[EC-787] Create a method in PolicyService to check if a policy applies to a user (#2537)

* [EC-787] Add new stored procedure OrganizationUser_ReadByUserIdWithPolicyDetails * [EC-787] Add new method IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Add OrganizationUserPolicyDetails to represent policies applicable to a specific user * [EC-787] Add method IPolicyService.GetPoliciesApplicableToUser to filter the obtained policy data * [EC-787] Returning PolicyData on stored procedures * [EC-787] Changed GetPoliciesApplicableToUserAsync to return ICollection * [EC-787] Switched all usings of IPolicyRepository.GetManyByTypeApplicableToUserIdAsync to IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Removed policy logic from BaseRequestValidator and added usage of IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Added unit tests for IPolicyService.GetPoliciesApplicableToUserAsync * [EC-787] Added unit tests for OrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Changed integration test to check for single result * [EC-787] Marked IPolicyRepository methods GetManyByTypeApplicableToUserIdAsync and GetCountByTypeApplicableToUserIdAsync as obsolete * [EC-787] Returning OrganizationUserId on OrganizationUser_ReadByUserIdWithPolicyDetails * [EC-787] Remove deprecated stored procedures Policy_CountByTypeApplicableToUser, Policy_ReadByTypeApplicableToUser and function PolicyApplicableToUser * [EC-787] Added method IPolicyService.AnyPoliciesApplicableToUserAsync * [EC-787] Removed 'OrganizationUserType' parameter from queries * [EC-787] Formatted OrganizationUserPolicyDetailsCompare * [EC-787] Renamed SQL migration files * [EC-787] Changed OrganizationUser_ReadByUserIdWithPolicyDetails to return Permissions json * [EC-787] Refactored excluded user types for each Policy * [EC-787] Updated dates on dbo_future files * [EC-787] Remove dbo_future files from sql proj * [EC-787] Added parameter PolicyType to IOrganizationUserRepository.GetByUserIdWithPolicyDetailsAsync * [EC-787] Rewrote OrganizationUser_ReadByUserIdWithPolicyDetails and added parameter for PolicyType * Update util/Migrator/DbScripts/2023-03-10_00_OrganizationUserReadByUserIdWithPolicyDetails.sql Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> --------- Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2025-07-02 08:32:50 -05:00 · 2023-05-12 08:22:19 +01:00
parent 99b0953acd
commit 8d3fe12170
26 changed files with 560 additions and 319 deletions
--- a/test/Core.Test/Services/PolicyServiceTests.cs
+++ b/test/Core.Test/Services/PolicyServiceTests.cs
@ -5,12 +5,14 @@ using Bit.Core.Auth.Repositories;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
+using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using NSubstitute;
 using Xunit;
+using GlobalSettings = Bit.Core.Settings.GlobalSettings;
 using PolicyFixtures = Bit.Core.Test.AutoFixture.PolicyFixtures;

 namespace Bit.Core.Test.Services;
@ -394,10 +396,132 @@ public class PolicyServiceTests
        Assert.True(policy.RevisionDate - utcNow < TimeSpan.FromSeconds(1));
    }

+    [Theory, BitAutoData]
+    public async Task GetPoliciesApplicableToUserAsync_WithRequireSsoTypeFilter_WithDefaultOrganizationUserStatusFilter_ReturnsNoPolicies(Guid userId, SutProvider<PolicyService> sutProvider)
+    {
+        SetupUserPolicies(userId, sutProvider);
+
+        var result = await sutProvider.Sut
+            .GetPoliciesApplicableToUserAsync(userId, PolicyType.RequireSso);
+
+        Assert.Empty(result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task GetPoliciesApplicableToUserAsync_WithRequireSsoTypeFilter_WithDefaultOrganizationUserStatusFilter_ReturnsOnePolicy(Guid userId, SutProvider<PolicyService> sutProvider)
+    {
+        SetupUserPolicies(userId, sutProvider);
+
+        sutProvider.GetDependency<GlobalSettings>().Sso.EnforceSsoPolicyForAllUsers.Returns(true);
+
+        var result = await sutProvider.Sut
+            .GetPoliciesApplicableToUserAsync(userId, PolicyType.RequireSso);
+
+        Assert.Single(result);
+        Assert.True(result.All(details => details.PolicyEnabled));
+        Assert.True(result.All(details => details.PolicyType == PolicyType.RequireSso));
+        Assert.True(result.All(details => details.OrganizationUserType == OrganizationUserType.Owner));
+        Assert.True(result.All(details => details.OrganizationUserStatus == OrganizationUserStatusType.Confirmed));
+        Assert.True(result.All(details => !details.IsProvider));
+    }
+
+    [Theory, BitAutoData]
+    public async Task GetPoliciesApplicableToUserAsync_WithDisableTypeFilter_WithDefaultOrganizationUserStatusFilter_ReturnsNoPolicies(Guid userId, SutProvider<PolicyService> sutProvider)
+    {
+        SetupUserPolicies(userId, sutProvider);
+
+        var result = await sutProvider.Sut
+            .GetPoliciesApplicableToUserAsync(userId, PolicyType.DisableSend);
+
+        Assert.Empty(result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task GetPoliciesApplicableToUserAsync_WithDisableSendTypeFilter_WithInvitedUserStatusFilter_ReturnsOnePolicy(Guid userId, SutProvider<PolicyService> sutProvider)
+    {
+        SetupUserPolicies(userId, sutProvider);
+
+        var result = await sutProvider.Sut
+            .GetPoliciesApplicableToUserAsync(userId, PolicyType.DisableSend, OrganizationUserStatusType.Invited);
+
+        Assert.Single(result);
+        Assert.True(result.All(details => details.PolicyEnabled));
+        Assert.True(result.All(details => details.PolicyType == PolicyType.DisableSend));
+        Assert.True(result.All(details => details.OrganizationUserType == OrganizationUserType.User));
+        Assert.True(result.All(details => details.OrganizationUserStatus == OrganizationUserStatusType.Invited));
+        Assert.True(result.All(details => !details.IsProvider));
+    }
+
+    [Theory, BitAutoData]
+    public async Task AnyPoliciesApplicableToUserAsync_WithRequireSsoTypeFilter_WithDefaultOrganizationUserStatusFilter_ReturnsFalse(Guid userId, SutProvider<PolicyService> sutProvider)
+    {
+        SetupUserPolicies(userId, sutProvider);
+
+        var result = await sutProvider.Sut
+            .AnyPoliciesApplicableToUserAsync(userId, PolicyType.RequireSso);
+
+        Assert.False(result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task AnyPoliciesApplicableToUserAsync_WithRequireSsoTypeFilter_WithDefaultOrganizationUserStatusFilter_ReturnsTrue(Guid userId, SutProvider<PolicyService> sutProvider)
+    {
+        SetupUserPolicies(userId, sutProvider);
+
+        sutProvider.GetDependency<GlobalSettings>().Sso.EnforceSsoPolicyForAllUsers.Returns(true);
+
+        var result = await sutProvider.Sut
+            .AnyPoliciesApplicableToUserAsync(userId, PolicyType.RequireSso);
+
+        Assert.True(result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task AnyPoliciesApplicableToUserAsync_WithDisableTypeFilter_WithDefaultOrganizationUserStatusFilter_ReturnsFalse(Guid userId, SutProvider<PolicyService> sutProvider)
+    {
+        SetupUserPolicies(userId, sutProvider);
+
+        var result = await sutProvider.Sut
+            .AnyPoliciesApplicableToUserAsync(userId, PolicyType.DisableSend);
+
+        Assert.False(result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task AnyPoliciesApplicableToUserAsync_WithDisableSendTypeFilter_WithInvitedUserStatusFilter_ReturnsTrue(Guid userId, SutProvider<PolicyService> sutProvider)
+    {
+        SetupUserPolicies(userId, sutProvider);
+
+        var result = await sutProvider.Sut
+            .AnyPoliciesApplicableToUserAsync(userId, PolicyType.DisableSend, OrganizationUserStatusType.Invited);
+
+        Assert.True(result);
+    }
+
    private static void SetupOrg(SutProvider<PolicyService> sutProvider, Guid organizationId, Organization organization)
    {
        sutProvider.GetDependency<IOrganizationRepository>()
            .GetByIdAsync(organizationId)
            .Returns(Task.FromResult(organization));
    }
+
+    private static void SetupUserPolicies(Guid userId, SutProvider<PolicyService> sutProvider)
+    {
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetByUserIdWithPolicyDetailsAsync(userId, PolicyType.RequireSso)
+            .Returns(new List<OrganizationUserPolicyDetails>
+            {
+                new() { OrganizationId = Guid.NewGuid(), PolicyType = PolicyType.RequireSso, PolicyEnabled = false, OrganizationUserType = OrganizationUserType.Owner, OrganizationUserStatus = OrganizationUserStatusType.Confirmed, IsProvider = false},
+                new() { OrganizationId = Guid.NewGuid(), PolicyType = PolicyType.RequireSso, PolicyEnabled = true, OrganizationUserType = OrganizationUserType.Owner, OrganizationUserStatus = OrganizationUserStatusType.Confirmed, IsProvider = false },
+                new() { OrganizationId = Guid.NewGuid(), PolicyType = PolicyType.RequireSso, PolicyEnabled = true, OrganizationUserType = OrganizationUserType.Owner, OrganizationUserStatus = OrganizationUserStatusType.Confirmed, IsProvider = true }
+            });
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetByUserIdWithPolicyDetailsAsync(userId, PolicyType.DisableSend)
+            .Returns(new List<OrganizationUserPolicyDetails>
+            {
+                new() { OrganizationId = Guid.NewGuid(), PolicyType = PolicyType.DisableSend, PolicyEnabled = true, OrganizationUserType = OrganizationUserType.User, OrganizationUserStatus = OrganizationUserStatusType.Invited, IsProvider = false },
+                new() { OrganizationId = Guid.NewGuid(), PolicyType = PolicyType.DisableSend, PolicyEnabled = true, OrganizationUserType = OrganizationUserType.User, OrganizationUserStatus = OrganizationUserStatusType.Invited, IsProvider = true }
+            });
+    }
 }
--- a/test/Core.Test/Tools/Services/SendServiceTests.cs
+++ b/test/Core.Test/Tools/Services/SendServiceTests.cs
@ -3,6 +3,7 @@ using System.Text.Json;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
+using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Models.Data.Organizations.Policies;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
@ -33,8 +34,8 @@ public class SendServiceTests
        send.Id = default;
        send.Type = sendType;

-        sutProvider.GetDependency<IPolicyRepository>().GetCountByTypeApplicableToUserIdAsync(
-            Arg.Any<Guid>(), PolicyType.DisableSend).Returns(disableSendPolicyAppliesToUser ? 1 : 0);
+        sutProvider.GetDependency<IPolicyService>().AnyPoliciesApplicableToUserAsync(
+            Arg.Any<Guid>(), PolicyType.DisableSend).Returns(disableSendPolicyAppliesToUser);
    }

    // Disable Send policy check
@ -79,10 +80,10 @@ public class SendServiceTests
            PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
        });

-        sutProvider.GetDependency<IPolicyRepository>().GetManyByTypeApplicableToUserIdAsync(
-            Arg.Any<Guid>(), PolicyType.SendOptions).Returns(new List<Policy>
+        sutProvider.GetDependency<IPolicyService>().GetPoliciesApplicableToUserAsync(
+            Arg.Any<Guid>(), PolicyType.SendOptions).Returns(new List<OrganizationUserPolicyDetails>()
            {
-                policy,
+                new() { PolicyType = policy.Type, PolicyData = policy.Data, OrganizationId = policy.OrganizationId, PolicyEnabled = policy.Enabled }
            });
    }