From 9f938f5efd62faf13bd3f39b633b4059f2d42ba4 Mon Sep 17 00:00:00 2001 From: Addison Beck Date: Wed, 13 Jan 2021 15:14:28 -0500 Subject: [PATCH] Permissions bugs (#1083) * Null checked org invite collections * Null checked permissions on org invite * Gave a static seat count to org invite fixture * Null checked the right way --- .../Models/Business/OrganizationUserInvite.cs | 2 +- .../Implementations/OrganizationService.cs | 10 +++++++--- .../AutoFixture/OrganizationFixtures.cs | 3 ++- .../Services/OrganizationServiceTests.cs | 19 +++++++++++++++++++ 4 files changed, 29 insertions(+), 5 deletions(-) diff --git a/src/Core/Models/Business/OrganizationUserInvite.cs b/src/Core/Models/Business/OrganizationUserInvite.cs index 4eaa575085..e8b490657e 100644 --- a/src/Core/Models/Business/OrganizationUserInvite.cs +++ b/src/Core/Models/Business/OrganizationUserInvite.cs @@ -20,7 +20,7 @@ namespace Bit.Core.Models.Business Emails = requestModel.Emails; Type = requestModel.Type.Value; AccessAll = requestModel.AccessAll; - Collections = requestModel.Collections.Select(c => c.ToSelectionReadOnly()); + Collections = requestModel.Collections?.Select(c => c.ToSelectionReadOnly()); Permissions = requestModel.Permissions; } } diff --git a/src/Core/Services/Implementations/OrganizationService.cs b/src/Core/Services/Implementations/OrganizationService.cs index 0e9a0f152f..23a4fad113 100644 --- a/src/Core/Services/Implementations/OrganizationService.cs +++ b/src/Core/Services/Implementations/OrganizationService.cs @@ -1022,11 +1022,15 @@ namespace Bit.Core.Services ExternalId = externalId, CreationDate = DateTime.UtcNow, RevisionDate = DateTime.UtcNow, - Permissions = System.Text.Json.JsonSerializer.Serialize(invite.Permissions, new JsonSerializerOptions + }; + + if (invite.Permissions != null) + { + orgUser.Permissions = System.Text.Json.JsonSerializer.Serialize(invite.Permissions, new JsonSerializerOptions { PropertyNamingPolicy = JsonNamingPolicy.CamelCase, - }), - }; + }); + } if (!orgUser.AccessAll && invite.Collections.Any()) { diff --git a/test/Core.Test/AutoFixture/OrganizationFixtures.cs b/test/Core.Test/AutoFixture/OrganizationFixtures.cs index 1d8e4db906..a2c4508134 100644 --- a/test/Core.Test/AutoFixture/OrganizationFixtures.cs +++ b/test/Core.Test/AutoFixture/OrganizationFixtures.cs @@ -56,7 +56,8 @@ namespace Bit.Core.Test.AutoFixture.OrganizationFixtures PropertyNamingPolicy = JsonNamingPolicy.CamelCase, }); fixture.Customize(composer => composer - .With(o => o.Id, organizationId)); + .With(o => o.Id, organizationId) + .With(o => o.Seats, (short)100)); fixture.Customize(composer => composer .With(ou => ou.OrganizationId, organizationId) .With(ou => ou.Type, InvitorUserType) diff --git a/test/Core.Test/Services/OrganizationServiceTests.cs b/test/Core.Test/Services/OrganizationServiceTests.cs index 8fbe7cde4b..9fc4f6de09 100644 --- a/test/Core.Test/Services/OrganizationServiceTests.cs +++ b/test/Core.Test/Services/OrganizationServiceTests.cs @@ -296,6 +296,25 @@ namespace Bit.Core.Test.Services Assert.Contains("can not manage admins", exception.Message.ToLowerInvariant()); } + [Theory] + [OrganizationInviteAutoData( + inviteeUserType: (int)OrganizationUserType.User, + invitorUserType: (int)OrganizationUserType.Owner + )] + public async Task InviteUser_NoPermissionsObject_Passes(Organization organization, OrganizationUserInvite invite, + OrganizationUser invitor, SutProvider sutProvider) + { + invite.Permissions = null; + var organizationRepository = sutProvider.GetDependency(); + var organizationUserRepository = sutProvider.GetDependency(); + var eventService = sutProvider.GetDependency(); + + organizationRepository.GetByIdAsync(organization.Id).Returns(organization); + organizationUserRepository.GetManyByUserAsync(invitor.UserId.Value).Returns(new List { invitor }); + + await sutProvider.Sut.InviteUserAsync(organization.Id, invitor.UserId, null, invite); + } + [Theory] [OrganizationInviteAutoData( inviteeUserType: (int)OrganizationUserType.User,