[SM-771] Add new endpoint for bulk enabling users for Secrets Manager (#3020)

* Add new endpoint for bulk enabling users for sm * Review updates
2025-06-30 15:42:48 -05:00 · 2023-06-29 11:42:44 -05:00
parent 481004394f
commit 74ab7e8672
5 changed files with 163 additions and 0 deletions
--- a/src/Core/OrganizationFeatures/OrganizationServiceCollectionExtensions.cs
+++ b/src/Core/OrganizationFeatures/OrganizationServiceCollectionExtensions.cs
@ -15,6 +15,8 @@ using Bit.Core.OrganizationFeatures.OrganizationSponsorships.FamiliesForEnterpri
 using Bit.Core.OrganizationFeatures.OrganizationSponsorships.FamiliesForEnterprise.Cloud;
 using Bit.Core.OrganizationFeatures.OrganizationSponsorships.FamiliesForEnterprise.Interfaces;
 using Bit.Core.OrganizationFeatures.OrganizationSponsorships.FamiliesForEnterprise.SelfHosted;
+using Bit.Core.SecretsManager.Commands.EnableAccessSecretsManager;
+using Bit.Core.SecretsManager.Commands.EnableAccessSecretsManager.Interfaces;
 using Bit.Core.Services;
 using Bit.Core.Settings;
 using Bit.Core.Tokens;
@ -29,6 +31,7 @@ public static class OrganizationServiceCollectionExtensions
    public static void AddOrganizationServices(this IServiceCollection services, IGlobalSettings globalSettings)
    {
        services.AddScoped<IOrganizationService, OrganizationService>();
+        services.AddScoped<IEnableAccessSecretsManagerCommand, EnableAccessSecretsManagerCommand>();
        services.AddTokenizers();
        services.AddOrganizationGroupCommands();
        services.AddOrganizationConnectionCommands();
--- a/src/Core/SecretsManager/Commands/EnableAccessSecretsManager/EnableAccessSecretsManagerCommand.cs
+++ b/src/Core/SecretsManager/Commands/EnableAccessSecretsManager/EnableAccessSecretsManagerCommand.cs
@ -0,0 +1,43 @@
+using Bit.Core.Entities;
+using Bit.Core.Repositories;
+using Bit.Core.SecretsManager.Commands.EnableAccessSecretsManager.Interfaces;
+
+namespace Bit.Core.SecretsManager.Commands.EnableAccessSecretsManager;
+
+public class EnableAccessSecretsManagerCommand : IEnableAccessSecretsManagerCommand
+{
+    private readonly IOrganizationUserRepository _organizationUserRepository;
+
+    public EnableAccessSecretsManagerCommand(IOrganizationUserRepository organizationUserRepository)
+    {
+        _organizationUserRepository = organizationUserRepository;
+    }
+
+    public async Task<List<(OrganizationUser organizationUser, string error)>> EnableUsersAsync(
+        IEnumerable<OrganizationUser> organizationUsers)
+    {
+        var results = new List<(OrganizationUser organizationUser, string error)>();
+        var usersToEnable = new List<OrganizationUser>();
+
+        foreach (var orgUser in organizationUsers)
+        {
+            if (orgUser.AccessSecretsManager)
+            {
+                results.Add((orgUser, "User already has access to Secrets Manager"));
+            }
+            else
+            {
+                orgUser.AccessSecretsManager = true;
+                usersToEnable.Add(orgUser);
+                results.Add((orgUser, ""));
+            }
+        }
+
+        if (usersToEnable.Any())
+        {
+            await _organizationUserRepository.ReplaceManyAsync(usersToEnable);
+        }
+
+        return results;
+    }
+}
--- a/src/Core/SecretsManager/Commands/EnableAccessSecretsManager/Interfaces/IEnableAccessSecretsManagerCommand.cs
+++ b/src/Core/SecretsManager/Commands/EnableAccessSecretsManager/Interfaces/IEnableAccessSecretsManagerCommand.cs
@ -0,0 +1,9 @@
+using Bit.Core.Entities;
+
+namespace Bit.Core.SecretsManager.Commands.EnableAccessSecretsManager.Interfaces;
+
+public interface IEnableAccessSecretsManagerCommand
+{
+    Task<List<(OrganizationUser organizationUser, string error)>> EnableUsersAsync(
+        IEnumerable<OrganizationUser> organizationUsers);
+}