[AC-607] Extract IOrganizationService.DeleteUserAsync into IRemoveOrganizationUserCommand (#4803)

* Add HasConfirmedOwnersExceptQuery class, interface and unit tests * Register IHasConfirmedOwnersExceptQuery for dependency injection * Replace OrganizationService.HasConfirmedOwnersExceptAsync with HasConfirmedOwnersExceptQuery * Refactor DeleteManagedOrganizationUserAccountCommand to use IHasConfirmedOwnersExceptQuery * Fix unit tests * Extract IOrganizationService.RemoveUserAsync into IRemoveOrganizationUserCommand; Update unit tests * Extract IOrganizationService.RemoveUsersAsync into IRemoveOrganizationUserCommand; Update unit tests * Refactor RemoveUserAsync(Guid organizationId, Guid userId) to use ValidateDeleteUser * Refactor RemoveOrganizationUserCommandTests to use more descriptive method names * Refactor controller actions to accept Guid directly instead of parsing strings * Add unit tests for removing OrganizationUser by UserId * Refactor remove OrganizationUser by UserId method * Add summary to IHasConfirmedOwnersExceptQuery
2025-07-05 18:12:48 -05:00 · 2024-10-16 10:33:00 +01:00
parent 7408f3ee02
commit 93e49ffe74
28 changed files with 781 additions and 642 deletions
--- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/RemoveOrganizationUserCommand.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/RemoveOrganizationUserCommand.cs
@ -1,4 +1,6 @@
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
+using Bit.Core.Context;
+using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Repositories;
@ -8,38 +10,171 @@ namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers;

 public class RemoveOrganizationUserCommand : IRemoveOrganizationUserCommand
 {
+    private readonly IDeviceRepository _deviceRepository;
    private readonly IOrganizationUserRepository _organizationUserRepository;
-    private readonly IOrganizationService _organizationService;
+    private readonly IEventService _eventService;
+    private readonly IPushNotificationService _pushNotificationService;
+    private readonly IPushRegistrationService _pushRegistrationService;
+    private readonly ICurrentContext _currentContext;
+    private readonly IHasConfirmedOwnersExceptQuery _hasConfirmedOwnersExceptQuery;

    public RemoveOrganizationUserCommand(
+        IDeviceRepository deviceRepository,
        IOrganizationUserRepository organizationUserRepository,
-        IOrganizationService organizationService
-    )
+        IEventService eventService,
+        IPushNotificationService pushNotificationService,
+        IPushRegistrationService pushRegistrationService,
+        ICurrentContext currentContext,
+        IHasConfirmedOwnersExceptQuery hasConfirmedOwnersExceptQuery)
    {
+        _deviceRepository = deviceRepository;
        _organizationUserRepository = organizationUserRepository;
-        _organizationService = organizationService;
+        _eventService = eventService;
+        _pushNotificationService = pushNotificationService;
+        _pushRegistrationService = pushRegistrationService;
+        _currentContext = currentContext;
+        _hasConfirmedOwnersExceptQuery = hasConfirmedOwnersExceptQuery;
    }

    public async Task RemoveUserAsync(Guid organizationId, Guid organizationUserId, Guid? deletingUserId)
    {
-        await ValidateDeleteUserAsync(organizationId, organizationUserId);
+        var organizationUser = await _organizationUserRepository.GetByIdAsync(organizationUserId);
+        ValidateDeleteUser(organizationId, organizationUser);

-        await _organizationService.RemoveUserAsync(organizationId, organizationUserId, deletingUserId);
+        await RepositoryDeleteUserAsync(organizationUser, deletingUserId);
+
+        await _eventService.LogOrganizationUserEventAsync(organizationUser, EventType.OrganizationUser_Removed);
    }

    public async Task RemoveUserAsync(Guid organizationId, Guid organizationUserId, EventSystemUser eventSystemUser)
    {
-        await ValidateDeleteUserAsync(organizationId, organizationUserId);
+        var organizationUser = await _organizationUserRepository.GetByIdAsync(organizationUserId);
+        ValidateDeleteUser(organizationId, organizationUser);

-        await _organizationService.RemoveUserAsync(organizationId, organizationUserId, eventSystemUser);
+        await RepositoryDeleteUserAsync(organizationUser, null);
+
+        await _eventService.LogOrganizationUserEventAsync(organizationUser, EventType.OrganizationUser_Removed, eventSystemUser);
    }

-    private async Task ValidateDeleteUserAsync(Guid organizationId, Guid organizationUserId)
+    public async Task RemoveUserAsync(Guid organizationId, Guid userId)
+    {
+        var organizationUser = await _organizationUserRepository.GetByOrganizationAsync(organizationId, userId);
+        ValidateDeleteUser(organizationId, organizationUser);
+
+        await RepositoryDeleteUserAsync(organizationUser, null);
+
+        await _eventService.LogOrganizationUserEventAsync(organizationUser, EventType.OrganizationUser_Removed);
+    }
+
+    public async Task<List<Tuple<OrganizationUser, string>>> RemoveUsersAsync(Guid organizationId,
+        IEnumerable<Guid> organizationUsersId,
+        Guid? deletingUserId)
+    {
+        var orgUsers = await _organizationUserRepository.GetManyAsync(organizationUsersId);
+        var filteredUsers = orgUsers.Where(u => u.OrganizationId == organizationId)
+            .ToList();
+
+        if (!filteredUsers.Any())
+        {
+            throw new BadRequestException("Users invalid.");
+        }
+
+        if (!await _hasConfirmedOwnersExceptQuery.HasConfirmedOwnersExceptAsync(organizationId, organizationUsersId))
+        {
+            throw new BadRequestException("Organization must have at least one confirmed owner.");
+        }
+
+        var deletingUserIsOwner = false;
+        if (deletingUserId.HasValue)
+        {
+            deletingUserIsOwner = await _currentContext.OrganizationOwner(organizationId);
+        }
+
+        var result = new List<Tuple<OrganizationUser, string>>();
+        var deletedUserIds = new List<Guid>();
+        foreach (var orgUser in filteredUsers)
+        {
+            try
+            {
+                if (deletingUserId.HasValue && orgUser.UserId == deletingUserId)
+                {
+                    throw new BadRequestException("You cannot remove yourself.");
+                }
+
+                if (orgUser.Type == OrganizationUserType.Owner && deletingUserId.HasValue && !deletingUserIsOwner)
+                {
+                    throw new BadRequestException("Only owners can delete other owners.");
+                }
+
+                await _eventService.LogOrganizationUserEventAsync(orgUser, EventType.OrganizationUser_Removed);
+
+                if (orgUser.UserId.HasValue)
+                {
+                    await DeleteAndPushUserRegistrationAsync(organizationId, orgUser.UserId.Value);
+                }
+                result.Add(Tuple.Create(orgUser, ""));
+                deletedUserIds.Add(orgUser.Id);
+            }
+            catch (BadRequestException e)
+            {
+                result.Add(Tuple.Create(orgUser, e.Message));
+            }
+
+            await _organizationUserRepository.DeleteManyAsync(deletedUserIds);
+        }
+
+        return result;
+    }
+
+    private void ValidateDeleteUser(Guid organizationId, OrganizationUser orgUser)
    {
-        var orgUser = await _organizationUserRepository.GetByIdAsync(organizationUserId);
        if (orgUser == null || orgUser.OrganizationId != organizationId)
        {
            throw new NotFoundException("User not found.");
        }
    }
+
+    private async Task RepositoryDeleteUserAsync(OrganizationUser orgUser, Guid? deletingUserId)
+    {
+        if (deletingUserId.HasValue && orgUser.UserId == deletingUserId.Value)
+        {
+            throw new BadRequestException("You cannot remove yourself.");
+        }
+
+        if (orgUser.Type == OrganizationUserType.Owner)
+        {
+            if (deletingUserId.HasValue && !await _currentContext.OrganizationOwner(orgUser.OrganizationId))
+            {
+                throw new BadRequestException("Only owners can delete other owners.");
+            }
+
+            if (!await _hasConfirmedOwnersExceptQuery.HasConfirmedOwnersExceptAsync(orgUser.OrganizationId, new[] { orgUser.Id }, includeProvider: true))
+            {
+                throw new BadRequestException("Organization must have at least one confirmed owner.");
+            }
+        }
+
+        await _organizationUserRepository.DeleteAsync(orgUser);
+
+        if (orgUser.UserId.HasValue)
+        {
+            await DeleteAndPushUserRegistrationAsync(orgUser.OrganizationId, orgUser.UserId.Value);
+        }
+    }
+
+    private async Task<IEnumerable<KeyValuePair<string, DeviceType>>> GetUserDeviceIdsAsync(Guid userId)
+    {
+        var devices = await _deviceRepository.GetManyByUserIdAsync(userId);
+        return devices
+            .Where(d => !string.IsNullOrWhiteSpace(d.PushToken))
+            .Select(d => new KeyValuePair<string, DeviceType>(d.Id.ToString(), d.Type));
+    }
+
+    private async Task DeleteAndPushUserRegistrationAsync(Guid organizationId, Guid userId)
+    {
+        var devices = await GetUserDeviceIdsAsync(userId);
+        await _pushRegistrationService.DeleteUserRegistrationOrganizationAsync(devices,
+            organizationId.ToString());
+        await _pushNotificationService.PushSyncOrgKeysAsync(userId);
+    }
 }