nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 07:36:14 -05:00
Code Activity

[AC-1809] Update OrganizationAbility with Collection Management Settings (#3571)

Browse Source 
* feat: Update OrganizationAbility with LimitCollectionCreationDeletion, refs AC-1809

* feat: Update OrganizationAbility constructor usage to pass feature flag state, refs AC-1809

* feat: Update EF retrieval of org abilities to include new property from database, refs AC-1809

* feat: Update sproc to include LimitCollectionCreationDeletion property and create migration, refs AC-1809

* feat: Inject ApplicationCache into handler accessing LimitCollectionCreationDeletion, refs AC-1809

* feat: remove collection management settings from CurrentContextOrganization and update tests, refs AC-1809

* feat: add AllowAdminAccessToAllCollectionItems to OrganizationAbility pipeline, refs AC-1809

---------

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
This commit is contained in:
Vincent Salucci
2023-12-27 18:07:06 -06:00
committed by GitHub
parent 2ab35e389c
commit 71def39015
12 changed files with 257 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
test/Api.Test/Vault/AuthorizationHandlers/BulkCollectionAuthorizationHandlerTests.cs
View File

@ -6,7 +6,9 @@ using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Exceptions;
using Bit.Core.Models.Data;
using Bit.Core.Models.Data.Organizations;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.Core.Test.AutoFixture;
using Bit.Core.Test.Vault.AutoFixture;
using Bit.Test.Common.AutoFixture;
@ -31,9 +33,10 @@ public class BulkCollectionAuthorizationHandlerTests
CurrentContextOrganization organization)
{
organization.Type = userType;
organization.LimitCollectionCreationDeletion = true;
organization.Permissions = new Permissions();
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
var context = new AuthorizationHandlerContext(
new[] { BulkCollectionOperations.Create },
new ClaimsPrincipal(),
@ -41,6 +44,7 @@ public class BulkCollectionAuthorizationHandlerTests
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
await sutProvider.Sut.HandleAsync(context);
@ -56,7 +60,8 @@ public class BulkCollectionAuthorizationHandlerTests
var actingUserId = Guid.NewGuid();
organization.Type = OrganizationUserType.User;
organization.LimitCollectionCreationDeletion = false;
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, false);
var context = new AuthorizationHandlerContext(
new[] { BulkCollectionOperations.Create },
@ -65,6 +70,7 @@ public class BulkCollectionAuthorizationHandlerTests
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
await sutProvider.Sut.HandleAsync(context);
@ -83,7 +89,6 @@ public class BulkCollectionAuthorizationHandlerTests
var actingUserId = Guid.NewGuid();
organization.Type = userType;
organization.LimitCollectionCreationDeletion = true;
organization.Permissions = new Permissions
{
EditAnyCollection = false,
@ -92,6 +97,8 @@ public class BulkCollectionAuthorizationHandlerTests
ManageUsers = false
};
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
var context = new AuthorizationHandlerContext(
new[] { BulkCollectionOperations.Create },
new ClaimsPrincipal(),
@ -99,6 +106,8 @@ public class BulkCollectionAuthorizationHandlerTests
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(Arg.Any<Guid>()).Returns(false);
await sutProvider.Sut.HandleAsync(context);
@ -111,6 +120,8 @@ public class BulkCollectionAuthorizationHandlerTests
ICollection<Collection> collections,
SutProvider<BulkCollectionAuthorizationHandler> sutProvider)
{
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(collections.First().OrganizationId, true);
var context = new AuthorizationHandlerContext(
new[] { BulkCollectionOperations.Create },
new ClaimsPrincipal(),
@ -119,6 +130,8 @@ public class BulkCollectionAuthorizationHandlerTests
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
sutProvider.GetDependency<ICurrentContext>().GetOrganization(Arg.Any<Guid>()).Returns((CurrentContextOrganization)null);
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(Arg.Any<Guid>()).Returns(false);
await sutProvider.Sut.HandleAsync(context);
Assert.False(context.HasSucceeded);
@ -134,7 +147,6 @@ public class BulkCollectionAuthorizationHandlerTests
CurrentContextOrganization organization)
{
organization.Type = userType;
organization.LimitCollectionCreationDeletion = true;
organization.Permissions = new Permissions();
var operationsToTest = new[]
@ -217,7 +229,6 @@ public class BulkCollectionAuthorizationHandlerTests
}
organization.Type = OrganizationUserType.User;
organization.LimitCollectionCreationDeletion = false;
organization.Permissions = new Permissions();
var operationsToTest = new[]
@ -254,7 +265,6 @@ public class BulkCollectionAuthorizationHandlerTests
var actingUserId = Guid.NewGuid();
organization.Type = OrganizationUserType.User;
organization.LimitCollectionCreationDeletion = false;
organization.Permissions = new Permissions();
var operationsToTest = new[]
@ -293,7 +303,6 @@ public class BulkCollectionAuthorizationHandlerTests
var actingUserId = Guid.NewGuid();
organization.Type = userType;
organization.LimitCollectionCreationDeletion = true;
organization.Permissions = new Permissions
{
EditAnyCollection = false,
@ -367,7 +376,6 @@ public class BulkCollectionAuthorizationHandlerTests
CurrentContextOrganization organization)
{
organization.Type = userType;
organization.LimitCollectionCreationDeletion = true;
organization.Permissions = new Permissions();
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
@ -431,7 +439,6 @@ public class BulkCollectionAuthorizationHandlerTests
}
organization.Type = OrganizationUserType.User;
organization.LimitCollectionCreationDeletion = false;
organization.Permissions = new Permissions();
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
@ -462,7 +469,6 @@ public class BulkCollectionAuthorizationHandlerTests
}
organization.Type = OrganizationUserType.User;
organization.LimitCollectionCreationDeletion = false;
organization.Permissions = new Permissions();
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
@ -491,7 +497,6 @@ public class BulkCollectionAuthorizationHandlerTests
var actingUserId = Guid.NewGuid();
organization.Type = userType;
organization.LimitCollectionCreationDeletion = true;
organization.Permissions = new Permissions
{
EditAnyCollection = false,
@ -543,7 +548,6 @@ public class BulkCollectionAuthorizationHandlerTests
CurrentContextOrganization organization)
{
organization.Type = userType;
organization.LimitCollectionCreationDeletion = true;
organization.Permissions = new Permissions();
var operationsToTest = new[]
@ -661,7 +665,6 @@ public class BulkCollectionAuthorizationHandlerTests
var actingUserId = Guid.NewGuid();
organization.Type = userType;
organization.LimitCollectionCreationDeletion = false;
organization.Permissions = new Permissions
{
EditAnyCollection = false,
@ -742,9 +745,10 @@ public class BulkCollectionAuthorizationHandlerTests
CurrentContextOrganization organization)
{
organization.Type = userType;
organization.LimitCollectionCreationDeletion = true;
organization.Permissions = new Permissions();
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
var context = new AuthorizationHandlerContext(
new[] { BulkCollectionOperations.Delete },
new ClaimsPrincipal(),
@ -752,6 +756,8 @@ public class BulkCollectionAuthorizationHandlerTests
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync()
.Returns(organizationAbilities);
await sutProvider.Sut.HandleAsync(context);
@ -767,12 +773,13 @@ public class BulkCollectionAuthorizationHandlerTests
var actingUserId = Guid.NewGuid();
organization.Type = OrganizationUserType.Custom;
organization.LimitCollectionCreationDeletion = false;
organization.Permissions = new Permissions
{
DeleteAnyCollection = true
};
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
var context = new AuthorizationHandlerContext(
new[] { BulkCollectionOperations.Delete },
new ClaimsPrincipal(),
@ -780,6 +787,8 @@ public class BulkCollectionAuthorizationHandlerTests
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync()
.Returns(organizationAbilities);
await sutProvider.Sut.HandleAsync(context);
@ -797,9 +806,13 @@ public class BulkCollectionAuthorizationHandlerTests
organization.Type = OrganizationUserType.User;
organization.Permissions = new Permissions();
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, false);
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
sutProvider.GetDependency<ICollectionRepository>().GetManyByUserIdAsync(actingUserId, Arg.Any<bool>()).Returns(collections);
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync()
.Returns(organizationAbilities);
foreach (var c in collections)
{
@ -828,7 +841,6 @@ public class BulkCollectionAuthorizationHandlerTests
var actingUserId = Guid.NewGuid();
organization.Type = userType;
organization.LimitCollectionCreationDeletion = true;
organization.Permissions = new Permissions
{
EditAnyCollection = false,
@ -837,6 +849,8 @@ public class BulkCollectionAuthorizationHandlerTests
ManageUsers = false
};
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
var context = new AuthorizationHandlerContext(
new[] { BulkCollectionOperations.Delete },
new ClaimsPrincipal(),
@ -844,6 +858,9 @@ public class BulkCollectionAuthorizationHandlerTests
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync()
.Returns(organizationAbilities);
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(Arg.Any<Guid>()).Returns(false);
await sutProvider.Sut.HandleAsync(context);
@ -864,6 +881,7 @@ public class BulkCollectionAuthorizationHandlerTests
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
sutProvider.GetDependency<ICurrentContext>().GetOrganization(Arg.Any<Guid>()).Returns((CurrentContextOrganization)null);
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(Arg.Any<Guid>()).Returns(false);
await sutProvider.Sut.HandleAsync(context);
Assert.False(context.HasSucceeded);
@ -919,6 +937,16 @@ public class BulkCollectionAuthorizationHandlerTests
var actingUserId = Guid.NewGuid();
var orgId = collections.First().OrganizationId;
var organizationAbilities = new Dictionary<Guid, OrganizationAbility>
{
{ collections.First().OrganizationId,
new OrganizationAbility
{
LimitCollectionCreationDeletion = true
}
}
};
var operationsToTest = new[]
{
BulkCollectionOperations.Create,
@ -933,6 +961,8 @@ public class BulkCollectionAuthorizationHandlerTests
{
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
sutProvider.GetDependency<ICurrentContext>().GetOrganization(orgId).Returns((CurrentContextOrganization)null);
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync()
.Returns(organizationAbilities);
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(Arg.Any<Guid>()).Returns(true);
var context = new AuthorizationHandlerContext(
@ -950,4 +980,18 @@ public class BulkCollectionAuthorizationHandlerTests
sutProvider.Recreate();
}
}
private static Dictionary<Guid, OrganizationAbility> ArrangeOrganizationAbilitiesDictionary(Guid orgId,
bool limitCollectionCreationDeletion)
{
return new Dictionary<Guid, OrganizationAbility>
{
{ orgId,
new OrganizationAbility
{
LimitCollectionCreationDeletion = limitCollectionCreationDeletion
}
}
};
}
}