[AC-2052] Block Manager role and AccessAll if using FlexibleCollections (#3671)

* Also don't assign AccessAll to the first orgUser if using Flexible Collections
2025-07-01 08:02:49 -05:00 · 2024-01-22 08:56:20 +10:00
parent 4b6299a055
commit 77698c3ee2
9 changed files with 291 additions and 63 deletions
--- a/src/Core/AdminConsole/OrganizationFeatures/Groups/CreateGroupCommand.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Groups/CreateGroupCommand.cs
@ -39,7 +39,7 @@ public class CreateGroupCommand : ICreateGroupCommand
        IEnumerable<CollectionAccessSelection> collections = null,
        IEnumerable<Guid> users = null)
    {
-        Validate(organization);
+        Validate(organization, group);
        await GroupRepositoryCreateGroupAsync(group, organization, collections);

        if (users != null)
@ -54,7 +54,7 @@ public class CreateGroupCommand : ICreateGroupCommand
        IEnumerable<CollectionAccessSelection> collections = null,
        IEnumerable<Guid> users = null)
    {
-        Validate(organization);
+        Validate(organization, group);
        await GroupRepositoryCreateGroupAsync(group, organization, collections);

        if (users != null)
@ -103,7 +103,7 @@ public class CreateGroupCommand : ICreateGroupCommand
        }
    }

-    private static void Validate(Organization organization)
+    private static void Validate(Organization organization, Group group)
    {
        if (organization == null)
        {
@ -114,5 +114,10 @@ public class CreateGroupCommand : ICreateGroupCommand
        {
            throw new BadRequestException("This organization cannot use groups.");
        }
+
+        if (organization.FlexibleCollections && group.AccessAll)
+        {
+            throw new BadRequestException("The AccessAll property has been deprecated by collection enhancements. Assign the group to collections instead.");
+        }
    }
 }
--- a/src/Core/AdminConsole/OrganizationFeatures/Groups/UpdateGroupCommand.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Groups/UpdateGroupCommand.cs
@ -29,7 +29,7 @@ public class UpdateGroupCommand : IUpdateGroupCommand
        IEnumerable<CollectionAccessSelection> collections = null,
        IEnumerable<Guid> userIds = null)
    {
-        Validate(organization);
+        Validate(organization, group);
        await GroupRepositoryUpdateGroupAsync(group, collections);

        if (userIds != null)
@ -44,7 +44,7 @@ public class UpdateGroupCommand : IUpdateGroupCommand
        IEnumerable<CollectionAccessSelection> collections = null,
        IEnumerable<Guid> userIds = null)
    {
-        Validate(organization);
+        Validate(organization, group);
        await GroupRepositoryUpdateGroupAsync(group, collections);

        if (userIds != null)
@ -97,7 +97,7 @@ public class UpdateGroupCommand : IUpdateGroupCommand
        }
    }

-    private static void Validate(Organization organization)
+    private static void Validate(Organization organization, Group group)
    {
        if (organization == null)
        {
@ -108,5 +108,10 @@ public class UpdateGroupCommand : IUpdateGroupCommand
        {
            throw new BadRequestException("This organization cannot use groups.");
        }
+
+        if (organization.FlexibleCollections && group.AccessAll)
+        {
+            throw new BadRequestException("The AccessAll property has been deprecated by collection enhancements. Assign the group to collections instead.");
+        }
    }
 }