[AC-2656] Remove old permissions code from CiphersController (#4186)

src/Api/Vault/Controllers/CiphersController.cs

@@ -245,13 +245,13 @@ public class CiphersController : Controller
     [HttpGet("organization-details")]
     public async Task<ListResponseModel<CipherMiniDetailsResponseModel>> GetOrganizationCiphers(Guid organizationId)
     {
-        // Flexible Collections Logic
+        // Flexible Collections V1 Logic
-        if (await UseFlexibleCollectionsV1Async(organizationId))
+        if (UseFlexibleCollectionsV1())
         {
             return await GetAllOrganizationCiphersAsync(organizationId);
         }
 
-        // Pre-Flexible Collections Logic
+        // Pre-Flexible Collections V1 Logic
         var userId = _userService.GetProperUserId(User).Value;
 
         (IEnumerable<CipherOrganizationDetails> orgCiphers, Dictionary<Guid, IGrouping<Guid, CollectionCipher>> collectionCiphersGroupDict) = await _cipherService.GetOrganizationCiphers(userId, organizationId);
@@ -271,7 +271,7 @@ public class CiphersController : Controller
     [HttpGet("organization-details/assigned")]
     public async Task<ListResponseModel<CipherDetailsResponseModel>> GetAssignedOrganizationCiphers(Guid organizationId)
     {
-        if (!await UseFlexibleCollectionsV1Async(organizationId))
+        if (!UseFlexibleCollectionsV1())
         {
             throw new FeatureUnavailableException();
         }
@@ -329,7 +329,7 @@ public class CiphersController : Controller
     private async Task<bool> CanEditCipherAsAdminAsync(Guid organizationId, IEnumerable<Guid> cipherIds)
     {
         // Pre-Flexible collections V1 only needs to check EditAnyCollection
-        if (!await UseFlexibleCollectionsV1Async(organizationId))
+        if (!UseFlexibleCollectionsV1())
         {
             return await _currentContext.EditAnyCollection(organizationId);
         }
@@ -397,7 +397,7 @@ public class CiphersController : Controller
         var org = _currentContext.GetOrganization(organizationId);
 
         // If not using V1, owners, admins, and users with EditAnyCollection permissions, and providers can always edit all ciphers
-        if (!await UseFlexibleCollectionsV1Async(organizationId))
+        if (!UseFlexibleCollectionsV1())
         {
             return org is { Type: OrganizationUserType.Owner or OrganizationUserType.Admin } or
             { Permissions.EditAnyCollection: true } ||
@@ -669,7 +669,7 @@ public class CiphersController : Controller
 
         // In V1, we still need to check if the user can edit the collections they're submitting
         // This should only happen for unassigned ciphers (otherwise restricted admins would use the normal collections endpoint)
-        if (await UseFlexibleCollectionsV1Async(cipher.OrganizationId.Value) && !await CanEditItemsInCollections(cipher.OrganizationId.Value, collectionIds))
+        if (UseFlexibleCollectionsV1() && !await CanEditItemsInCollections(cipher.OrganizationId.Value, collectionIds))
         {
             throw new NotFoundException();
         }
@@ -680,14 +680,6 @@ public class CiphersController : Controller
     [HttpPost("bulk-collections")]
     public async Task PostBulkCollections([FromBody] CipherBulkUpdateCollectionsRequestModel model)
     {
-        var orgAbility = await _applicationCacheService.GetOrganizationAbilityAsync(model.OrganizationId);
-
-        // Only available for organizations with flexible collections
-        if (orgAbility is null or { FlexibleCollections: false })
-        {
-            throw new NotFoundException();
-        }
-
         if (!await CanEditCiphersAsync(model.OrganizationId, model.CipherIds) ||
             !await CanEditItemsInCollections(model.OrganizationId, model.CollectionIds))
         {
@@ -1272,14 +1264,8 @@ public class CiphersController : Controller
         return await _cipherRepository.GetByIdAsync(cipherId, userId, UseFlexibleCollections);
     }
 
-    private async Task<bool> UseFlexibleCollectionsV1Async(Guid organizationId)
+    private bool UseFlexibleCollectionsV1()
     {
-        if (!_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1))
+        return _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1);
-        {
-            return false;
-        }
-
-        var organizationAbility = await _applicationCacheService.GetOrganizationAbilityAsync(organizationId);
-        return organizationAbility?.FlexibleCollections ?? false;
     }
 }

test/Api.Test/Vault/Controllers/CiphersControllerTests.cs

@@ -150,8 +150,7 @@ public class CiphersControllerTests
     [BitAutoData(OrganizationUserType.Custom, false, false)]
     public async Task CanEditCiphersAsAdminAsync_FlexibleCollections_Success(
         OrganizationUserType userType, bool allowAdminsAccessToAllItems, bool shouldSucceed,
-        CurrentContextOrganization organization, Guid userId, Cipher cipher, SutProvider<CiphersController> sutProvider
+        CurrentContextOrganization organization, Guid userId, Cipher cipher, SutProvider<CiphersController> sutProvider)
-    )
     {
         cipher.OrganizationId = organization.Id;
         organization.Type = userType;
@@ -169,7 +168,6 @@ public class CiphersControllerTests
         sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organization.Id).Returns(new OrganizationAbility
         {
             Id = organization.Id,
-            FlexibleCollections = true,
             AllowAdminAccessToAllCollectionItems = allowAdminsAccessToAllItems
         });
         sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
@@ -188,47 +186,6 @@ public class CiphersControllerTests
         }
     }
 
-    /// <summary>
-    /// To be removed after FlexibleCollections is fully released
-    /// </summary>
-    [Theory]
-    [BitAutoData(true, true)]
-    [BitAutoData(false, true)]
-    [BitAutoData(true, false)]
-    [BitAutoData(false, false)]
-    public async Task CanEditCiphersAsAdminAsync_NonFlexibleCollections(
-        bool v1Enabled, bool shouldSucceed, CurrentContextOrganization organization, Guid userId, Cipher cipher, SutProvider<CiphersController> sutProvider
-    )
-    {
-        cipher.OrganizationId = organization.Id;
-        sutProvider.GetDependency<ICurrentContext>().EditAnyCollection(organization.Id).Returns(shouldSucceed);
-
-        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
-        sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(userId);
-
-        sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organization.Id).Returns(new OrganizationAbility
-        {
-            Id = organization.Id,
-            FlexibleCollections = false,
-            AllowAdminAccessToAllCollectionItems = false
-        });
-        sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(v1Enabled);
-        sutProvider.GetDependency<ICipherRepository>().GetByIdAsync(cipher.Id).Returns(cipher);
-
-        if (shouldSucceed)
-        {
-            await sutProvider.Sut.DeleteAdmin(cipher.Id.ToString());
-            await sutProvider.GetDependency<ICipherService>().ReceivedWithAnyArgs()
-                .DeleteAsync(default, default);
-        }
-        else
-        {
-            await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.DeleteAdmin(cipher.Id.ToString()));
-            await sutProvider.GetDependency<ICipherService>().DidNotReceiveWithAnyArgs()
-                .DeleteAsync(default, default);
-        }
-    }
-
     [Theory]
     [BitAutoData(false, false)]
     [BitAutoData(true, false)]
@@ -251,7 +208,6 @@ public class CiphersControllerTests
         sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organization.Id).Returns(new OrganizationAbility
         {
             Id = organization.Id,
-            FlexibleCollections = fcV1Enabled, // Assume FlexibleCollections is enabled if v1 is enabled
             AllowAdminAccessToAllCollectionItems = false
         });
         sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(fcV1Enabled);