nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-06 05:28:15 -05:00
Code

Permissions bugs (#1083)

Browse Source 
* Null checked org invite collections

* Null checked permissions on org invite

* Gave a static seat count to org invite fixture

* Null checked the right way
This commit is contained in:
Addison Beck 2021-01-13 15:14:28 -05:00 committed by GitHub
parent 96cc88aafc
commit 9f938f5efd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 29 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Core/Models/Business/OrganizationUserInvite.cs
View File

@ -20,7 +20,7 @@ namespace Bit.Core.Models.Business
Emails = requestModel.Emails; Emails = requestModel.Emails;
Type = requestModel.Type.Value; Type = requestModel.Type.Value;
AccessAll = requestModel.AccessAll; AccessAll = requestModel.AccessAll;
Collections = requestModel.Collections.Select(c => c.ToSelectionReadOnly()); Collections = requestModel.Collections?.Select(c => c.ToSelectionReadOnly());
Permissions = requestModel.Permissions; Permissions = requestModel.Permissions;
} }
} }

10
src/Core/Services/Implementations/OrganizationService.cs
View File

@ -1022,11 +1022,15 @@ namespace Bit.Core.Services
ExternalId = externalId, ExternalId = externalId,
CreationDate = DateTime.UtcNow, CreationDate = DateTime.UtcNow,
RevisionDate = DateTime.UtcNow, RevisionDate = DateTime.UtcNow,
Permissions = System.Text.Json.JsonSerializer.Serialize(invite.Permissions, new JsonSerializerOptions };
if (invite.Permissions != null)
{
orgUser.Permissions = System.Text.Json.JsonSerializer.Serialize(invite.Permissions, new JsonSerializerOptions
{ {
PropertyNamingPolicy = JsonNamingPolicy.CamelCase, PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
}), });
}; }
if (!orgUser.AccessAll && invite.Collections.Any()) if (!orgUser.AccessAll && invite.Collections.Any())
{ {

3
test/Core.Test/AutoFixture/OrganizationFixtures.cs
View File

@ -56,7 +56,8 @@ namespace Bit.Core.Test.AutoFixture.OrganizationFixtures
PropertyNamingPolicy = JsonNamingPolicy.CamelCase, PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
}); });
fixture.Customize<Organization>(composer => composer fixture.Customize<Organization>(composer => composer
.With(o => o.Id, organizationId)); .With(o => o.Id, organizationId)
.With(o => o.Seats, (short)100));
fixture.Customize<OrganizationUser>(composer => composer fixture.Customize<OrganizationUser>(composer => composer
.With(ou => ou.OrganizationId, organizationId) .With(ou => ou.OrganizationId, organizationId)
.With(ou => ou.Type, InvitorUserType) .With(ou => ou.Type, InvitorUserType)

19
test/Core.Test/Services/OrganizationServiceTests.cs
View File

@ -296,6 +296,25 @@ namespace Bit.Core.Test.Services
Assert.Contains("can not manage admins", exception.Message.ToLowerInvariant()); Assert.Contains("can not manage admins", exception.Message.ToLowerInvariant());
} }
[Theory]
[OrganizationInviteAutoData(
inviteeUserType: (int)OrganizationUserType.User,
invitorUserType: (int)OrganizationUserType.Owner
)]
public async Task InviteUser_NoPermissionsObject_Passes(Organization organization, OrganizationUserInvite invite,
OrganizationUser invitor, SutProvider<OrganizationService> sutProvider)
{
invite.Permissions = null;
var organizationRepository = sutProvider.GetDependency<IOrganizationRepository>();
var organizationUserRepository = sutProvider.GetDependency<IOrganizationUserRepository>();
var eventService = sutProvider.GetDependency<IEventService>();
organizationRepository.GetByIdAsync(organization.Id).Returns(organization);
organizationUserRepository.GetManyByUserAsync(invitor.UserId.Value).Returns(new List<OrganizationUser> { invitor });
await sutProvider.Sut.InviteUserAsync(organization.Id, invitor.UserId, null, invite);
}
[Theory] [Theory]
[OrganizationInviteAutoData( [OrganizationInviteAutoData(
inviteeUserType: (int)OrganizationUserType.User, inviteeUserType: (int)OrganizationUserType.User,