[PM-11360] Remove export permission for providers (#5051)

- also fix managed collections export from CLI
2025-07-01 08:02:49 -05:00 · 2024-12-06 08:07:04 +10:00
parent 1f1510f4d4
commit 6a9b7ece2b
13 changed files with 428 additions and 2 deletions
--- a/test/Core.Test/AdminConsole/Helpers/AuthorizationHelpers.cs
+++ b/test/Core.Test/AdminConsole/Helpers/AuthorizationHelpers.cs
@ -0,0 +1,52 @@
+using Bit.Core.Context;
+using Bit.Core.Enums;
+using Bit.Core.Models.Data;
+
+namespace Bit.Core.Test.AdminConsole.Helpers;
+
+public static class AuthorizationHelpers
+{
+    /// <summary>
+    /// Return a new Permission object with inverted permissions.
+    /// This is useful to test negative cases, e.g. "all other permissions should fail".
+    /// </summary>
+    /// <param name="permissions"></param>
+    /// <returns></returns>
+    public static Permissions Invert(this Permissions permissions)
+    {
+        // Get all false boolean properties of input object
+        var inputsToFlip = permissions
+            .GetType()
+            .GetProperties()
+            .Where(p =>
+                p.PropertyType == typeof(bool) &&
+                (bool)p.GetValue(permissions, null)! == false)
+            .Select(p => p.Name);
+
+        var result = new Permissions();
+
+        // Set these to true on the result object
+        result
+            .GetType()
+            .GetProperties()
+            .Where(p => inputsToFlip.Contains(p.Name))
+            .ToList()
+            .ForEach(p => p.SetValue(result, true));
+
+        return result;
+    }
+
+    /// <summary>
+    /// Returns a sequence of all possible roles and permissions represented as CurrentContextOrganization objects.
+    /// Used largely for authorization testing.
+    /// </summary>
+    /// <returns></returns>
+    public static IEnumerable<CurrentContextOrganization> AllRoles() => new List<CurrentContextOrganization>
+    {
+        new () { Type = OrganizationUserType.Owner },
+        new () { Type = OrganizationUserType.Admin },
+        new () { Type = OrganizationUserType.Custom, Permissions = new Permissions() },
+        new () { Type = OrganizationUserType.Custom, Permissions = new Permissions().Invert() },
+        new () { Type = OrganizationUserType.User },
+    };
+}
--- a/test/Core.Test/AdminConsole/Helpers/AuthorizationHelpersTests.cs
+++ b/test/Core.Test/AdminConsole/Helpers/AuthorizationHelpersTests.cs
@ -0,0 +1,38 @@
+using Bit.Core.Models.Data;
+using Xunit;
+
+namespace Bit.Core.Test.AdminConsole.Helpers;
+
+public class AuthorizationHelpersTests
+{
+    [Fact]
+    public void Permissions_Invert_InvertsAllPermissions()
+    {
+        var sut = new Permissions
+        {
+            AccessEventLogs = true,
+            AccessReports = true,
+            DeleteAnyCollection = true,
+            ManagePolicies = true,
+            ManageScim = true
+        };
+
+        var result = sut.Invert();
+
+        Assert.True(result is
+        {
+            AccessEventLogs: false,
+            AccessImportExport: true,
+            AccessReports: false,
+            CreateNewCollections: true,
+            EditAnyCollection: true,
+            DeleteAnyCollection: false,
+            ManageGroups: true,
+            ManagePolicies: false,
+            ManageSso: true,
+            ManageUsers: true,
+            ManageResetPassword: true,
+            ManageScim: false
+        });
+    }
+}