mirror of
https://github.com/bitwarden/server.git
synced 2025-06-30 23:52:50 -05:00
[EC-92] Add organization vault export to event logs (#2128)
* Added nullable OrganizationId to EventModel * Added EventType Organization_ClientExportedVault * Updated CollectController to save the event Organization_ClientExportedVault * Added OrganizationExportResponseModel to encapsulate Organization Export data * Added OrganizationExportController to have a single endpoint for Organization vault export * Added method GetOrganizationCollections to ICollectionService to get collections for an organization * Added GetOrganizationCiphers to ICipherService to get ciphers for an organization * Updated controllers to use new methods in ICollectionService and ICipherService
This commit is contained in:
Rui Tomé
@ -56,7 +56,7 @@
|
||||
|
||||
Organization_Updated = 1600,
|
||||
Organization_PurgedVault = 1601,
|
||||
// Organization_ClientExportedVault = 1602,
|
||||
Organization_ClientExportedVault = 1602,
|
||||
Organization_VaultAccessed = 1603,
|
||||
Organization_EnabledSso = 1604,
|
||||
Organization_DisabledSso = 1605,
|
||||
|
||||
@ -39,5 +39,6 @@ namespace Bit.Core.Services
|
||||
Task UploadFileForExistingAttachmentAsync(Stream stream, Cipher cipher, CipherAttachment.MetaData attachmentId);
|
||||
Task<AttachmentResponseData> GetAttachmentDownloadDataAsync(Cipher cipher, string attachmentId);
|
||||
Task<bool> ValidateCipherAttachmentFile(Cipher cipher, CipherAttachment.MetaData attachmentData);
|
||||
Task<(IEnumerable<CipherOrganizationDetails>, Dictionary<Guid, IGrouping<Guid, CollectionCipher>>)> GetOrganizationCiphers(Guid userId, Guid organizationId);
|
||||
}
|
||||
}
|
||||
|
||||
@ -8,5 +8,6 @@ namespace Bit.Core.Services
|
||||
Task SaveAsync(Collection collection, IEnumerable<SelectionReadOnly> groups = null, Guid? assignUserId = null);
|
||||
Task DeleteAsync(Collection collection);
|
||||
Task DeleteUserAsync(Collection collection, Guid organizationUserId);
|
||||
Task<IEnumerable<Collection>> GetOrganizationCollections(Guid organizationId);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
using System.Text.Json;
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Exceptions;
|
||||
@ -29,6 +30,8 @@ namespace Bit.Core.Services
|
||||
private readonly GlobalSettings _globalSettings;
|
||||
private const long _fileSizeLeeway = 1024L * 1024L; // 1MB
|
||||
private readonly IReferenceEventService _referenceEventService;
|
||||
private readonly ICurrentContext _currentContext;
|
||||
private readonly IProviderService _providerService;
|
||||
|
||||
public CipherService(
|
||||
ICipherRepository cipherRepository,
|
||||
@ -43,7 +46,8 @@ namespace Bit.Core.Services
|
||||
IUserService userService,
|
||||
IPolicyRepository policyRepository,
|
||||
GlobalSettings globalSettings,
|
||||
IReferenceEventService referenceEventService)
|
||||
IReferenceEventService referenceEventService,
|
||||
ICurrentContext currentContext)
|
||||
{
|
||||
_cipherRepository = cipherRepository;
|
||||
_folderRepository = folderRepository;
|
||||
@ -58,6 +62,7 @@ namespace Bit.Core.Services
|
||||
_policyRepository = policyRepository;
|
||||
_globalSettings = globalSettings;
|
||||
_referenceEventService = referenceEventService;
|
||||
_currentContext = currentContext;
|
||||
}
|
||||
|
||||
public async Task SaveAsync(Cipher cipher, Guid savingUserId, DateTime? lastKnownRevisionDate,
|
||||
@ -845,6 +850,41 @@ namespace Bit.Core.Services
|
||||
await _pushService.PushSyncCiphersAsync(restoringUserId);
|
||||
}
|
||||
|
||||
public async Task<(IEnumerable<CipherOrganizationDetails>, Dictionary<Guid, IGrouping<Guid, CollectionCipher>>)> GetOrganizationCiphers(Guid userId, Guid organizationId)
|
||||
{
|
||||
if (!await _currentContext.ViewAllCollections(organizationId) && !await _currentContext.AccessReports(organizationId))
|
||||
{
|
||||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
IEnumerable<CipherOrganizationDetails> orgCiphers;
|
||||
if (await _currentContext.OrganizationAdmin(organizationId))
|
||||
{
|
||||
// Admins, Owners and Providers can access all items even if not assigned to them
|
||||
orgCiphers = await _cipherRepository.GetManyOrganizationDetailsByOrganizationIdAsync(organizationId);
|
||||
}
|
||||
else
|
||||
{
|
||||
var ciphers = await _cipherRepository.GetManyByUserIdAsync(userId, true);
|
||||
orgCiphers = ciphers.Where(c => c.OrganizationId == organizationId);
|
||||
}
|
||||
|
||||
var orgCipherIds = orgCiphers.Select(c => c.Id);
|
||||
|
||||
var collectionCiphers = await _collectionCipherRepository.GetManyByOrganizationIdAsync(organizationId);
|
||||
var collectionCiphersGroupDict = collectionCiphers
|
||||
.Where(c => orgCipherIds.Contains(c.CipherId))
|
||||
.GroupBy(c => c.CipherId).ToDictionary(s => s.Key);
|
||||
|
||||
var providerId = await _currentContext.ProviderIdForOrg(organizationId);
|
||||
if (providerId.HasValue)
|
||||
{
|
||||
await _providerService.LogProviderAccessToOrganizationAsync(organizationId);
|
||||
}
|
||||
|
||||
return (orgCiphers, collectionCiphersGroupDict);
|
||||
}
|
||||
|
||||
private async Task<bool> UserCanEditAsync(Cipher cipher, Guid userId)
|
||||
{
|
||||
if (!cipher.OrganizationId.HasValue && cipher.UserId.HasValue && cipher.UserId.Value == userId)
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.Models.Business;
|
||||
@ -16,6 +17,7 @@ namespace Bit.Core.Services
|
||||
private readonly IUserRepository _userRepository;
|
||||
private readonly IMailService _mailService;
|
||||
private readonly IReferenceEventService _referenceEventService;
|
||||
private readonly ICurrentContext _currentContext;
|
||||
|
||||
public CollectionService(
|
||||
IEventService eventService,
|
||||
@ -24,7 +26,8 @@ namespace Bit.Core.Services
|
||||
ICollectionRepository collectionRepository,
|
||||
IUserRepository userRepository,
|
||||
IMailService mailService,
|
||||
IReferenceEventService referenceEventService)
|
||||
IReferenceEventService referenceEventService,
|
||||
ICurrentContext currentContext)
|
||||
{
|
||||
_eventService = eventService;
|
||||
_organizationRepository = organizationRepository;
|
||||
@ -33,6 +36,7 @@ namespace Bit.Core.Services
|
||||
_userRepository = userRepository;
|
||||
_mailService = mailService;
|
||||
_referenceEventService = referenceEventService;
|
||||
_currentContext = currentContext;
|
||||
}
|
||||
|
||||
public async Task SaveAsync(Collection collection, IEnumerable<SelectionReadOnly> groups = null,
|
||||
@ -111,5 +115,27 @@ namespace Bit.Core.Services
|
||||
await _collectionRepository.DeleteUserAsync(collection.Id, organizationUserId);
|
||||
await _eventService.LogOrganizationUserEventAsync(orgUser, Enums.EventType.OrganizationUser_Updated);
|
||||
}
|
||||
|
||||
public async Task<IEnumerable<Collection>> GetOrganizationCollections(Guid organizationId)
|
||||
{
|
||||
if (!await _currentContext.ViewAllCollections(organizationId) && !await _currentContext.ManageUsers(organizationId))
|
||||
{
|
||||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
IEnumerable<Collection> orgCollections;
|
||||
if (await _currentContext.OrganizationAdmin(organizationId))
|
||||
{
|
||||
// Admins, Owners and Providers can access all items even if not assigned to them
|
||||
orgCollections = await _collectionRepository.GetManyByOrganizationIdAsync(organizationId);
|
||||
}
|
||||
else
|
||||
{
|
||||
var collections = await _collectionRepository.GetManyByUserIdAsync(_currentContext.UserId.Value);
|
||||
orgCollections = collections.Where(c => c.OrganizationId == organizationId);
|
||||
}
|
||||
|
||||
return orgCollections;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user