Delayed the hasSecretsManagerStandalone call as long as possible.

2025-07-19 08:30:59 -05:00 · 2025-04-01 14:35:04 -05:00
parent 2656ccf314
commit 739bc65e87
5 changed files with 45 additions and 13 deletions
--- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/Models/InviteUserOrganizationValidationRequest.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/Models/InviteUserOrganizationValidationRequest.cs
@ -6,9 +6,11 @@ namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUse

 public class InviteUserOrganizationValidationRequest
 {
-    public InviteUserOrganizationValidationRequest() { }
+    public InviteUserOrganizationValidationRequest()
+    {
+    }

-    public InviteUserOrganizationValidationRequest(InviteUserOrganizationValidationRequest request, PasswordManagerSubscriptionUpdate subscriptionUpdate, SecretsManagerSubscriptionUpdate smSubscriptionUpdate)
+    public InviteUserOrganizationValidationRequest(InviteUserOrganizationValidationRequest request)
    {
        Invites = request.Invites;
        InviteOrganization = request.InviteOrganization;
@ -16,6 +18,13 @@ public class InviteUserOrganizationValidationRequest
        PerformedAt = request.PerformedAt;
        OccupiedPmSeats = request.OccupiedPmSeats;
        OccupiedSmSeats = request.OccupiedSmSeats;
+    }
+
+    public InviteUserOrganizationValidationRequest(InviteUserOrganizationValidationRequest request,
+        PasswordManagerSubscriptionUpdate subscriptionUpdate,
+        SecretsManagerSubscriptionUpdate smSubscriptionUpdate)
+        : this(request)
+    {
        PasswordManagerSubscriptionUpdate = subscriptionUpdate;
        SecretsManagerSubscriptionUpdate = smSubscriptionUpdate;
    }
--- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/Models/OrganizationUserInvite.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/Models/OrganizationUserInvite.cs
@ -17,7 +17,7 @@ public class OrganizationUserInvite
    public bool AccessSecretsManager { get; private init; }
    public Guid[] Groups { get; private init; }

-    public OrganizationUserInvite(string email, string externalId, bool accessSecretsManager) :
+    public OrganizationUserInvite(string email, string externalId) :
        this(
            email: email,
            assignedCollections: [],
@ -25,10 +25,22 @@ public class OrganizationUserInvite
            type: OrganizationUserType.User,
            permissions: new Permissions(),
            externalId: externalId,
-            accessSecretsManager: accessSecretsManager)
+            false)
    {
    }

+    public OrganizationUserInvite(OrganizationUserInvite invite, bool accessSecretsManager) :
+        this(invite.Email,
+            invite.AssignedCollections,
+            invite.Groups,
+            invite.Type,
+            invite.Permissions,
+            invite.ExternalId,
+            accessSecretsManager)
+    {
+
+    }
+
    public OrganizationUserInvite(string email,
        IEnumerable<CollectionAccessSelection> assignedCollections,
        IEnumerable<Guid> groups,
--- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/Validation/InviteOrganizationUserValidator.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/Validation/InviteOrganizationUserValidator.cs
@ -6,6 +6,9 @@ using Bit.Core.AdminConsole.Shared.Validation;
 using Bit.Core.Models.Business;
 using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface;
 using Bit.Core.Repositories;
+using Bit.Core.Services;
+using OrganizationUserInvite = Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Models.OrganizationUserInvite;
+
 namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Validation;

 public interface IInviteUsersValidator : IValidator<InviteUserOrganizationValidationRequest>;
@ -13,7 +16,8 @@ public interface IInviteUsersValidator : IValidator<InviteUserOrganizationValida
 public class InviteUsersValidator(
    IOrganizationRepository organizationRepository,
    IInviteUsersPasswordManagerValidator inviteUsersPasswordManagerValidator,
-    IUpdateSecretsManagerSubscriptionCommand secretsManagerSubscriptionCommand) : IInviteUsersValidator
+    IUpdateSecretsManagerSubscriptionCommand secretsManagerSubscriptionCommand,
+    IPaymentService paymentService) : IInviteUsersValidator
 {
    public async Task<ValidationResult<InviteUserOrganizationValidationRequest>> ValidateAsync(InviteUserOrganizationValidationRequest request)
    {
@ -26,6 +30,18 @@ public class InviteUsersValidator(
            return invalidSubscriptionUpdate.Map(request);
        }

+        // If the organization has the Secrets Manager Standalone Discount, all users are added to secrets manager.
+        // This is an expensive call, so we're doing it now to delay the check as long as possible.
+        if (await paymentService.HasSecretsManagerStandalone(request.InviteOrganization))
+        {
+            request = new InviteUserOrganizationValidationRequest(request)
+            {
+                Invites = request.Invites
+                    .Select(x => new OrganizationUserInvite(x, accessSecretsManager: true))
+                    .ToArray()
+            };
+        }
+
        if (request.InviteOrganization.UseSecretsManager && request.Invites.Any(x => x.AccessSecretsManager))
        {
            return await ValidateSecretsManagerSubscriptionUpdateAsync(request, subscriptionUpdate);