mirror of
https://github.com/bitwarden/server.git
synced 2025-07-18 16:11:28 -05:00
[PM-20633] rename personal ownership (#5978)
* rename personal ownership * rename enums, files, tests
This commit is contained in:
Brandon Treston
@ -7,7 +7,7 @@ public enum PolicyType : byte
|
||||
PasswordGenerator = 2,
|
||||
SingleOrg = 3,
|
||||
RequireSso = 4,
|
||||
PersonalOwnership = 5,
|
||||
OrganizationDataOwnership = 5,
|
||||
DisableSend = 6,
|
||||
SendOptions = 7,
|
||||
ResetPassword = 8,
|
||||
@ -35,7 +35,7 @@ public static class PolicyTypeExtensions
|
||||
PolicyType.PasswordGenerator => "Password generator",
|
||||
PolicyType.SingleOrg => "Single organization",
|
||||
PolicyType.RequireSso => "Require single sign-on authentication",
|
||||
PolicyType.PersonalOwnership => "Remove individual vault",
|
||||
PolicyType.OrganizationDataOwnership => "Enforce organization data ownership",
|
||||
PolicyType.DisableSend => "Remove Send",
|
||||
PolicyType.SendOptions => "Send options",
|
||||
PolicyType.ResetPassword => "Account recovery administration",
|
||||
|
||||
@ -223,7 +223,7 @@ public class ConfirmOrganizationUserCommand : IConfirmOrganizationUserCommand
|
||||
|
||||
private async Task HandleConfirmationSideEffectsAsync(Guid organizationId, OrganizationUser organizationUser, string defaultUserCollectionName)
|
||||
{
|
||||
// Create DefaultUserCollection type collection for the user if the PersonalOwnership policy is enabled for the organization
|
||||
// Create DefaultUserCollection type collection for the user if the OrganizationDataOwnership policy is enabled for the organization
|
||||
var requiresDefaultCollection = await OrganizationRequiresDefaultCollectionAsync(organizationId, organizationUser.UserId.Value, defaultUserCollectionName);
|
||||
if (requiresDefaultCollection)
|
||||
{
|
||||
@ -244,8 +244,8 @@ public class ConfirmOrganizationUserCommand : IConfirmOrganizationUserCommand
|
||||
return false;
|
||||
}
|
||||
|
||||
var personalOwnershipRequirement = await _policyRequirementQuery.GetAsync<PersonalOwnershipPolicyRequirement>(userId);
|
||||
return personalOwnershipRequirement.RequiresDefaultCollection(organizationId);
|
||||
var organizationDataOwnershipRequirement = await _policyRequirementQuery.GetAsync<OrganizationDataOwnershipPolicyRequirement>(userId);
|
||||
return organizationDataOwnershipRequirement.RequiresDefaultCollection(organizationId);
|
||||
}
|
||||
|
||||
private async Task CreateDefaultCollectionAsync(Guid organizationId, Guid organizationUserId, string defaultCollectionName)
|
||||
|
||||
@ -0,0 +1,72 @@
|
||||
using Bit.Core.AdminConsole.Enums;
|
||||
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
|
||||
|
||||
namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
|
||||
|
||||
/// <summary>
|
||||
/// Represents the Organization Data Ownership policy state.
|
||||
/// </summary>
|
||||
public enum OrganizationDataOwnershipState
|
||||
{
|
||||
/// <summary>
|
||||
/// Organization Data Ownership is enforced- members are required to save items to an organization.
|
||||
/// </summary>
|
||||
Enabled = 1,
|
||||
|
||||
/// <summary>
|
||||
/// Organization Data Ownership is not enforced- users can save items to their personal vault.
|
||||
/// </summary>
|
||||
Disabled = 2
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Policy requirements for the Organization data ownership policy
|
||||
/// </summary>
|
||||
public class OrganizationDataOwnershipPolicyRequirement : IPolicyRequirement
|
||||
{
|
||||
private readonly IEnumerable<Guid> _organizationIdsWithPolicyEnabled;
|
||||
|
||||
/// <param name="organizationDataOwnershipState">
|
||||
/// The organization data ownership state for the user.
|
||||
/// </param>
|
||||
/// <param name="organizationIdsWithPolicyEnabled">
|
||||
/// The collection of Organization IDs that have the Organization Data Ownership policy enabled.
|
||||
/// </param>
|
||||
public OrganizationDataOwnershipPolicyRequirement(
|
||||
OrganizationDataOwnershipState organizationDataOwnershipState,
|
||||
IEnumerable<Guid> organizationIdsWithPolicyEnabled)
|
||||
{
|
||||
_organizationIdsWithPolicyEnabled = organizationIdsWithPolicyEnabled ?? [];
|
||||
State = organizationDataOwnershipState;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// The Organization data ownership policy state for the user.
|
||||
/// </summary>
|
||||
public OrganizationDataOwnershipState State { get; }
|
||||
|
||||
/// <summary>
|
||||
/// Returns true if the Organization Data Ownership policy is enforced in that organization.
|
||||
/// </summary>
|
||||
public bool RequiresDefaultCollection(Guid organizationId)
|
||||
{
|
||||
return _organizationIdsWithPolicyEnabled.Contains(organizationId);
|
||||
}
|
||||
}
|
||||
|
||||
public class OrganizationDataOwnershipPolicyRequirementFactory : BasePolicyRequirementFactory<OrganizationDataOwnershipPolicyRequirement>
|
||||
{
|
||||
public override PolicyType PolicyType => PolicyType.OrganizationDataOwnership;
|
||||
|
||||
public override OrganizationDataOwnershipPolicyRequirement Create(IEnumerable<PolicyDetails> policyDetails)
|
||||
{
|
||||
var organizationDataOwnershipState = policyDetails.Any()
|
||||
? OrganizationDataOwnershipState.Enabled
|
||||
: OrganizationDataOwnershipState.Disabled;
|
||||
var organizationIdsWithPolicyEnabled = policyDetails.Select(p => p.OrganizationId).ToHashSet();
|
||||
|
||||
return new OrganizationDataOwnershipPolicyRequirement(
|
||||
organizationDataOwnershipState,
|
||||
organizationIdsWithPolicyEnabled);
|
||||
}
|
||||
}
|
||||
@ -1,72 +0,0 @@
|
||||
using Bit.Core.AdminConsole.Enums;
|
||||
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
|
||||
|
||||
namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
|
||||
|
||||
/// <summary>
|
||||
/// Represents the personal ownership policy state.
|
||||
/// </summary>
|
||||
public enum PersonalOwnershipState
|
||||
{
|
||||
/// <summary>
|
||||
/// Personal ownership is allowed - users can save items to their personal vault.
|
||||
/// </summary>
|
||||
Allowed,
|
||||
|
||||
/// <summary>
|
||||
/// Personal ownership is restricted - members are required to save items to an organization.
|
||||
/// </summary>
|
||||
Restricted
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Policy requirements for the Disable Personal Ownership policy.
|
||||
/// </summary>
|
||||
public class PersonalOwnershipPolicyRequirement : IPolicyRequirement
|
||||
{
|
||||
private readonly IEnumerable<Guid> _organizationIdsWithPolicyEnabled;
|
||||
|
||||
/// <param name="personalOwnershipState">
|
||||
/// The personal ownership state for the user.
|
||||
/// </param>
|
||||
/// <param name="organizationIdsWithPolicyEnabled">
|
||||
/// The collection of Organization IDs that have the Disable Personal Ownership policy enabled.
|
||||
/// </param>
|
||||
public PersonalOwnershipPolicyRequirement(
|
||||
PersonalOwnershipState personalOwnershipState,
|
||||
IEnumerable<Guid> organizationIdsWithPolicyEnabled)
|
||||
{
|
||||
_organizationIdsWithPolicyEnabled = organizationIdsWithPolicyEnabled ?? [];
|
||||
State = personalOwnershipState;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// The personal ownership policy state for the user.
|
||||
/// </summary>
|
||||
public PersonalOwnershipState State { get; }
|
||||
|
||||
/// <summary>
|
||||
/// Returns true if the Disable Personal Ownership policy is enforced in that organization.
|
||||
/// </summary>
|
||||
public bool RequiresDefaultCollection(Guid organizationId)
|
||||
{
|
||||
return _organizationIdsWithPolicyEnabled.Contains(organizationId);
|
||||
}
|
||||
}
|
||||
|
||||
public class PersonalOwnershipPolicyRequirementFactory : BasePolicyRequirementFactory<PersonalOwnershipPolicyRequirement>
|
||||
{
|
||||
public override PolicyType PolicyType => PolicyType.PersonalOwnership;
|
||||
|
||||
public override PersonalOwnershipPolicyRequirement Create(IEnumerable<PolicyDetails> policyDetails)
|
||||
{
|
||||
var personalOwnershipState = policyDetails.Any()
|
||||
? PersonalOwnershipState.Restricted
|
||||
: PersonalOwnershipState.Allowed;
|
||||
var organizationIdsWithPolicyEnabled = policyDetails.Select(p => p.OrganizationId).ToHashSet();
|
||||
|
||||
return new PersonalOwnershipPolicyRequirement(
|
||||
personalOwnershipState,
|
||||
organizationIdsWithPolicyEnabled);
|
||||
}
|
||||
}
|
||||
@ -34,7 +34,7 @@ public static class PolicyServiceCollectionExtensions
|
||||
services.AddScoped<IPolicyRequirementFactory<IPolicyRequirement>, DisableSendPolicyRequirementFactory>();
|
||||
services.AddScoped<IPolicyRequirementFactory<IPolicyRequirement>, SendOptionsPolicyRequirementFactory>();
|
||||
services.AddScoped<IPolicyRequirementFactory<IPolicyRequirement>, ResetPasswordPolicyRequirementFactory>();
|
||||
services.AddScoped<IPolicyRequirementFactory<IPolicyRequirement>, PersonalOwnershipPolicyRequirementFactory>();
|
||||
services.AddScoped<IPolicyRequirementFactory<IPolicyRequirement>, OrganizationDataOwnershipPolicyRequirementFactory>();
|
||||
services.AddScoped<IPolicyRequirementFactory<IPolicyRequirement>, RequireSsoPolicyRequirementFactory>();
|
||||
services.AddScoped<IPolicyRequirementFactory<IPolicyRequirement>, RequireTwoFactorPolicyRequirementFactory>();
|
||||
}
|
||||
|
||||
@ -55,11 +55,11 @@ public class ImportCiphersCommand : IImportCiphersCommand
|
||||
Guid importingUserId)
|
||||
{
|
||||
// Make sure the user can save new ciphers to their personal vault
|
||||
var isPersonalVaultRestricted = _featureService.IsEnabled(FeatureFlagKeys.PolicyRequirements)
|
||||
? (await _policyRequirementQuery.GetAsync<PersonalOwnershipPolicyRequirement>(importingUserId)).State == PersonalOwnershipState.Restricted
|
||||
: await _policyService.AnyPoliciesApplicableToUserAsync(importingUserId, PolicyType.PersonalOwnership);
|
||||
var organizationDataOwnershipEnabled = _featureService.IsEnabled(FeatureFlagKeys.PolicyRequirements)
|
||||
? (await _policyRequirementQuery.GetAsync<OrganizationDataOwnershipPolicyRequirement>(importingUserId)).State == OrganizationDataOwnershipState.Enabled
|
||||
: await _policyService.AnyPoliciesApplicableToUserAsync(importingUserId, PolicyType.OrganizationDataOwnership);
|
||||
|
||||
if (isPersonalVaultRestricted)
|
||||
if (organizationDataOwnershipEnabled)
|
||||
{
|
||||
throw new BadRequestException("You cannot import items into your personal vault because you are " +
|
||||
"a member of an organization which forbids it.");
|
||||
|
||||
@ -142,11 +142,11 @@ public class CipherService : ICipherService
|
||||
}
|
||||
else
|
||||
{
|
||||
var isPersonalVaultRestricted = _featureService.IsEnabled(FeatureFlagKeys.PolicyRequirements)
|
||||
? (await _policyRequirementQuery.GetAsync<PersonalOwnershipPolicyRequirement>(savingUserId)).State == PersonalOwnershipState.Restricted
|
||||
: await _policyService.AnyPoliciesApplicableToUserAsync(savingUserId, PolicyType.PersonalOwnership);
|
||||
var organizationDataOwnershipEnabled = _featureService.IsEnabled(FeatureFlagKeys.PolicyRequirements)
|
||||
? (await _policyRequirementQuery.GetAsync<OrganizationDataOwnershipPolicyRequirement>(savingUserId)).State == OrganizationDataOwnershipState.Enabled
|
||||
: await _policyService.AnyPoliciesApplicableToUserAsync(savingUserId, PolicyType.OrganizationDataOwnership);
|
||||
|
||||
if (isPersonalVaultRestricted)
|
||||
if (organizationDataOwnershipEnabled)
|
||||
{
|
||||
throw new BadRequestException("Due to an Enterprise Policy, you are restricted from saving items to your personal vault.");
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user