[EC-92] Add organization vault export to event logs (#2128)

* Added nullable OrganizationId to EventModel * Added EventType Organization_ClientExportedVault * Updated CollectController to save the event Organization_ClientExportedVault * Added OrganizationExportResponseModel to encapsulate Organization Export data * Added OrganizationExportController to have a single endpoint for Organization vault export * Added method GetOrganizationCollections to ICollectionService to get collections for an organization * Added GetOrganizationCiphers to ICipherService to get ciphers for an organization * Updated controllers to use new methods in ICollectionService and ICipherService
2025-06-30 23:52:50 -05:00 · 2022-07-25 09:56:23 +01:00
parent f6a18db582
commit 7dfb04298d
11 changed files with 164 additions and 50 deletions
--- a/src/Api/Controllers/CiphersController.cs
+++ b/src/Api/Controllers/CiphersController.cs
@ -216,40 +216,12 @@ namespace Bit.Api.Controllers
        {
            var userId = _userService.GetProperUserId(User).Value;
            var orgIdGuid = new Guid(organizationId);
-            if (!await _currentContext.ViewAllCollections(orgIdGuid) && !await _currentContext.AccessReports(orgIdGuid))
-            {
-                throw new NotFoundException();
-            }
-
-            IEnumerable<CipherOrganizationDetails> orgCiphers;
-            if (await _currentContext.OrganizationAdmin(orgIdGuid))
-            {
-                // Admins, Owners and Providers can access all items even if not assigned to them
-                orgCiphers = await _cipherRepository.GetManyOrganizationDetailsByOrganizationIdAsync(orgIdGuid);
-            }
-            else
-            {
-                var ciphers = await _cipherRepository.GetManyByUserIdAsync(userId, true);
-                orgCiphers = ciphers.Where(c => c.OrganizationId == orgIdGuid);
-            }
-
-            var orgCipherIds = orgCiphers.Select(c => c.Id);
-
-            var collectionCiphers = await _collectionCipherRepository.GetManyByOrganizationIdAsync(orgIdGuid);
-            var collectionCiphersGroupDict = collectionCiphers
-                .Where(c => orgCipherIds.Contains(c.CipherId))
-                .GroupBy(c => c.CipherId).ToDictionary(s => s.Key);

+            (IEnumerable<CipherOrganizationDetails> orgCiphers, Dictionary<Guid, IGrouping<Guid, CollectionCipher>> collectionCiphersGroupDict) = await _cipherService.GetOrganizationCiphers(userId, orgIdGuid);

            var responses = orgCiphers.Select(c => new CipherMiniDetailsResponseModel(c, _globalSettings,
                collectionCiphersGroupDict, c.OrganizationUseTotp));

-
-            var providerId = await _currentContext.ProviderIdForOrg(orgIdGuid);
-            if (providerId.HasValue)
-            {
-                await _providerService.LogProviderAccessToOrganizationAsync(orgIdGuid);
-            }
            return new ListResponseModel<CipherMiniDetailsResponseModel>(responses);
        }

--- a/src/Api/Controllers/CollectionsController.cs
+++ b/src/Api/Controllers/CollectionsController.cs
@ -75,22 +75,7 @@ namespace Bit.Api.Controllers
        [HttpGet("")]
        public async Task<ListResponseModel<CollectionResponseModel>> Get(Guid orgId)
        {
-            if (!await _currentContext.ViewAllCollections(orgId) && !await _currentContext.ManageUsers(orgId))
-            {
-                throw new NotFoundException();
-            }
-
-            IEnumerable<Collection> orgCollections;
-            if (await _currentContext.OrganizationAdmin(orgId))
-            {
-                // Admins, Owners and Providers can access all items even if not assigned to them
-                orgCollections = await _collectionRepository.GetManyByOrganizationIdAsync(orgId);
-            }
-            else
-            {
-                var collections = await _collectionRepository.GetManyByUserIdAsync(_currentContext.UserId.Value);
-                orgCollections = collections.Where(c => c.OrganizationId == orgId);
-            }
+            IEnumerable<Collection> orgCollections = await _collectionService.GetOrganizationCollections(orgId);

            var responses = orgCollections.Select(c => new CollectionResponseModel(c));
            return new ListResponseModel<CollectionResponseModel>(responses);
--- a/src/Api/Controllers/OrganizationExportController.cs
+++ b/src/Api/Controllers/OrganizationExportController.cs
@ -0,0 +1,64 @@
+using Bit.Api.Models.Response;
+using Bit.Core.Entities;
+using Bit.Core.Services;
+using Bit.Core.Settings;
+using Core.Models.Data;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Bit.Api.Controllers
+{
+    [Route("organizations/{organizationId}")]
+    [Authorize("Application")]
+    public class OrganizationExportController : Controller
+    {
+        private readonly IUserService _userService;
+        private readonly ICollectionService _collectionService;
+        private readonly ICipherService _cipherService;
+        private readonly GlobalSettings _globalSettings;
+
+        public OrganizationExportController(
+            ICipherService cipherService,
+            ICollectionService collectionService,
+            IUserService userService,
+            GlobalSettings globalSettings)
+        {
+            _cipherService = cipherService;
+            _collectionService = collectionService;
+            _userService = userService;
+            _globalSettings = globalSettings;
+        }
+
+        [HttpGet("export")]
+        public async Task<OrganizationExportResponseModel> Export(Guid organizationId)
+        {
+            var userId = _userService.GetProperUserId(User).Value;
+
+            IEnumerable<Collection> orgCollections = await _collectionService.GetOrganizationCollections(organizationId);
+            (IEnumerable<CipherOrganizationDetails> orgCiphers, Dictionary<Guid, IGrouping<Guid, CollectionCipher>> collectionCiphersGroupDict) = await _cipherService.GetOrganizationCiphers(userId, organizationId);
+
+            var result = new OrganizationExportResponseModel
+            {
+                Collections = GetOrganizationCollectionsResponse(orgCollections),
+                Ciphers = await GetOrganizationCiphersResponse(orgCiphers, collectionCiphersGroupDict)
+            };
+
+            return result;
+        }
+
+        private ListResponseModel<CollectionResponseModel> GetOrganizationCollectionsResponse(IEnumerable<Collection> orgCollections)
+        {
+            var collections = orgCollections.Select(c => new CollectionResponseModel(c));
+            return new ListResponseModel<CollectionResponseModel>(collections);
+        }
+
+        private async Task<ListResponseModel<CipherMiniDetailsResponseModel>> GetOrganizationCiphersResponse(IEnumerable<CipherOrganizationDetails> orgCiphers,
+            Dictionary<Guid, IGrouping<Guid, CollectionCipher>> collectionCiphersGroupDict)
+        {
+            var responses = orgCiphers.Select(c => new CipherMiniDetailsResponseModel(c, _globalSettings,
+                collectionCiphersGroupDict, c.OrganizationUseTotp));
+
+            return new ListResponseModel<CipherMiniDetailsResponseModel>(responses);
+        }
+    }
+}
--- a/src/Api/Models/Response/OrganizationExportResponseModel.cs
+++ b/src/Api/Models/Response/OrganizationExportResponseModel.cs
@ -0,0 +1,13 @@
+namespace Bit.Api.Models.Response
+{
+    public class OrganizationExportResponseModel
+    {
+        public OrganizationExportResponseModel()
+        {
+        }
+
+        public ListResponseModel<CollectionResponseModel> Collections { get; set; }
+
+        public ListResponseModel<CipherMiniDetailsResponseModel> Ciphers { get; set; }
+    }
+}