nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-04 01:22:50 -05:00
Code Activity

[PM-10291] Remove Flexible Collections v1 flag from API (#4578)

Browse Source 
* chore: remove fc v1 from groups controller, refs PM-10291

* chore: remove fc v1 from organization users controller, refs PM-10291

* chore: remove fc v1 from organizations controller and clean up unsused imports, refs PM-10291

* chore: remove fc v1 from BulkCollectionAuthorizationHandler, refs PM-10291

* chore: remove fc v1 from CiphersCollections, refs PM-10291

* fix: unit tests related to fc v1 flag removal, refs PM-10291

* chore: update AllowAdminAccessToAllCollectionItems to take optional params, increase usage, refs PM-10291

* fix: format files, refs PM-10291

* chore: revert change to helper method, ignore double cache call, refs PM-10291
This commit is contained in:
Vincent Salucci
2024-08-08 12:26:07 -05:00
committed by GitHub
parent 8d69bb0aaa
commit 746a35a14a
8 changed files with 27 additions and 301 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
src/Api/Vault/Controllers/CiphersController.cs
View File

@ -239,37 +239,24 @@ public class CiphersController : Controller
[HttpGet("organization-details")]
public async Task<ListResponseModel<CipherMiniDetailsResponseModel>> GetOrganizationCiphers(Guid organizationId)
{
// Flexible Collections V1 Logic
if (UseFlexibleCollectionsV1())
if (!await CanAccessAllCiphersAsync(organizationId))
{
return await GetAllOrganizationCiphersAsync(organizationId);
throw new NotFoundException();
}
// Pre-Flexible Collections V1 Logic
var userId = _userService.GetProperUserId(User).Value;
var allOrganizationCiphers = await _organizationCiphersQuery.GetAllOrganizationCiphers(organizationId);
(IEnumerable<CipherOrganizationDetails> orgCiphers, Dictionary<Guid, IGrouping<Guid, CollectionCipher>> collectionCiphersGroupDict) = await _cipherService.GetOrganizationCiphers(userId, organizationId);
var allOrganizationCipherResponses =
allOrganizationCiphers.Select(c =>
new CipherMiniDetailsResponseModel(c, _globalSettings, c.OrganizationUseTotp)
);
var responses = orgCiphers.Select(c => new CipherMiniDetailsResponseModel(c, _globalSettings,
collectionCiphersGroupDict, c.OrganizationUseTotp));
var providerId = await _currentContext.ProviderIdForOrg(organizationId);
if (providerId.HasValue)
{
await _providerService.LogProviderAccessToOrganizationAsync(organizationId);
}
return new ListResponseModel<CipherMiniDetailsResponseModel>(responses);
return new ListResponseModel<CipherMiniDetailsResponseModel>(allOrganizationCipherResponses);
}
[HttpGet("organization-details/assigned")]
public async Task<ListResponseModel<CipherDetailsResponseModel>> GetAssignedOrganizationCiphers(Guid organizationId)
{
if (!UseFlexibleCollectionsV1())
{
throw new FeatureUnavailableException();
}
if (!await CanAccessOrganizationCiphersAsync(organizationId) || !_currentContext.UserId.HasValue)
{
throw new NotFoundException();
@ -293,27 +280,6 @@ public class CiphersController : Controller
return new ListResponseModel<CipherDetailsResponseModel>(responses);
}
/// <summary>
/// Returns all ciphers belonging to the organization if the user has access to All ciphers.
/// </summary>
/// <exception cref="NotFoundException"></exception>
private async Task<ListResponseModel<CipherMiniDetailsResponseModel>> GetAllOrganizationCiphersAsync(Guid organizationId)
{
if (!await CanAccessAllCiphersAsync(organizationId))
{
throw new NotFoundException();
}
var allOrganizationCiphers = await _organizationCiphersQuery.GetAllOrganizationCiphers(organizationId);
var allOrganizationCipherResponses =
allOrganizationCiphers.Select(c =>
new CipherMiniDetailsResponseModel(c, _globalSettings, c.OrganizationUseTotp)
);
return new ListResponseModel<CipherMiniDetailsResponseModel>(allOrganizationCipherResponses);
}
/// <summary>
/// Permission helper to determine if the current user can use the "/admin" variants of the cipher endpoints.
/// Allowed for custom users with EditAnyCollection, providers, unrestricted owners and admins (allowAdminAccess setting is ON).
@ -322,12 +288,6 @@ public class CiphersController : Controller
/// </summary>
private async Task<bool> CanEditCipherAsAdminAsync(Guid organizationId, IEnumerable<Guid> cipherIds)
{
// Pre-Flexible collections V1 only needs to check EditAnyCollection
if (!UseFlexibleCollectionsV1())
{
return await _currentContext.EditAnyCollection(organizationId);
}
var org = _currentContext.GetOrganization(organizationId);
// If we're not an "admin", we don't need to check the ciphers
@ -390,14 +350,6 @@ public class CiphersController : Controller
{
var org = _currentContext.GetOrganization(organizationId);
// If not using V1, owners, admins, and users with EditAnyCollection permissions, and providers can always edit all ciphers
if (!UseFlexibleCollectionsV1())
{
return org is { Type: OrganizationUserType.Owner or OrganizationUserType.Admin } or
{ Permissions.EditAnyCollection: true } ||
await _currentContext.ProviderUserForOrgAsync(organizationId);
}
// Custom users with EditAnyCollection permissions can always edit all ciphers
if (org is { Type: OrganizationUserType.Custom, Permissions.EditAnyCollection: true })
{
@ -662,7 +614,7 @@ public class CiphersController : Controller
// In V1, we still need to check if the user can edit the collections they're submitting
// This should only happen for unassigned ciphers (otherwise restricted admins would use the normal collections endpoint)
if (UseFlexibleCollectionsV1() && !await CanEditItemsInCollections(cipher.OrganizationId.Value, collectionIds))
if (!await CanEditItemsInCollections(cipher.OrganizationId.Value, collectionIds))
{
throw new NotFoundException();
}
@ -1219,9 +1171,4 @@ public class CiphersController : Controller
{
return await _cipherRepository.GetByIdAsync(cipherId, userId);
}
private bool UseFlexibleCollectionsV1()
{
return _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1);
}
}