[SM-771] Add new endpoint for bulk enabling users for Secrets Manager (#3020)

* Add new endpoint for bulk enabling users for sm * Review updates
2025-06-30 23:52:50 -05:00 · 2023-06-29 11:42:44 -05:00
parent 481004394f
commit 74ab7e8672
5 changed files with 163 additions and 0 deletions
--- a/src/Api/Controllers/OrganizationUsersController.cs
+++ b/src/Api/Controllers/OrganizationUsersController.cs
@ -9,6 +9,7 @@ using Bit.Core.Models.Business;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Models.Data.Organizations.Policies;
 using Bit.Core.Repositories;
+using Bit.Core.SecretsManager.Commands.EnableAccessSecretsManager.Interfaces;
 using Bit.Core.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
@ -19,6 +20,7 @@ namespace Bit.Api.Controllers;
 [Authorize("Application")]
 public class OrganizationUsersController : Controller
 {
+    private readonly IEnableAccessSecretsManagerCommand _enableAccessSecretsManagerCommand;
    private readonly IOrganizationRepository _organizationRepository;
    private readonly IOrganizationUserRepository _organizationUserRepository;
    private readonly IOrganizationService _organizationService;
@ -29,6 +31,7 @@ public class OrganizationUsersController : Controller
    private readonly ICurrentContext _currentContext;

    public OrganizationUsersController(
+        IEnableAccessSecretsManagerCommand enableAccessSecretsManagerCommand,
        IOrganizationRepository organizationRepository,
        IOrganizationUserRepository organizationUserRepository,
        IOrganizationService organizationService,
@ -38,6 +41,7 @@ public class OrganizationUsersController : Controller
        IPolicyRepository policyRepository,
        ICurrentContext currentContext)
    {
+        _enableAccessSecretsManagerCommand = enableAccessSecretsManagerCommand;
        _organizationRepository = organizationRepository;
        _organizationUserRepository = organizationUserRepository;
        _organizationService = organizationService;
@ -420,6 +424,29 @@ public class OrganizationUsersController : Controller
        return await RestoreOrRevokeUsersAsync(orgId, model, (orgId, orgUserIds, restoringUserId) => _organizationService.RestoreUsersAsync(orgId, orgUserIds, restoringUserId, _userService));
    }

+    [HttpPatch("enable-secrets-manager")]
+    [HttpPut("enable-secrets-manager")]
+    public async Task<ListResponseModel<OrganizationUserBulkResponseModel>> BulkEnableSecretsManagerAsync(Guid orgId,
+        [FromBody] OrganizationUserBulkRequestModel model)
+    {
+        if (!await _currentContext.ManageUsers(orgId))
+        {
+            throw new NotFoundException();
+        }
+
+        var orgUsers = (await _organizationUserRepository.GetManyAsync(model.Ids))
+            .Where(ou => ou.OrganizationId == orgId).ToList();
+        if (orgUsers.Count == 0)
+        {
+            throw new BadRequestException("Users invalid.");
+        }
+
+        var results = await _enableAccessSecretsManagerCommand.EnableUsersAsync(orgUsers);
+
+        return new ListResponseModel<OrganizationUserBulkResponseModel>(results.Select(r =>
+            new OrganizationUserBulkResponseModel(r.organizationUser.Id, r.error)));
+    }
+
    private async Task RestoreOrRevokeUserAsync(
        Guid orgId,
        Guid id,