nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 07:36:14 -05:00
Code Activity

[AC-2027] Update Flexible Collections logic to use organization property (#3644)

Browse Source 
* Update optionality to use org.FlexibleCollections

Also break old feature flag key to ensure it's never enabled

* Add logic to set defaults for collection management setting

* Update optionality logic to use org property

* Add comments

* Add helper method for getting individual orgAbility

* Fix validate user update permissions interface

* Fix tests

* dotnet format

* Fix more tests

* Simplify self-hosted update logic

* Fix mapping

* Use new getOrganizationAbility method

* Refactor invite and save orgUser methods

Pass in whole organization object instead of using OrganizationAbility

* fix CipherService tests

* dotnet format

* Remove manager check to simplify this set of changes

* Misc cleanup before review

* Fix undefined variable

* Refactor bulk-access endpoint to avoid early repo call

* Restore manager check

* Add tests for UpdateOrganizationLicenseCommand

* Add nullable regions

* Delete unused dependency

* dotnet format

* Fix test
This commit is contained in:
Thomas Rittson
2024-01-17 22:33:35 +10:00
committed by GitHub
parent ef37cdc71a
commit 96f9fbb951
27 changed files with 472 additions and 411 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
test/Api.Test/Vault/AuthorizationHandlers/BulkCollectionAuthorizationHandlerTests.cs
View File

@ -1,6 +1,5 @@
using System.Security.Claims;
using Bit.Api.Vault.AuthorizationHandlers.Collections;
using Bit.Core;
using Bit.Core.Context;
using Bit.Core.Entities;
using Bit.Core.Enums;
@ -9,7 +8,6 @@ using Bit.Core.Models.Data;
using Bit.Core.Models.Data.Organizations;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.Core.Test.AutoFixture;
using Bit.Core.Test.Vault.AutoFixture;
using Bit.Test.Common.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
@ -20,7 +18,6 @@ using Xunit;
namespace Bit.Api.Test.Vault.AuthorizationHandlers;
[SutProviderCustomize]
[FeatureServiceCustomize(FeatureFlagKeys.FlexibleCollections)]
public class BulkCollectionAuthorizationHandlerTests
{
[Theory, CollectionCustomization]
@ -35,7 +32,7 @@ public class BulkCollectionAuthorizationHandlerTests
organization.Type = userType;
organization.Permissions = new Permissions();
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
ArrangeOrganizationAbility(sutProvider, organization, true);
var context = new AuthorizationHandlerContext(
new[] { BulkCollectionOperations.Create },
@ -44,7 +41,6 @@ public class BulkCollectionAuthorizationHandlerTests
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
await sutProvider.Sut.HandleAsync(context);
@ -61,7 +57,7 @@ public class BulkCollectionAuthorizationHandlerTests
organization.Type = OrganizationUserType.User;
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, false);
ArrangeOrganizationAbility(sutProvider, organization, false);
var context = new AuthorizationHandlerContext(
new[] { BulkCollectionOperations.Create },
@ -70,7 +66,6 @@ public class BulkCollectionAuthorizationHandlerTests
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
await sutProvider.Sut.HandleAsync(context);
@ -97,7 +92,7 @@ public class BulkCollectionAuthorizationHandlerTests
ManageUsers = false
};
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
ArrangeOrganizationAbility(sutProvider, organization, true);
var context = new AuthorizationHandlerContext(
new[] { BulkCollectionOperations.Create },
@ -106,7 +101,6 @@ public class BulkCollectionAuthorizationHandlerTests
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(Arg.Any<Guid>()).Returns(false);
await sutProvider.Sut.HandleAsync(context);
@ -117,10 +111,12 @@ public class BulkCollectionAuthorizationHandlerTests
[Theory, BitAutoData, CollectionCustomization]
public async Task CanCreateAsync_WhenMissingOrgAccess_NoSuccess(
Guid userId,
ICollection<Collection> collections,
CurrentContextOrganization organization,
List<Collection> collections,
SutProvider<BulkCollectionAuthorizationHandler> sutProvider)
{
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(collections.First().OrganizationId, true);
collections.ForEach(c => c.OrganizationId = organization.Id);
ArrangeOrganizationAbility(sutProvider, organization, true);
var context = new AuthorizationHandlerContext(
new[] { BulkCollectionOperations.Create },
@ -130,7 +126,6 @@ public class BulkCollectionAuthorizationHandlerTests
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
sutProvider.GetDependency<ICurrentContext>().GetOrganization(Arg.Any<Guid>()).Returns((CurrentContextOrganization)null);
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(Arg.Any<Guid>()).Returns(false);
await sutProvider.Sut.HandleAsync(context);
@ -747,7 +742,7 @@ public class BulkCollectionAuthorizationHandlerTests
organization.Type = userType;
organization.Permissions = new Permissions();
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
ArrangeOrganizationAbility(sutProvider, organization, true);
var context = new AuthorizationHandlerContext(
new[] { BulkCollectionOperations.Delete },
@ -756,8 +751,6 @@ public class BulkCollectionAuthorizationHandlerTests
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync()
.Returns(organizationAbilities);
await sutProvider.Sut.HandleAsync(context);
@ -778,7 +771,7 @@ public class BulkCollectionAuthorizationHandlerTests
DeleteAnyCollection = true
};
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
ArrangeOrganizationAbility(sutProvider, organization, true);
var context = new AuthorizationHandlerContext(
new[] { BulkCollectionOperations.Delete },
@ -787,8 +780,6 @@ public class BulkCollectionAuthorizationHandlerTests
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync()
.Returns(organizationAbilities);
await sutProvider.Sut.HandleAsync(context);
@ -806,13 +797,11 @@ public class BulkCollectionAuthorizationHandlerTests
organization.Type = OrganizationUserType.User;
organization.Permissions = new Permissions();
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, false);
ArrangeOrganizationAbility(sutProvider, organization, false);
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
sutProvider.GetDependency<ICollectionRepository>().GetManyByUserIdAsync(actingUserId, Arg.Any<bool>()).Returns(collections);
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync()
.Returns(organizationAbilities);
foreach (var c in collections)
{
@ -849,7 +838,7 @@ public class BulkCollectionAuthorizationHandlerTests
ManageUsers = false
};
var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
ArrangeOrganizationAbility(sutProvider, organization, true);
var context = new AuthorizationHandlerContext(
new[] { BulkCollectionOperations.Delete },
@ -858,8 +847,6 @@ public class BulkCollectionAuthorizationHandlerTests
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync()
.Returns(organizationAbilities);
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(Arg.Any<Guid>()).Returns(false);
await sutProvider.Sut.HandleAsync(context);
@ -981,17 +968,16 @@ public class BulkCollectionAuthorizationHandlerTests
}
}
private static Dictionary<Guid, OrganizationAbility> ArrangeOrganizationAbilitiesDictionary(Guid orgId,
bool limitCollectionCreationDeletion)
private static void ArrangeOrganizationAbility(
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
CurrentContextOrganization organization, bool limitCollectionCreationDeletion)
{
return new Dictionary<Guid, OrganizationAbility>
{
{ orgId,
new OrganizationAbility
{
LimitCollectionCreationDeletion = limitCollectionCreationDeletion
}
}
};
var organizationAbility = new OrganizationAbility();
organizationAbility.Id = organization.Id;
organizationAbility.FlexibleCollections = true;
organizationAbility.LimitCollectionCreationDeletion = limitCollectionCreationDeletion;
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organizationAbility.Id)
.Returns(organizationAbility);
}
}