectionDeletion, 0), -- Deprecated https://bitwarden.atlassian.net/browse/PM-10863)
+        @LimitCollectionCreation,
+        @LimitCollectionDeletion,
        @AllowAdminAccessToAllCollectionItems
    )
 END
--- a/Procedures/Organization_ReadAbilities.sql
+++ b/Procedures/Organization_ReadAbilities.sql
@ -1,4 +1,4 @@
-CREATE PROCEDURE [dbo].[Organization_ReadAbilities]
+CREATE PROCEDURE [dbo].[Organization_ReadAbilities]
 AS
 BEGIN
    SET NOCOUNT ON
@ -21,7 +21,9 @@ BEGIN
        [UseResetPassword],
        [UsePolicies],
        [Enabled],
-        [LimitCollectionCreationDeletion],
+        [LimitCollectionCreationDeletion], -- Deprecated https://bitwarden.atlassian.net/browse/PM-10863
+        [LimitCollectionCreation],
+        [LimitCollectionDeletion],
        [AllowAdminAccessToAllCollectionItems]
    FROM
        [dbo].[Organization]
--- a/Procedures/Organization_Update.sql
+++ b/Procedures/Organization_Update.sql
@ -1,4 +1,4 @@
-CREATE PROCEDURE [dbo].[Organization_Update]
+CREATE PROCEDURE [dbo].[Organization_Update]
    @Id UNIQUEIDENTIFIER,
    @Identifier NVARCHAR(50),
    @Name NVARCHAR(50),
@ -51,12 +51,17 @@
    @MaxAutoscaleSmSeats INT = null,
    @MaxAutoscaleSmServiceAccounts INT = null,
    @SecretsManagerBeta BIT = 0,
-    @LimitCollectionCreationDeletion BIT = 0,
+    @LimitCollectionCreationDeletion BIT = null, -- Deprecated https://bitwarden.atlassian.net/browse/PM-10863
+    @LimitCollectionCreation BIT = null,
+    @LimitCollectionDeletion BIT = null,
    @AllowAdminAccessToAllCollectionItems BIT = 0
 AS
 BEGIN
    SET NOCOUNT ON

+    SET @LimitCollectionCreation = COALESCE(@LimitCollectionCreation, @LimitCollectionCreationDeletion, 0);
+    SET @LimitCollectionDeletion = COALESCE(@LimitCollectionDeletion, @LimitCollectionCreationDeletion, 0);
+
    UPDATE
        [dbo].[Organization]
    SET
@ -111,7 +116,9 @@ BEGIN
        [MaxAutoscaleSmSeats] = @MaxAutoscaleSmSeats,
        [MaxAutoscaleSmServiceAccounts] = @MaxAutoscaleSmServiceAccounts,
        [SecretsManagerBeta] = @SecretsManagerBeta,
-        [LimitCollectionCreationDeletion] = @LimitCollectionCreationDeletion,
+        [LimitCollectionCreationDeletion] = COALESCE(@LimitCollectionCreation, @LimitCollectionDeletion, 0),
+        [LimitCollectionCreation] = @LimitCollectionCreation,
+        [LimitCollectionDeletion] = @LimitCollectionDeletion,
        [AllowAdminAccessToAllCollectionItems] = @AllowAdminAccessToAllCollectionItems
    WHERE
        [Id] = @Id
--- a/src/Sql/dbo/Tables/Organization.sql
+++ b/src/Sql/dbo/Tables/Organization.sql
@ -1,4 +1,4 @@
-CREATE TABLE [dbo].[Organization] (
+CREATE TABLE [dbo].[Organization] (
    [Id]                            UNIQUEIDENTIFIER NOT NULL,
    [Identifier]                    NVARCHAR (50)    NULL,
    [Name]                          NVARCHAR (50)    NOT NULL,
@ -52,6 +52,8 @@
    [MaxAutoscaleSmServiceAccounts] INT              NULL,
    [SecretsManagerBeta]            BIT              NOT NULL CONSTRAINT [DF_Organization_SecretsManagerBeta] DEFAULT (0),
    [LimitCollectionCreationDeletion]   BIT              NOT NULL CONSTRAINT [DF_Organization_LimitCollectionCreationDeletion] DEFAULT (0),
+    [LimitCollectionCreation]       BIT              NOT NULL CONSTRAINT [DF_Organization_LimitCollectionCreation] DEFAULT (0),
+    [LimitCollectionDeletion]       BIT              NOT NULL CONSTRAINT [DF_Organization_LimitCollectionDeletion] DEFAULT (0),
    [AllowAdminAccessToAllCollectionItems]   BIT              NOT NULL CONSTRAINT [DF_Organization_AllowAdminAccessToAllCollectionItems] DEFAULT (0),
    CONSTRAINT [PK_Organization] PRIMARY KEY CLUSTERED ([Id] ASC)
 );
--- a/src/Sql/dbo/Views/OrganizationUserOrganizationDetailsView.sql
+++ b/src/Sql/dbo/Views/OrganizationUserOrganizationDetailsView.sql
@ -1,4 +1,4 @@
-CREATE VIEW [dbo].[OrganizationUserOrganizationDetailsView]
+CREATE VIEW [dbo].[OrganizationUserOrganizationDetailsView]
 AS
 SELECT
    OU.[UserId],
@ -46,7 +46,9 @@ SELECT
    O.[UsePasswordManager],
    O.[SmSeats],
    O.[SmServiceAccounts],
-    O.[LimitCollectionCreationDeletion],
+    O.[LimitCollectionCreationDeletion], -- Deprecated https://bitwarden.atlassian.net/browse/PM-10863
+    O.[LimitCollectionCreation],
+    O.[LimitCollectionDeletion],
    O.[AllowAdminAccessToAllCollectionItems]
 FROM
    [dbo].[OrganizationUser] OU
--- a/src/Sql/dbo/Views/ProviderUserProviderOrganizationDetailsView.sql
+++ b/src/Sql/dbo/Views/ProviderUserProviderOrganizationDetailsView.sql
@ -1,4 +1,4 @@
-CREATE VIEW [dbo].[ProviderUserProviderOrganizationDetailsView]
+CREATE VIEW [dbo].[ProviderUserProviderOrganizationDetailsView]
 AS
 SELECT
    PU.[UserId],
@ -32,7 +32,9 @@ SELECT
    PU.[Id] ProviderUserId,
    P.[Name] ProviderName,
    O.[PlanType],
-    O.[LimitCollectionCreationDeletion],
+    O.[LimitCollectionCreationDeletion], -- Deprecated https://bitwarden.atlassian.net/browse/PM-10863
+    O.[LimitCollectionCreation],
+    O.[LimitCollectionDeletion],
    O.[AllowAdminAccessToAllCollectionItems]
 FROM
    [dbo].[ProviderUser] PU