mirror of
https://github.com/bitwarden/server.git
synced 2025-06-30 07:36:14 -05:00
[AC-2027] Update Flexible Collections logic to use organization property (#3644)
* Update optionality to use org.FlexibleCollections Also break old feature flag key to ensure it's never enabled * Add logic to set defaults for collection management setting * Update optionality logic to use org property * Add comments * Add helper method for getting individual orgAbility * Fix validate user update permissions interface * Fix tests * dotnet format * Fix more tests * Simplify self-hosted update logic * Fix mapping * Use new getOrganizationAbility method * Refactor invite and save orgUser methods Pass in whole organization object instead of using OrganizationAbility * fix CipherService tests * dotnet format * Remove manager check to simplify this set of changes * Misc cleanup before review * Fix undefined variable * Refactor bulk-access endpoint to avoid early repo call * Restore manager check * Add tests for UpdateOrganizationLicenseCommand * Add nullable regions * Delete unused dependency * dotnet format * Fix test
This commit is contained in:
Thomas Rittson
@ -3,7 +3,6 @@ using Bit.Api.AdminConsole.Models.Response;
|
||||
using Bit.Api.Models.Response;
|
||||
using Bit.Api.Utilities;
|
||||
using Bit.Api.Vault.AuthorizationHandlers.Groups;
|
||||
using Bit.Core;
|
||||
using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces;
|
||||
using Bit.Core.AdminConsole.Repositories;
|
||||
using Bit.Core.AdminConsole.Services;
|
||||
@ -27,10 +26,8 @@ public class GroupsController : Controller
|
||||
private readonly ICurrentContext _currentContext;
|
||||
private readonly ICreateGroupCommand _createGroupCommand;
|
||||
private readonly IUpdateGroupCommand _updateGroupCommand;
|
||||
private readonly IFeatureService _featureService;
|
||||
private readonly IAuthorizationService _authorizationService;
|
||||
|
||||
private bool UseFlexibleCollections => _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext);
|
||||
private readonly IApplicationCacheService _applicationCacheService;
|
||||
|
||||
public GroupsController(
|
||||
IGroupRepository groupRepository,
|
||||
@ -41,7 +38,8 @@ public class GroupsController : Controller
|
||||
IUpdateGroupCommand updateGroupCommand,
|
||||
IDeleteGroupCommand deleteGroupCommand,
|
||||
IFeatureService featureService,
|
||||
IAuthorizationService authorizationService)
|
||||
IAuthorizationService authorizationService,
|
||||
IApplicationCacheService applicationCacheService)
|
||||
{
|
||||
_groupRepository = groupRepository;
|
||||
_groupService = groupService;
|
||||
@ -50,8 +48,8 @@ public class GroupsController : Controller
|
||||
_createGroupCommand = createGroupCommand;
|
||||
_updateGroupCommand = updateGroupCommand;
|
||||
_deleteGroupCommand = deleteGroupCommand;
|
||||
_featureService = featureService;
|
||||
_authorizationService = authorizationService;
|
||||
_applicationCacheService = applicationCacheService;
|
||||
}
|
||||
|
||||
[HttpGet("{id}")]
|
||||
@ -81,7 +79,7 @@ public class GroupsController : Controller
|
||||
[HttpGet("")]
|
||||
public async Task<ListResponseModel<GroupDetailsResponseModel>> Get(Guid orgId)
|
||||
{
|
||||
if (UseFlexibleCollections)
|
||||
if (await FlexibleCollectionsIsEnabledAsync(orgId))
|
||||
{
|
||||
// New flexible collections logic
|
||||
return await Get_vNext(orgId);
|
||||
@ -217,4 +215,10 @@ public class GroupsController : Controller
|
||||
var responses = groups.Select(g => new GroupDetailsResponseModel(g.Item1, g.Item2));
|
||||
return new ListResponseModel<GroupDetailsResponseModel>(responses);
|
||||
}
|
||||
|
||||
private async Task<bool> FlexibleCollectionsIsEnabledAsync(Guid organizationId)
|
||||
{
|
||||
var organizationAbility = await _applicationCacheService.GetOrganizationAbilityAsync(organizationId);
|
||||
return organizationAbility?.FlexibleCollections ?? false;
|
||||
}
|
||||
}
|
||||
|
||||
@ -4,7 +4,6 @@ using Bit.Api.Models.Request.Organizations;
|
||||
using Bit.Api.Models.Response;
|
||||
using Bit.Api.Utilities;
|
||||
using Bit.Api.Vault.AuthorizationHandlers.OrganizationUsers;
|
||||
using Bit.Core;
|
||||
using Bit.Core.AdminConsole.Enums;
|
||||
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
|
||||
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
|
||||
@ -39,10 +38,8 @@ public class OrganizationUsersController : Controller
|
||||
private readonly IUpdateSecretsManagerSubscriptionCommand _updateSecretsManagerSubscriptionCommand;
|
||||
private readonly IUpdateOrganizationUserGroupsCommand _updateOrganizationUserGroupsCommand;
|
||||
private readonly IAcceptOrgUserCommand _acceptOrgUserCommand;
|
||||
private readonly IFeatureService _featureService;
|
||||
private readonly IAuthorizationService _authorizationService;
|
||||
|
||||
private bool UseFlexibleCollections => _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext);
|
||||
private readonly IApplicationCacheService _applicationCacheService;
|
||||
|
||||
public OrganizationUsersController(
|
||||
IOrganizationRepository organizationRepository,
|
||||
@ -57,8 +54,8 @@ public class OrganizationUsersController : Controller
|
||||
IUpdateSecretsManagerSubscriptionCommand updateSecretsManagerSubscriptionCommand,
|
||||
IUpdateOrganizationUserGroupsCommand updateOrganizationUserGroupsCommand,
|
||||
IAcceptOrgUserCommand acceptOrgUserCommand,
|
||||
IFeatureService featureService,
|
||||
IAuthorizationService authorizationService)
|
||||
IAuthorizationService authorizationService,
|
||||
IApplicationCacheService applicationCacheService)
|
||||
{
|
||||
_organizationRepository = organizationRepository;
|
||||
_organizationUserRepository = organizationUserRepository;
|
||||
@ -72,8 +69,8 @@ public class OrganizationUsersController : Controller
|
||||
_updateSecretsManagerSubscriptionCommand = updateSecretsManagerSubscriptionCommand;
|
||||
_updateOrganizationUserGroupsCommand = updateOrganizationUserGroupsCommand;
|
||||
_acceptOrgUserCommand = acceptOrgUserCommand;
|
||||
_featureService = featureService;
|
||||
_authorizationService = authorizationService;
|
||||
_applicationCacheService = applicationCacheService;
|
||||
}
|
||||
|
||||
[HttpGet("{id}")]
|
||||
@ -98,7 +95,7 @@ public class OrganizationUsersController : Controller
|
||||
[HttpGet("")]
|
||||
public async Task<ListResponseModel<OrganizationUserUserDetailsResponseModel>> Get(Guid orgId, bool includeGroups = false, bool includeCollections = false)
|
||||
{
|
||||
var authorized = UseFlexibleCollections
|
||||
var authorized = await FlexibleCollectionsIsEnabledAsync(orgId)
|
||||
? (await _authorizationService.AuthorizeAsync(User, OrganizationUserOperations.ReadAll(orgId))).Succeeded
|
||||
: await _currentContext.ViewAllCollections(orgId) ||
|
||||
await _currentContext.ViewAssignedCollections(orgId) ||
|
||||
@ -518,4 +515,10 @@ public class OrganizationUsersController : Controller
|
||||
return new ListResponseModel<OrganizationUserBulkResponseModel>(result.Select(r =>
|
||||
new OrganizationUserBulkResponseModel(r.Item1.Id, r.Item2)));
|
||||
}
|
||||
|
||||
private async Task<bool> FlexibleCollectionsIsEnabledAsync(Guid organizationId)
|
||||
{
|
||||
var organizationAbility = await _applicationCacheService.GetOrganizationAbilityAsync(organizationId);
|
||||
return organizationAbility?.FlexibleCollections ?? false;
|
||||
}
|
||||
}
|
||||
|
||||
@ -784,7 +784,6 @@ public class OrganizationsController : Controller
|
||||
}
|
||||
|
||||
[HttpPut("{id}/collection-management")]
|
||||
[RequireFeature(FeatureFlagKeys.FlexibleCollections)]
|
||||
[SelfHosted(NotSelfHostedOnly = true)]
|
||||
public async Task<OrganizationResponseModel> PutCollectionManagement(Guid id, [FromBody] OrganizationCollectionManagementUpdateRequestModel model)
|
||||
{
|
||||
@ -799,6 +798,11 @@ public class OrganizationsController : Controller
|
||||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
if (!organization.FlexibleCollections)
|
||||
{
|
||||
throw new BadRequestException("Organization does not have collection enhancements enabled");
|
||||
}
|
||||
|
||||
var v1Enabled = _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1, _currentContext);
|
||||
|
||||
if (!v1Enabled)
|
||||
|
||||
@ -28,8 +28,8 @@ public class CollectionsController : Controller
|
||||
private readonly IAuthorizationService _authorizationService;
|
||||
private readonly ICurrentContext _currentContext;
|
||||
private readonly IBulkAddCollectionAccessCommand _bulkAddCollectionAccessCommand;
|
||||
private readonly IFeatureService _featureService;
|
||||
private readonly IOrganizationUserRepository _organizationUserRepository;
|
||||
private readonly IApplicationCacheService _applicationCacheService;
|
||||
|
||||
public CollectionsController(
|
||||
ICollectionRepository collectionRepository,
|
||||
@ -39,8 +39,8 @@ public class CollectionsController : Controller
|
||||
IAuthorizationService authorizationService,
|
||||
ICurrentContext currentContext,
|
||||
IBulkAddCollectionAccessCommand bulkAddCollectionAccessCommand,
|
||||
IFeatureService featureService,
|
||||
IOrganizationUserRepository organizationUserRepository)
|
||||
IOrganizationUserRepository organizationUserRepository,
|
||||
IApplicationCacheService applicationCacheService)
|
||||
{
|
||||
_collectionRepository = collectionRepository;
|
||||
_organizationUserRepository = organizationUserRepository;
|
||||
@ -50,16 +50,14 @@ public class CollectionsController : Controller
|
||||
_authorizationService = authorizationService;
|
||||
_currentContext = currentContext;
|
||||
_bulkAddCollectionAccessCommand = bulkAddCollectionAccessCommand;
|
||||
_featureService = featureService;
|
||||
_organizationUserRepository = organizationUserRepository;
|
||||
_applicationCacheService = applicationCacheService;
|
||||
}
|
||||
|
||||
private bool FlexibleCollectionsIsEnabled => _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext);
|
||||
|
||||
[HttpGet("{id}")]
|
||||
public async Task<CollectionResponseModel> Get(Guid orgId, Guid id)
|
||||
{
|
||||
if (FlexibleCollectionsIsEnabled)
|
||||
if (await FlexibleCollectionsIsEnabledAsync(orgId))
|
||||
{
|
||||
// New flexible collections logic
|
||||
return await Get_vNext(id);
|
||||
@ -79,7 +77,7 @@ public class CollectionsController : Controller
|
||||
[HttpGet("{id}/details")]
|
||||
public async Task<CollectionAccessDetailsResponseModel> GetDetails(Guid orgId, Guid id)
|
||||
{
|
||||
if (FlexibleCollectionsIsEnabled)
|
||||
if (await FlexibleCollectionsIsEnabledAsync(orgId))
|
||||
{
|
||||
// New flexible collections logic
|
||||
return await GetDetails_vNext(id);
|
||||
@ -104,7 +102,7 @@ public class CollectionsController : Controller
|
||||
else
|
||||
{
|
||||
(var collection, var access) = await _collectionRepository.GetByIdWithAccessAsync(id,
|
||||
_currentContext.UserId.Value, FlexibleCollectionsIsEnabled);
|
||||
_currentContext.UserId.Value, false);
|
||||
if (collection == null || collection.OrganizationId != orgId)
|
||||
{
|
||||
throw new NotFoundException();
|
||||
@ -117,7 +115,7 @@ public class CollectionsController : Controller
|
||||
[HttpGet("details")]
|
||||
public async Task<ListResponseModel<CollectionAccessDetailsResponseModel>> GetManyWithDetails(Guid orgId)
|
||||
{
|
||||
if (FlexibleCollectionsIsEnabled)
|
||||
if (await FlexibleCollectionsIsEnabledAsync(orgId))
|
||||
{
|
||||
// New flexible collections logic
|
||||
return await GetManyWithDetails_vNext(orgId);
|
||||
@ -132,7 +130,7 @@ public class CollectionsController : Controller
|
||||
// We always need to know which collections the current user is assigned to
|
||||
var assignedOrgCollections =
|
||||
await _collectionRepository.GetManyByUserIdWithAccessAsync(_currentContext.UserId.Value, orgId,
|
||||
FlexibleCollectionsIsEnabled);
|
||||
false);
|
||||
|
||||
if (await _currentContext.ViewAllCollections(orgId) || await _currentContext.ManageUsers(orgId))
|
||||
{
|
||||
@ -159,7 +157,7 @@ public class CollectionsController : Controller
|
||||
[HttpGet("")]
|
||||
public async Task<ListResponseModel<CollectionResponseModel>> Get(Guid orgId)
|
||||
{
|
||||
if (FlexibleCollectionsIsEnabled)
|
||||
if (await FlexibleCollectionsIsEnabledAsync(orgId))
|
||||
{
|
||||
// New flexible collections logic
|
||||
return await GetByOrgId_vNext(orgId);
|
||||
@ -191,7 +189,7 @@ public class CollectionsController : Controller
|
||||
public async Task<ListResponseModel<CollectionDetailsResponseModel>> GetUser()
|
||||
{
|
||||
var collections = await _collectionRepository.GetManyByUserIdAsync(
|
||||
_userService.GetProperUserId(User).Value, FlexibleCollectionsIsEnabled);
|
||||
_userService.GetProperUserId(User).Value, false);
|
||||
var responses = collections.Select(c => new CollectionDetailsResponseModel(c));
|
||||
return new ListResponseModel<CollectionDetailsResponseModel>(responses);
|
||||
}
|
||||
@ -199,7 +197,7 @@ public class CollectionsController : Controller
|
||||
[HttpGet("{id}/users")]
|
||||
public async Task<IEnumerable<SelectionReadOnlyResponseModel>> GetUsers(Guid orgId, Guid id)
|
||||
{
|
||||
if (FlexibleCollectionsIsEnabled)
|
||||
if (await FlexibleCollectionsIsEnabledAsync(orgId))
|
||||
{
|
||||
// New flexible collections logic
|
||||
return await GetUsers_vNext(id);
|
||||
@ -217,7 +215,8 @@ public class CollectionsController : Controller
|
||||
{
|
||||
var collection = model.ToCollection(orgId);
|
||||
|
||||
var authorized = FlexibleCollectionsIsEnabled
|
||||
var flexibleCollectionsIsEnabled = await FlexibleCollectionsIsEnabledAsync(orgId);
|
||||
var authorized = flexibleCollectionsIsEnabled
|
||||
? (await _authorizationService.AuthorizeAsync(User, collection, BulkCollectionOperations.Create)).Succeeded
|
||||
: await CanCreateCollection(orgId, collection.Id) || await CanEditCollectionAsync(orgId, collection.Id);
|
||||
if (!authorized)
|
||||
@ -230,7 +229,7 @@ public class CollectionsController : Controller
|
||||
|
||||
// Pre-flexible collections logic assigned Managers to collections they create
|
||||
var assignUserToCollection =
|
||||
!FlexibleCollectionsIsEnabled &&
|
||||
!flexibleCollectionsIsEnabled &&
|
||||
!await _currentContext.EditAnyCollection(orgId) &&
|
||||
await _currentContext.EditAssignedCollections(orgId);
|
||||
var isNewCollection = collection.Id == default;
|
||||
@ -258,7 +257,7 @@ public class CollectionsController : Controller
|
||||
[HttpPost("{id}")]
|
||||
public async Task<CollectionResponseModel> Put(Guid orgId, Guid id, [FromBody] CollectionRequestModel model)
|
||||
{
|
||||
if (FlexibleCollectionsIsEnabled)
|
||||
if (await FlexibleCollectionsIsEnabledAsync(orgId))
|
||||
{
|
||||
// New flexible collections logic
|
||||
return await Put_vNext(id, model);
|
||||
@ -280,7 +279,7 @@ public class CollectionsController : Controller
|
||||
[HttpPut("{id}/users")]
|
||||
public async Task PutUsers(Guid orgId, Guid id, [FromBody] IEnumerable<SelectionReadOnlyRequestModel> model)
|
||||
{
|
||||
if (FlexibleCollectionsIsEnabled)
|
||||
if (await FlexibleCollectionsIsEnabledAsync(orgId))
|
||||
{
|
||||
// New flexible collections logic
|
||||
await PutUsers_vNext(id, model);
|
||||
@ -299,14 +298,17 @@ public class CollectionsController : Controller
|
||||
|
||||
[HttpPost("bulk-access")]
|
||||
[RequireFeature(FeatureFlagKeys.BulkCollectionAccess)]
|
||||
// Also gated behind Flexible Collections flag because it only has new authorization logic.
|
||||
// Could be removed if legacy authorization logic were implemented for many collections.
|
||||
[RequireFeature(FeatureFlagKeys.FlexibleCollections)]
|
||||
public async Task PostBulkCollectionAccess([FromBody] BulkCollectionAccessRequestModel model)
|
||||
public async Task PostBulkCollectionAccess(Guid orgId, [FromBody] BulkCollectionAccessRequestModel model)
|
||||
{
|
||||
var collections = await _collectionRepository.GetManyByManyIdsAsync(model.CollectionIds);
|
||||
// Authorization logic assumes flexible collections is enabled
|
||||
// Remove after all organizations have been migrated
|
||||
if (!await FlexibleCollectionsIsEnabledAsync(orgId))
|
||||
{
|
||||
throw new NotFoundException("Feature disabled.");
|
||||
}
|
||||
|
||||
if (collections.Count != model.CollectionIds.Count())
|
||||
var collections = await _collectionRepository.GetManyByManyIdsAsync(model.CollectionIds);
|
||||
if (collections.Count(c => c.OrganizationId == orgId) != model.CollectionIds.Count())
|
||||
{
|
||||
throw new NotFoundException("One or more collections not found.");
|
||||
}
|
||||
@ -328,7 +330,7 @@ public class CollectionsController : Controller
|
||||
[HttpPost("{id}/delete")]
|
||||
public async Task Delete(Guid orgId, Guid id)
|
||||
{
|
||||
if (FlexibleCollectionsIsEnabled)
|
||||
if (await FlexibleCollectionsIsEnabledAsync(orgId))
|
||||
{
|
||||
// New flexible collections logic
|
||||
await Delete_vNext(id);
|
||||
@ -349,7 +351,7 @@ public class CollectionsController : Controller
|
||||
[HttpPost("delete")]
|
||||
public async Task DeleteMany(Guid orgId, [FromBody] CollectionBulkDeleteRequestModel model)
|
||||
{
|
||||
if (FlexibleCollectionsIsEnabled)
|
||||
if (await FlexibleCollectionsIsEnabledAsync(orgId))
|
||||
{
|
||||
// New flexible collections logic
|
||||
var collections = await _collectionRepository.GetManyByManyIdsAsync(model.Ids);
|
||||
@ -385,7 +387,7 @@ public class CollectionsController : Controller
|
||||
[HttpPost("{id}/delete-user/{orgUserId}")]
|
||||
public async Task DeleteUser(Guid orgId, Guid id, Guid orgUserId)
|
||||
{
|
||||
if (FlexibleCollectionsIsEnabled)
|
||||
if (await FlexibleCollectionsIsEnabledAsync(orgId))
|
||||
{
|
||||
// New flexible collections logic
|
||||
await DeleteUser_vNext(id, orgUserId);
|
||||
@ -397,19 +399,9 @@ public class CollectionsController : Controller
|
||||
await _collectionService.DeleteUserAsync(collection, orgUserId);
|
||||
}
|
||||
|
||||
private void DeprecatedPermissionsGuard()
|
||||
{
|
||||
if (FlexibleCollectionsIsEnabled)
|
||||
{
|
||||
throw new FeatureUnavailableException("Flexible Collections is ON when it should be OFF.");
|
||||
}
|
||||
}
|
||||
|
||||
[Obsolete("Pre-Flexible Collections logic. Will be replaced by CollectionsAuthorizationHandler.")]
|
||||
private async Task<Collection> GetCollectionAsync(Guid id, Guid orgId)
|
||||
{
|
||||
DeprecatedPermissionsGuard();
|
||||
|
||||
Collection collection = default;
|
||||
if (await _currentContext.ViewAllCollections(orgId))
|
||||
{
|
||||
@ -417,7 +409,7 @@ public class CollectionsController : Controller
|
||||
}
|
||||
else if (await _currentContext.ViewAssignedCollections(orgId))
|
||||
{
|
||||
collection = await _collectionRepository.GetByIdAsync(id, _currentContext.UserId.Value, FlexibleCollectionsIsEnabled);
|
||||
collection = await _collectionRepository.GetByIdAsync(id, _currentContext.UserId.Value, false);
|
||||
}
|
||||
|
||||
if (collection == null || collection.OrganizationId != orgId)
|
||||
@ -431,8 +423,6 @@ public class CollectionsController : Controller
|
||||
[Obsolete("Pre-Flexible Collections logic. Will be replaced by CollectionsAuthorizationHandler.")]
|
||||
private async Task<bool> CanCreateCollection(Guid orgId, Guid collectionId)
|
||||
{
|
||||
DeprecatedPermissionsGuard();
|
||||
|
||||
if (collectionId != default)
|
||||
{
|
||||
return false;
|
||||
@ -445,8 +435,6 @@ public class CollectionsController : Controller
|
||||
[Obsolete("Pre-Flexible Collections logic. Will be replaced by CollectionsAuthorizationHandler.")]
|
||||
private async Task<bool> CanEditCollectionAsync(Guid orgId, Guid collectionId)
|
||||
{
|
||||
DeprecatedPermissionsGuard();
|
||||
|
||||
if (collectionId == default)
|
||||
{
|
||||
return false;
|
||||
@ -460,7 +448,7 @@ public class CollectionsController : Controller
|
||||
if (await _currentContext.EditAssignedCollections(orgId))
|
||||
{
|
||||
var collectionDetails =
|
||||
await _collectionRepository.GetByIdAsync(collectionId, _currentContext.UserId.Value, FlexibleCollectionsIsEnabled);
|
||||
await _collectionRepository.GetByIdAsync(collectionId, _currentContext.UserId.Value, false);
|
||||
return collectionDetails != null;
|
||||
}
|
||||
|
||||
@ -470,8 +458,6 @@ public class CollectionsController : Controller
|
||||
[Obsolete("Pre-Flexible Collections logic. Will be replaced by CollectionsAuthorizationHandler.")]
|
||||
private async Task<bool> CanDeleteCollectionAsync(Guid orgId, Guid collectionId)
|
||||
{
|
||||
DeprecatedPermissionsGuard();
|
||||
|
||||
if (collectionId == default)
|
||||
{
|
||||
return false;
|
||||
@ -485,7 +471,7 @@ public class CollectionsController : Controller
|
||||
if (await _currentContext.DeleteAssignedCollections(orgId))
|
||||
{
|
||||
var collectionDetails =
|
||||
await _collectionRepository.GetByIdAsync(collectionId, _currentContext.UserId.Value, FlexibleCollectionsIsEnabled);
|
||||
await _collectionRepository.GetByIdAsync(collectionId, _currentContext.UserId.Value, false);
|
||||
return collectionDetails != null;
|
||||
}
|
||||
|
||||
@ -495,8 +481,6 @@ public class CollectionsController : Controller
|
||||
[Obsolete("Pre-Flexible Collections logic. Will be replaced by CollectionsAuthorizationHandler.")]
|
||||
private async Task<bool> DeleteAnyCollection(Guid orgId)
|
||||
{
|
||||
DeprecatedPermissionsGuard();
|
||||
|
||||
return await _currentContext.OrganizationAdmin(orgId) ||
|
||||
(_currentContext.Organizations?.Any(o => o.Id == orgId
|
||||
&& (o.Permissions?.DeleteAnyCollection ?? false)) ?? false);
|
||||
@ -505,8 +489,6 @@ public class CollectionsController : Controller
|
||||
[Obsolete("Pre-Flexible Collections logic. Will be replaced by CollectionsAuthorizationHandler.")]
|
||||
private async Task<bool> CanViewCollectionAsync(Guid orgId, Guid collectionId)
|
||||
{
|
||||
DeprecatedPermissionsGuard();
|
||||
|
||||
if (collectionId == default)
|
||||
{
|
||||
return false;
|
||||
@ -520,7 +502,7 @@ public class CollectionsController : Controller
|
||||
if (await _currentContext.ViewAssignedCollections(orgId))
|
||||
{
|
||||
var collectionDetails =
|
||||
await _collectionRepository.GetByIdAsync(collectionId, _currentContext.UserId.Value, FlexibleCollectionsIsEnabled);
|
||||
await _collectionRepository.GetByIdAsync(collectionId, _currentContext.UserId.Value, false);
|
||||
return collectionDetails != null;
|
||||
}
|
||||
|
||||
@ -530,8 +512,6 @@ public class CollectionsController : Controller
|
||||
[Obsolete("Pre-Flexible Collections logic. Will be replaced by CollectionsAuthorizationHandler.")]
|
||||
private async Task<bool> ViewAtLeastOneCollectionAsync(Guid orgId)
|
||||
{
|
||||
DeprecatedPermissionsGuard();
|
||||
|
||||
return await _currentContext.ViewAllCollections(orgId) || await _currentContext.ViewAssignedCollections(orgId);
|
||||
}
|
||||
|
||||
@ -564,7 +544,7 @@ public class CollectionsController : Controller
|
||||
{
|
||||
// We always need to know which collections the current user is assigned to
|
||||
var assignedOrgCollections = await _collectionRepository
|
||||
.GetManyByUserIdWithAccessAsync(_currentContext.UserId.Value, orgId, FlexibleCollectionsIsEnabled);
|
||||
.GetManyByUserIdWithAccessAsync(_currentContext.UserId.Value, orgId, false);
|
||||
|
||||
var readAllAuthorized =
|
||||
(await _authorizationService.AuthorizeAsync(User, CollectionOperations.ReadAllWithAccess(orgId))).Succeeded;
|
||||
@ -604,7 +584,7 @@ public class CollectionsController : Controller
|
||||
}
|
||||
else
|
||||
{
|
||||
var assignedCollections = await _collectionRepository.GetManyByUserIdAsync(_currentContext.UserId.Value, FlexibleCollectionsIsEnabled);
|
||||
var assignedCollections = await _collectionRepository.GetManyByUserIdAsync(_currentContext.UserId.Value, false);
|
||||
orgCollections = assignedCollections.Where(c => c.OrganizationId == orgId && c.Manage).ToList();
|
||||
}
|
||||
|
||||
@ -676,4 +656,10 @@ public class CollectionsController : Controller
|
||||
|
||||
await _collectionService.DeleteUserAsync(collection, orgUserId);
|
||||
}
|
||||
|
||||
private async Task<bool> FlexibleCollectionsIsEnabledAsync(Guid organizationId)
|
||||
{
|
||||
var organizationAbility = await _applicationCacheService.GetOrganizationAbilityAsync(organizationId);
|
||||
return organizationAbility?.FlexibleCollections ?? false;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,5 +1,4 @@
|
||||
#nullable enable
|
||||
using Bit.Core;
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Enums;
|
||||
@ -20,33 +19,22 @@ public class BulkCollectionAuthorizationHandler : BulkAuthorizationHandler<BulkC
|
||||
{
|
||||
private readonly ICurrentContext _currentContext;
|
||||
private readonly ICollectionRepository _collectionRepository;
|
||||
private readonly IFeatureService _featureService;
|
||||
private readonly IApplicationCacheService _applicationCacheService;
|
||||
private Guid _targetOrganizationId;
|
||||
|
||||
private bool FlexibleCollectionsIsEnabled => _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext);
|
||||
|
||||
public BulkCollectionAuthorizationHandler(
|
||||
ICurrentContext currentContext,
|
||||
ICollectionRepository collectionRepository,
|
||||
IFeatureService featureService,
|
||||
IApplicationCacheService applicationCacheService)
|
||||
{
|
||||
_currentContext = currentContext;
|
||||
_collectionRepository = collectionRepository;
|
||||
_featureService = featureService;
|
||||
_applicationCacheService = applicationCacheService;
|
||||
}
|
||||
|
||||
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context,
|
||||
BulkCollectionOperationRequirement requirement, ICollection<Collection>? resources)
|
||||
{
|
||||
if (!FlexibleCollectionsIsEnabled)
|
||||
{
|
||||
// Flexible collections is OFF, should not be using this handler
|
||||
throw new FeatureUnavailableException("Flexible collections is OFF when it should be ON.");
|
||||
}
|
||||
|
||||
// Establish pattern of authorization handler null checking passed resources
|
||||
if (resources == null || !resources.Any())
|
||||
{
|
||||
@ -281,9 +269,6 @@ public class BulkCollectionAuthorizationHandler : BulkAuthorizationHandler<BulkC
|
||||
return null;
|
||||
}
|
||||
|
||||
(await _applicationCacheService.GetOrganizationAbilitiesAsync())
|
||||
.TryGetValue(organization.Id, out var organizationAbility);
|
||||
|
||||
return organizationAbility;
|
||||
return await _applicationCacheService.GetOrganizationAbilityAsync(organization.Id);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,8 +1,6 @@
|
||||
#nullable enable
|
||||
using Bit.Core;
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.Services;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
|
||||
@ -17,8 +15,6 @@ public class CollectionAuthorizationHandler : AuthorizationHandler<CollectionOpe
|
||||
private readonly ICurrentContext _currentContext;
|
||||
private readonly IFeatureService _featureService;
|
||||
|
||||
private bool FlexibleCollectionsIsEnabled => _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext);
|
||||
|
||||
public CollectionAuthorizationHandler(
|
||||
ICurrentContext currentContext,
|
||||
IFeatureService featureService)
|
||||
@ -30,12 +26,6 @@ public class CollectionAuthorizationHandler : AuthorizationHandler<CollectionOpe
|
||||
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context,
|
||||
CollectionOperationRequirement requirement)
|
||||
{
|
||||
if (!FlexibleCollectionsIsEnabled)
|
||||
{
|
||||
// Flexible collections is OFF, should not be using this handler
|
||||
throw new FeatureUnavailableException("Flexible collections is OFF when it should be ON.");
|
||||
}
|
||||
|
||||
// Acting user is not authenticated, fail
|
||||
if (!_currentContext.UserId.HasValue)
|
||||
{
|
||||
|
||||
@ -1,8 +1,6 @@
|
||||
#nullable enable
|
||||
using Bit.Core;
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.Models.Data.Organizations;
|
||||
using Bit.Core.Services;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
@ -19,8 +17,6 @@ public class GroupAuthorizationHandler : AuthorizationHandler<GroupOperationRequ
|
||||
private readonly IFeatureService _featureService;
|
||||
private readonly IApplicationCacheService _applicationCacheService;
|
||||
|
||||
private bool FlexibleCollectionsIsEnabled => _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext);
|
||||
|
||||
public GroupAuthorizationHandler(
|
||||
ICurrentContext currentContext,
|
||||
IFeatureService featureService,
|
||||
@ -34,12 +30,6 @@ public class GroupAuthorizationHandler : AuthorizationHandler<GroupOperationRequ
|
||||
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context,
|
||||
GroupOperationRequirement requirement)
|
||||
{
|
||||
if (!FlexibleCollectionsIsEnabled)
|
||||
{
|
||||
// Flexible collections is OFF, should not be using this handler
|
||||
throw new FeatureUnavailableException("Flexible collections is OFF when it should be ON.");
|
||||
}
|
||||
|
||||
// Acting user is not authenticated, fail
|
||||
if (!_currentContext.UserId.HasValue)
|
||||
{
|
||||
@ -103,9 +93,6 @@ public class GroupAuthorizationHandler : AuthorizationHandler<GroupOperationRequ
|
||||
return null;
|
||||
}
|
||||
|
||||
(await _applicationCacheService.GetOrganizationAbilitiesAsync())
|
||||
.TryGetValue(organization.Id, out var organizationAbility);
|
||||
|
||||
return organizationAbility;
|
||||
return await _applicationCacheService.GetOrganizationAbilityAsync(organization.Id);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,8 +1,6 @@
|
||||
#nullable enable
|
||||
using Bit.Core;
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.Models.Data.Organizations;
|
||||
using Bit.Core.Services;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
@ -19,8 +17,6 @@ public class OrganizationUserAuthorizationHandler : AuthorizationHandler<Organiz
|
||||
private readonly IFeatureService _featureService;
|
||||
private readonly IApplicationCacheService _applicationCacheService;
|
||||
|
||||
private bool FlexibleCollectionsIsEnabled => _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext);
|
||||
|
||||
public OrganizationUserAuthorizationHandler(
|
||||
ICurrentContext currentContext,
|
||||
IFeatureService featureService,
|
||||
@ -34,12 +30,6 @@ public class OrganizationUserAuthorizationHandler : AuthorizationHandler<Organiz
|
||||
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context,
|
||||
OrganizationUserOperationRequirement requirement)
|
||||
{
|
||||
if (!FlexibleCollectionsIsEnabled)
|
||||
{
|
||||
// Flexible collections is OFF, should not be using this handler
|
||||
throw new FeatureUnavailableException("Flexible collections is OFF when it should be ON.");
|
||||
}
|
||||
|
||||
if (!_currentContext.UserId.HasValue)
|
||||
{
|
||||
context.Fail();
|
||||
@ -103,9 +93,6 @@ public class OrganizationUserAuthorizationHandler : AuthorizationHandler<Organiz
|
||||
return null;
|
||||
}
|
||||
|
||||
(await _applicationCacheService.GetOrganizationAbilitiesAsync())
|
||||
.TryGetValue(organization.Id, out var organizationAbility);
|
||||
|
||||
return organizationAbility;
|
||||
return await _applicationCacheService.GetOrganizationAbilityAsync(organization.Id);
|
||||
}
|
||||
}
|
||||
|
||||
@ -241,11 +241,13 @@ public class Organization : ITableObject<Guid>, ISubscriber, IStorable, IStorabl
|
||||
return providers[provider];
|
||||
}
|
||||
|
||||
public void UpdateFromLicense(
|
||||
OrganizationLicense license,
|
||||
bool flexibleCollectionsMvpIsEnabled,
|
||||
bool flexibleCollectionsV1IsEnabled)
|
||||
public void UpdateFromLicense(OrganizationLicense license)
|
||||
{
|
||||
// The following properties are intentionally excluded from being updated:
|
||||
// - Id - self-hosted org will have its own unique Guid
|
||||
// - MaxStorageGb - not enforced for self-hosted because we're not providing the storage
|
||||
// - FlexibleCollections - the self-hosted organization must do its own data migration to set this property, it cannot be updated from cloud
|
||||
|
||||
Name = license.Name;
|
||||
BusinessName = license.BusinessName;
|
||||
BillingEmail = license.BillingEmail;
|
||||
@ -275,7 +277,7 @@ public class Organization : ITableObject<Guid>, ISubscriber, IStorable, IStorabl
|
||||
UseSecretsManager = license.UseSecretsManager;
|
||||
SmSeats = license.SmSeats;
|
||||
SmServiceAccounts = license.SmServiceAccounts;
|
||||
LimitCollectionCreationDeletion = !flexibleCollectionsMvpIsEnabled || license.LimitCollectionCreationDeletion;
|
||||
AllowAdminAccessToAllCollectionItems = !flexibleCollectionsV1IsEnabled || license.AllowAdminAccessToAllCollectionItems;
|
||||
LimitCollectionCreationDeletion = license.LimitCollectionCreationDeletion;
|
||||
AllowAdminAccessToAllCollectionItems = license.AllowAdminAccessToAllCollectionItems;
|
||||
}
|
||||
}
|
||||
|
||||
@ -145,7 +145,8 @@ public class SelfHostedOrganizationDetails : Organization
|
||||
MaxAutoscaleSeats = MaxAutoscaleSeats,
|
||||
OwnersNotifiedOfAutoscaling = OwnersNotifiedOfAutoscaling,
|
||||
LimitCollectionCreationDeletion = LimitCollectionCreationDeletion,
|
||||
AllowAdminAccessToAllCollectionItems = AllowAdminAccessToAllCollectionItems
|
||||
AllowAdminAccessToAllCollectionItems = AllowAdminAccessToAllCollectionItems,
|
||||
FlexibleCollections = FlexibleCollections
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
@ -65,8 +65,6 @@ public class OrganizationService : IOrganizationService
|
||||
private readonly IDataProtectorTokenFactory<OrgUserInviteTokenable> _orgUserInviteTokenDataFactory;
|
||||
private readonly IFeatureService _featureService;
|
||||
|
||||
private bool FlexibleCollectionsIsEnabled => _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext);
|
||||
|
||||
public OrganizationService(
|
||||
IOrganizationRepository organizationRepository,
|
||||
IOrganizationUserRepository organizationUserRepository,
|
||||
@ -418,6 +416,9 @@ public class OrganizationService : IOrganizationService
|
||||
}
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Create a new organization in a cloud environment
|
||||
/// </summary>
|
||||
public async Task<Tuple<Organization, OrganizationUser>> SignUpAsync(OrganizationSignup signup,
|
||||
bool provider = false)
|
||||
{
|
||||
@ -440,8 +441,9 @@ public class OrganizationService : IOrganizationService
|
||||
await ValidateSignUpPoliciesAsync(signup.Owner.Id);
|
||||
}
|
||||
|
||||
var flexibleCollectionsIsEnabled =
|
||||
_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext);
|
||||
var flexibleCollectionsSignupEnabled =
|
||||
_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsSignup, _currentContext);
|
||||
|
||||
var flexibleCollectionsV1IsEnabled =
|
||||
_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1, _currentContext);
|
||||
|
||||
@ -482,7 +484,15 @@ public class OrganizationService : IOrganizationService
|
||||
Status = OrganizationStatusType.Created,
|
||||
UsePasswordManager = true,
|
||||
UseSecretsManager = signup.UseSecretsManager,
|
||||
LimitCollectionCreationDeletion = !flexibleCollectionsIsEnabled,
|
||||
|
||||
// This feature flag indicates that new organizations should be automatically onboarded to
|
||||
// Flexible Collections enhancements
|
||||
FlexibleCollections = flexibleCollectionsSignupEnabled,
|
||||
|
||||
// These collection management settings smooth the migration for existing organizations by disabling some FC behavior.
|
||||
// If the organization is onboarded to Flexible Collections on signup, we turn them OFF to enable all new behaviour.
|
||||
// If the organization is NOT onboarded now, they will have to be migrated later, so they default to ON to limit FC changes on migration.
|
||||
LimitCollectionCreationDeletion = !flexibleCollectionsSignupEnabled,
|
||||
AllowAdminAccessToAllCollectionItems = !flexibleCollectionsV1IsEnabled
|
||||
};
|
||||
|
||||
@ -534,6 +544,9 @@ public class OrganizationService : IOrganizationService
|
||||
}
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Create a new organization on a self-hosted instance
|
||||
/// </summary>
|
||||
public async Task<Tuple<Organization, OrganizationUser>> SignUpAsync(
|
||||
OrganizationLicense license, User owner, string ownerKey, string collectionName, string publicKey,
|
||||
string privateKey)
|
||||
@ -558,10 +571,8 @@ public class OrganizationService : IOrganizationService
|
||||
|
||||
await ValidateSignUpPoliciesAsync(owner.Id);
|
||||
|
||||
var flexibleCollectionsMvpIsEnabled =
|
||||
_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext);
|
||||
var flexibleCollectionsV1IsEnabled =
|
||||
_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1, _currentContext);
|
||||
var flexibleCollectionsSignupEnabled =
|
||||
_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsSignup, _currentContext);
|
||||
|
||||
var organization = new Organization
|
||||
{
|
||||
@ -603,8 +614,12 @@ public class OrganizationService : IOrganizationService
|
||||
UseSecretsManager = license.UseSecretsManager,
|
||||
SmSeats = license.SmSeats,
|
||||
SmServiceAccounts = license.SmServiceAccounts,
|
||||
LimitCollectionCreationDeletion = !flexibleCollectionsMvpIsEnabled || license.LimitCollectionCreationDeletion,
|
||||
AllowAdminAccessToAllCollectionItems = !flexibleCollectionsV1IsEnabled || license.AllowAdminAccessToAllCollectionItems
|
||||
LimitCollectionCreationDeletion = license.LimitCollectionCreationDeletion,
|
||||
AllowAdminAccessToAllCollectionItems = license.AllowAdminAccessToAllCollectionItems,
|
||||
|
||||
// This feature flag indicates that new organizations should be automatically onboarded to
|
||||
// Flexible Collections enhancements
|
||||
FlexibleCollections = flexibleCollectionsSignupEnabled,
|
||||
};
|
||||
|
||||
var result = await SignUpAsync(organization, owner.Id, ownerKey, collectionName, false);
|
||||
@ -616,6 +631,10 @@ public class OrganizationService : IOrganizationService
|
||||
return result;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Private helper method to create a new organization.
|
||||
/// This is common code used by both the cloud and self-hosted methods.
|
||||
/// </summary>
|
||||
private async Task<Tuple<Organization, OrganizationUser>> SignUpAsync(Organization organization,
|
||||
Guid ownerId, string ownerKey, string collectionName, bool withPayment)
|
||||
{
|
||||
@ -829,6 +848,7 @@ public class OrganizationService : IOrganizationService
|
||||
{
|
||||
var inviteTypes = new HashSet<OrganizationUserType>(invites.Where(i => i.invite.Type.HasValue)
|
||||
.Select(i => i.invite.Type.Value));
|
||||
|
||||
if (invitingUserId.HasValue && inviteTypes.Count > 0)
|
||||
{
|
||||
foreach (var (invite, _) in invites)
|
||||
@ -2008,7 +2028,11 @@ public class OrganizationService : IOrganizationService
|
||||
throw new BadRequestException("Custom users can only grant the same custom permissions that they have.");
|
||||
}
|
||||
|
||||
if (FlexibleCollectionsIsEnabled && newType == OrganizationUserType.Manager && oldType is not OrganizationUserType.Manager)
|
||||
// TODO: pass in the whole organization object when this is refactored into a command/query
|
||||
// See AC-2036
|
||||
var organizationAbility = await _applicationCacheService.GetOrganizationAbilityAsync(organizationId);
|
||||
var flexibleCollectionsEnabled = organizationAbility?.FlexibleCollections ?? false;
|
||||
if (flexibleCollectionsEnabled && newType == OrganizationUserType.Manager && oldType is not OrganizationUserType.Manager)
|
||||
{
|
||||
throw new BadRequestException("Manager role is deprecated after Flexible Collections.");
|
||||
}
|
||||
|
||||
@ -96,12 +96,17 @@ public static class FeatureFlagKeys
|
||||
public const string VaultOnboarding = "vault-onboarding";
|
||||
public const string AutofillV2 = "autofill-v2";
|
||||
public const string BrowserFilelessImport = "browser-fileless-import";
|
||||
public const string FlexibleCollections = "flexible-collections";
|
||||
/// <summary>
|
||||
/// Deprecated - never used, do not use. Will always default to false. Will be deleted as part of Flexible Collections cleanup
|
||||
/// </summary>
|
||||
public const string FlexibleCollections = "flexible-collections-disabled-do-not-use";
|
||||
public const string FlexibleCollectionsV1 = "flexible-collections-v-1"; // v-1 is intentional
|
||||
public const string BulkCollectionAccess = "bulk-collection-access";
|
||||
public const string AutofillOverlay = "autofill-overlay";
|
||||
public const string ItemShare = "item-share";
|
||||
public const string KeyRotationImprovements = "key-rotation-improvements";
|
||||
public const string FlexibleCollectionsMigration = "flexible-collections-migration";
|
||||
public const string FlexibleCollectionsSignup = "flexible-collections-signup";
|
||||
|
||||
public static List<string> GetAllKeys()
|
||||
{
|
||||
|
||||
@ -5,7 +5,6 @@ using Bit.Core.AdminConsole.Models.Data.Provider;
|
||||
using Bit.Core.AdminConsole.Repositories;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.Identity;
|
||||
using Bit.Core.Models.Data;
|
||||
using Bit.Core.Repositories;
|
||||
@ -26,8 +25,6 @@ public class CurrentContext : ICurrentContext
|
||||
private IEnumerable<ProviderOrganizationProviderDetails> _providerOrganizationProviderDetails;
|
||||
private IEnumerable<ProviderUserOrganizationDetails> _providerUserOrganizations;
|
||||
|
||||
private bool FlexibleCollectionsIsEnabled => _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, this);
|
||||
|
||||
public virtual HttpContext HttpContext { get; set; }
|
||||
public virtual Guid? UserId { get; set; }
|
||||
public virtual User User { get; set; }
|
||||
@ -283,11 +280,6 @@ public class CurrentContext : ICurrentContext
|
||||
|
||||
public async Task<bool> OrganizationManager(Guid orgId)
|
||||
{
|
||||
if (FlexibleCollectionsIsEnabled)
|
||||
{
|
||||
throw new FeatureUnavailableException("Flexible Collections is ON when it should be OFF.");
|
||||
}
|
||||
|
||||
return await OrganizationAdmin(orgId) ||
|
||||
(Organizations?.Any(o => o.Id == orgId && o.Type == OrganizationUserType.Manager) ?? false);
|
||||
}
|
||||
@ -350,22 +342,12 @@ public class CurrentContext : ICurrentContext
|
||||
|
||||
public async Task<bool> EditAssignedCollections(Guid orgId)
|
||||
{
|
||||
if (FlexibleCollectionsIsEnabled)
|
||||
{
|
||||
throw new FeatureUnavailableException("Flexible Collections is ON when it should be OFF.");
|
||||
}
|
||||
|
||||
return await OrganizationManager(orgId) || (Organizations?.Any(o => o.Id == orgId
|
||||
&& (o.Permissions?.EditAssignedCollections ?? false)) ?? false);
|
||||
}
|
||||
|
||||
public async Task<bool> DeleteAssignedCollections(Guid orgId)
|
||||
{
|
||||
if (FlexibleCollectionsIsEnabled)
|
||||
{
|
||||
throw new FeatureUnavailableException("Flexible Collections is ON when it should be OFF.");
|
||||
}
|
||||
|
||||
return await OrganizationManager(orgId) || (Organizations?.Any(o => o.Id == orgId
|
||||
&& (o.Permissions?.DeleteAssignedCollections ?? false)) ?? false);
|
||||
}
|
||||
@ -378,11 +360,6 @@ public class CurrentContext : ICurrentContext
|
||||
* This entire method will be moved to the CollectionAuthorizationHandler in the future
|
||||
*/
|
||||
|
||||
if (FlexibleCollectionsIsEnabled)
|
||||
{
|
||||
throw new FeatureUnavailableException("Flexible Collections is ON when it should be OFF.");
|
||||
}
|
||||
|
||||
var org = GetOrganization(orgId);
|
||||
return await EditAssignedCollections(orgId)
|
||||
|| await DeleteAssignedCollections(orgId)
|
||||
|
||||
@ -2,7 +2,6 @@
|
||||
|
||||
using System.Text.Json;
|
||||
using Bit.Core.AdminConsole.Entities;
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.Models.Business;
|
||||
using Bit.Core.Models.Data.Organizations;
|
||||
@ -18,21 +17,15 @@ public class UpdateOrganizationLicenseCommand : IUpdateOrganizationLicenseComman
|
||||
private readonly ILicensingService _licensingService;
|
||||
private readonly IGlobalSettings _globalSettings;
|
||||
private readonly IOrganizationService _organizationService;
|
||||
private readonly IFeatureService _featureService;
|
||||
private readonly ICurrentContext _currentContext;
|
||||
|
||||
public UpdateOrganizationLicenseCommand(
|
||||
ILicensingService licensingService,
|
||||
IGlobalSettings globalSettings,
|
||||
IOrganizationService organizationService,
|
||||
IFeatureService featureService,
|
||||
ICurrentContext currentContext)
|
||||
IOrganizationService organizationService)
|
||||
{
|
||||
_licensingService = licensingService;
|
||||
_globalSettings = globalSettings;
|
||||
_organizationService = organizationService;
|
||||
_featureService = featureService;
|
||||
_currentContext = currentContext;
|
||||
}
|
||||
|
||||
public async Task UpdateLicenseAsync(SelfHostedOrganizationDetails selfHostedOrganization,
|
||||
@ -65,10 +58,8 @@ public class UpdateOrganizationLicenseCommand : IUpdateOrganizationLicenseComman
|
||||
|
||||
private async Task UpdateOrganizationAsync(SelfHostedOrganizationDetails selfHostedOrganizationDetails, OrganizationLicense license)
|
||||
{
|
||||
var flexibleCollectionsMvpIsEnabled = _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext);
|
||||
var flexibleCollectionsV1IsEnabled = _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1, _currentContext);
|
||||
var organization = selfHostedOrganizationDetails.ToOrganization();
|
||||
organization.UpdateFromLicense(license, flexibleCollectionsMvpIsEnabled, flexibleCollectionsV1IsEnabled);
|
||||
organization.UpdateFromLicense(license);
|
||||
|
||||
await _organizationService.ReplaceAndUpdateCacheAsync(organization);
|
||||
}
|
||||
|
||||
@ -8,6 +8,9 @@ namespace Bit.Core.Services;
|
||||
public interface IApplicationCacheService
|
||||
{
|
||||
Task<IDictionary<Guid, OrganizationAbility>> GetOrganizationAbilitiesAsync();
|
||||
#nullable enable
|
||||
Task<OrganizationAbility?> GetOrganizationAbilityAsync(Guid orgId);
|
||||
#nullable disable
|
||||
Task<IDictionary<Guid, ProviderAbility>> GetProviderAbilitiesAsync();
|
||||
Task UpsertOrganizationAbilityAsync(Organization organization);
|
||||
Task UpsertProviderAbilityAsync(Provider provider);
|
||||
|
||||
@ -30,6 +30,15 @@ public class InMemoryApplicationCacheService : IApplicationCacheService
|
||||
return _orgAbilities;
|
||||
}
|
||||
|
||||
#nullable enable
|
||||
public async Task<OrganizationAbility?> GetOrganizationAbilityAsync(Guid organizationId)
|
||||
{
|
||||
(await GetOrganizationAbilitiesAsync())
|
||||
.TryGetValue(organizationId, out var organizationAbility);
|
||||
return organizationAbility;
|
||||
}
|
||||
#nullable disable
|
||||
|
||||
public virtual async Task<IDictionary<Guid, ProviderAbility>> GetProviderAbilitiesAsync()
|
||||
{
|
||||
await InitProviderAbilitiesAsync();
|
||||
|
||||
@ -788,7 +788,7 @@ public class CipherService : ICipherService
|
||||
{
|
||||
collection.SetNewId();
|
||||
newCollections.Add(collection);
|
||||
if (UseFlexibleCollections)
|
||||
if (org.FlexibleCollections)
|
||||
{
|
||||
newCollectionUsers.Add(new CollectionUser
|
||||
{
|
||||
|
||||
@ -35,8 +35,6 @@ public class CollectController : Controller
|
||||
_featureService = featureService;
|
||||
}
|
||||
|
||||
bool UseFlexibleCollections => _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext);
|
||||
|
||||
[HttpPost]
|
||||
public async Task<IActionResult> Post([FromBody] IEnumerable<EventModel> model)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user