[Policy] Personal Ownership (#1013)

* Initial commit of disable personal vault policy * Added new sproc // updated policy check (was missing conditionals) * Updated DeMorgan's law logic
2025-06-30 15:42:48 -05:00 · 2020-12-11 10:45:26 -06:00
parent fee5c932db
commit 70f5fd5030
12 changed files with 103 additions and 0 deletions
--- a/src/Core/Services/Implementations/CipherService.cs
+++ b/src/Core/Services/Implementations/CipherService.cs
@ -27,6 +27,7 @@ namespace Bit.Core.Services
        private readonly IAttachmentStorageService _attachmentStorageService;
        private readonly IEventService _eventService;
        private readonly IUserService _userService;
+        private readonly IPolicyRepository _policyRepository;
        private readonly GlobalSettings _globalSettings;

        public CipherService(
@ -41,6 +42,7 @@ namespace Bit.Core.Services
            IAttachmentStorageService attachmentStorageService,
            IEventService eventService,
            IUserService userService,
+            IPolicyRepository policyRepository,
            GlobalSettings globalSettings)
        {
            _cipherRepository = cipherRepository;
@ -54,6 +56,7 @@ namespace Bit.Core.Services
            _attachmentStorageService = attachmentStorageService;
            _eventService = eventService;
            _userService = userService;
+            _policyRepository = policyRepository;
            _globalSettings = globalSettings;
        }

@ -118,6 +121,21 @@ namespace Bit.Core.Services
                }
                else
                {
+                    // Make sure the user can save new ciphers to their personal vault
+                    var userPolicies = await _policyRepository.GetManyByUserIdAsync(savingUserId);
+                    if (userPolicies != null)
+                    {
+                        foreach (var policy in userPolicies.Where(p => p.Enabled && p.Type == PolicyType.PersonalOwnership))
+                        {
+                            var org = await _organizationUserRepository.GetDetailsByUserAsync(savingUserId, policy.OrganizationId,
+                                OrganizationUserStatusType.Confirmed);
+                            if(org != null && org.Enabled && org.UsePolicies 
+                               && org.Type != OrganizationUserType.Admin && org.Type != OrganizationUserType.Owner)
+                            {
+                                throw new BadRequestException("Due to an Enterprise Policy, you are restricted from saving items to your personal vault.");
+                            }
+                        }
+                    }
                    await _cipherRepository.CreateAsync(cipher);
                }
                await _eventService.LogCipherEventAsync(cipher, Enums.EventType.Cipher_Created);