Allow MP policy check when registering via SSO (#1779)

* add endpoint to policies for invited users * convert serialization to use built in dotnet tool
2025-07-04 09:32:48 -05:00 · 2021-12-21 12:10:01 -05:00
parent f51bdfe2e3
commit 8cbf1906ae
2 changed files with 28 additions and 2 deletions
--- a/src/Api/Controllers/PoliciesController.cs
+++ b/src/Api/Controllers/PoliciesController.cs
@ -106,6 +106,32 @@ namespace Bit.Api.Controllers
            return new ListResponseModel<PolicyResponseModel>(responses);
        }

+        [AllowAnonymous]
+        [HttpGet("invited-user")]
+        public async Task<ListResponseModel<PolicyResponseModel>> GetByInvitedUser(string orgId, [FromQuery] string userId)
+        {
+            var user = await _userService.GetUserByIdAsync(new Guid(userId));
+            if (user == null)
+            {
+                throw new UnauthorizedAccessException();
+            }
+            var orgIdGuid = new Guid(orgId);
+            var orgUsersByUserId = await _organizationUserRepository.GetManyByUserAsync(user.Id);
+            var orgUser = orgUsersByUserId.SingleOrDefault(u => u.OrganizationId == orgIdGuid);
+            if (orgUser == null)
+            {
+                throw new NotFoundException();
+            }
+            if (orgUser.Status != OrganizationUserStatusType.Invited)
+            {
+                throw new UnauthorizedAccessException();
+            }
+
+            var policies = await _policyRepository.GetManyByOrganizationIdAsync(orgIdGuid);
+            var responses = policies.Where(p => p.Enabled).Select(p => new PolicyResponseModel(p));
+            return new ListResponseModel<PolicyResponseModel>(responses);
+        }
+
        [HttpPut("{type}")]
        public async Task<PolicyResponseModel> Put(string orgId, int type, [FromBody] PolicyRequestModel model)
        {