[AC-1331] Remove Manager role - final (#4493)

* Remove OrganizationUserType.Manager * Add EnumDataType validation to prevent invalid enum values
2025-06-30 15:42:48 -05:00 · 2024-07-12 06:13:10 +10:00
parent d2567dd42d
commit 7fe4fe16cb
14 changed files with 6 additions and 108 deletions
--- a/src/Api/AdminConsole/Models/Request/Organizations/OrganizationUserRequestModels.cs
+++ b/src/Api/AdminConsole/Models/Request/Organizations/OrganizationUserRequestModels.cs
@ -14,6 +14,7 @@ public class OrganizationUserInviteRequestModel
    [StrictEmailAddressList]
    public IEnumerable<string> Emails { get; set; }
    [Required]
+    [EnumDataType(typeof(OrganizationUserType))]
    public OrganizationUserType? Type { get; set; }
    public bool AccessSecretsManager { get; set; }
    public Permissions Permissions { get; set; }
@ -83,6 +84,7 @@ public class OrganizationUserBulkConfirmRequestModel
 public class OrganizationUserUpdateRequestModel
 {
    [Required]
+    [EnumDataType(typeof(OrganizationUserType))]
    public OrganizationUserType? Type { get; set; }
    public bool AccessSecretsManager { get; set; }
    public Permissions Permissions { get; set; }
--- a/src/Api/AdminConsole/Public/Models/MemberBaseModel.cs
+++ b/src/Api/AdminConsole/Public/Models/MemberBaseModel.cs
@ -45,10 +45,10 @@ public abstract class MemberBaseModel
    }

    /// <summary>
-    /// The member's type (or role) within the organization. If your organization has is using the latest collection enhancements,
-    /// you will not be allowed to assign the Manager role (OrganizationUserType = 3).
+    /// The member's type (or role) within the organization.
    /// </summary>
    [Required]
+    [EnumDataType(typeof(OrganizationUserType))]
    public OrganizationUserType? Type { get; set; }
    /// <summary>
    /// External identifier for reference or linking this member to another system, such as a user directory.
--- a/src/Core/AdminConsole/Enums/OrganizationUserType.cs
+++ b/src/Core/AdminConsole/Enums/OrganizationUserType.cs
@ -5,6 +5,6 @@ public enum OrganizationUserType : byte
    Owner = 0,
    Admin = 1,
    User = 2,
-    Manager = 3,
+    // Manager = 3 has been intentionally permanently deleted
    Custom = 4,
 }
--- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/UpdateOrganizationUserCommand.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/UpdateOrganizationUserCommand.cs
@ -61,11 +61,6 @@ public class UpdateOrganizationUserCommand : IUpdateOrganizationUserCommand

        // If the organization is using Flexible Collections, prevent use of any deprecated permissions
        var organization = await _organizationRepository.GetByIdAsync(user.OrganizationId);
-        if (organization.FlexibleCollections && user.Type == OrganizationUserType.Manager)
-        {
-            throw new BadRequestException("The Manager role has been deprecated by collection enhancements. Use the collection Can Manage permission instead.");
-        }
-
        if (organization.FlexibleCollections && user.AccessAll)
        {
            throw new BadRequestException("The AccessAll property has been deprecated by collection enhancements. Assign the user to collections instead.");
--- a/src/Core/AdminConsole/Services/Implementations/OrganizationService.cs
+++ b/src/Core/AdminConsole/Services/Implementations/OrganizationService.cs
@ -1039,11 +1039,6 @@ public class OrganizationService : IOrganizationService
        }

        // If the organization is using Flexible Collections, prevent use of any deprecated permissions
-        if (organization.FlexibleCollections && invites.Any(i => i.invite.Type is OrganizationUserType.Manager))
-        {
-            throw new BadRequestException("The Manager role has been deprecated by collection enhancements. Use the collection Can Manage permission instead.");
-        }
-
        if (organization.FlexibleCollections && invites.Any(i => i.invite.AccessAll))
        {
            throw new BadRequestException("The AccessAll property has been deprecated by collection enhancements. Assign the user to collections instead.");
--- a/src/Core/Context/CurrentContext.cs
+++ b/src/Core/Context/CurrentContext.cs
@ -217,17 +217,6 @@ public class CurrentContext : ICurrentContext
                }));
        }

-        if (claimsDict.ContainsKey(Claims.OrganizationManager))
-        {
-            organizations.AddRange(claimsDict[Claims.OrganizationManager].Select(c =>
-                new CurrentContextOrganization
-                {
-                    Id = new Guid(c.Value),
-                    Type = OrganizationUserType.Manager,
-                    AccessSecretsManager = accessSecretsManager.ContainsKey(c.Value),
-                }));
-        }
-
        if (claimsDict.ContainsKey(Claims.OrganizationCustom))
        {
            organizations.AddRange(claimsDict[Claims.OrganizationCustom].Select(c =>
@ -274,12 +263,6 @@ public class CurrentContext : ICurrentContext
        return (Organizations?.Any(o => o.Id == orgId) ?? false) || await OrganizationOwner(orgId);
    }

-    public async Task<bool> OrganizationManager(Guid orgId)
-    {
-        return await OrganizationAdmin(orgId) ||
-               (Organizations?.Any(o => o.Id == orgId && o.Type == OrganizationUserType.Manager) ?? false);
-    }
-
    public async Task<bool> OrganizationAdmin(Guid orgId)
    {
        return await OrganizationOwner(orgId) ||
--- a/src/Core/Context/ICurrentContext.cs
+++ b/src/Core/Context/ICurrentContext.cs
@ -36,8 +36,6 @@ public interface ICurrentContext


    Task<bool> OrganizationUser(Guid orgId);
-    [Obsolete("Manager role is deprecated after Flexible Collections.")]
-    Task<bool> OrganizationManager(Guid orgId);
    Task<bool> OrganizationAdmin(Guid orgId);
    Task<bool> OrganizationOwner(Guid orgId);
    Task<bool> OrganizationCustom(Guid orgId);
--- a/src/Core/Identity/Claims.cs
+++ b/src/Core/Identity/Claims.cs
@ -9,7 +9,6 @@ public static class Claims

    public const string OrganizationOwner = "orgowner";
    public const string OrganizationAdmin = "orgadmin";
-    public const string OrganizationManager = "orgmanager";
    public const string OrganizationUser = "orguser";
    public const string OrganizationCustom = "orgcustom";
    public const string ProviderAdmin = "providerprovideradmin";
--- a/src/Core/Utilities/CoreHelpers.cs
+++ b/src/Core/Utilities/CoreHelpers.cs
@ -700,12 +700,6 @@ public static class CoreHelpers
                            claims.Add(new KeyValuePair<string, string>(Claims.OrganizationAdmin, org.Id.ToString()));
                        }
                        break;
-                    case Enums.OrganizationUserType.Manager:
-                        foreach (var org in group)
-                        {
-                            claims.Add(new KeyValuePair<string, string>(Claims.OrganizationManager, org.Id.ToString()));
-                        }
-                        break;
                    case Enums.OrganizationUserType.User:
                        foreach (var org in group)
                        {
--- a/src/Identity/IdentityServer/ApiResources.cs
+++ b/src/Identity/IdentityServer/ApiResources.cs
@ -20,7 +20,6 @@ public class ApiResources
                Claims.Device,
                Claims.OrganizationOwner,
                Claims.OrganizationAdmin,
-                Claims.OrganizationManager,
                Claims.OrganizationUser,
                Claims.OrganizationCustom,
                Claims.ProviderAdmin,