mirror of
https://github.com/bitwarden/server.git
synced 2025-06-30 15:42:48 -05:00
[PM-11667] Remove all code related to the outdated custom permissions 'Edit/Delete Assigned Collections' (#4736)
This commit is contained in:
Rui Tomé
@ -17,7 +17,6 @@ using Bit.Core.Context;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.Models.Business;
|
||||
using Bit.Core.Models.Data;
|
||||
using Bit.Core.Models.Data.Organizations.OrganizationUsers;
|
||||
using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface;
|
||||
using Bit.Core.OrganizationFeatures.OrganizationUsers.Interfaces;
|
||||
@ -108,16 +107,6 @@ public class OrganizationUsersController : Controller
|
||||
|
||||
var response = new OrganizationUserDetailsResponseModel(organizationUser.Item1, organizationUser.Item2);
|
||||
|
||||
// Downgrade Custom users with no other permissions than 'Edit/Delete Assigned Collections' to User
|
||||
response.Type = GetFlexibleCollectionsUserType(response.Type, response.Permissions);
|
||||
|
||||
// Set 'Edit/Delete Assigned Collections' custom permissions to false
|
||||
if (response.Permissions is not null)
|
||||
{
|
||||
response.Permissions.EditAssignedCollections = false;
|
||||
response.Permissions.DeleteAssignedCollections = false;
|
||||
}
|
||||
|
||||
if (includeGroups)
|
||||
{
|
||||
response.Groups = await _groupRepository.GetManyIdsByUserIdAsync(organizationUser.Item1.Id);
|
||||
@ -638,35 +627,6 @@ public class OrganizationUsersController : Controller
|
||||
new OrganizationUserBulkResponseModel(r.Item1.Id, r.Item2)));
|
||||
}
|
||||
|
||||
private OrganizationUserType GetFlexibleCollectionsUserType(OrganizationUserType type, Permissions permissions)
|
||||
{
|
||||
// Downgrade Custom users with no other permissions than 'Edit/Delete Assigned Collections' to User
|
||||
if (type == OrganizationUserType.Custom && permissions is not null)
|
||||
{
|
||||
if ((permissions.EditAssignedCollections || permissions.DeleteAssignedCollections) &&
|
||||
permissions is
|
||||
{
|
||||
AccessEventLogs: false,
|
||||
AccessImportExport: false,
|
||||
AccessReports: false,
|
||||
CreateNewCollections: false,
|
||||
EditAnyCollection: false,
|
||||
DeleteAnyCollection: false,
|
||||
ManageGroups: false,
|
||||
ManagePolicies: false,
|
||||
ManageSso: false,
|
||||
ManageUsers: false,
|
||||
ManageResetPassword: false,
|
||||
ManageScim: false
|
||||
})
|
||||
{
|
||||
return OrganizationUserType.User;
|
||||
}
|
||||
}
|
||||
|
||||
return type;
|
||||
}
|
||||
|
||||
private async Task<ListResponseModel<OrganizationUserUserDetailsResponseModel>> Get_vNext(Guid orgId,
|
||||
bool includeGroups = false, bool includeCollections = false)
|
||||
{
|
||||
|
||||
@ -71,37 +71,6 @@ public class ProfileOrganizationResponseModel : ResponseModel
|
||||
KeyConnectorEnabled = ssoConfigData.MemberDecryptionType == MemberDecryptionType.KeyConnector && !string.IsNullOrEmpty(ssoConfigData.KeyConnectorUrl);
|
||||
KeyConnectorUrl = ssoConfigData.KeyConnectorUrl;
|
||||
}
|
||||
|
||||
// Downgrade Custom users with no other permissions than 'Edit/Delete Assigned Collections' to User
|
||||
if (Type == OrganizationUserType.Custom && Permissions is not null)
|
||||
{
|
||||
if ((Permissions.EditAssignedCollections || Permissions.DeleteAssignedCollections) &&
|
||||
Permissions is
|
||||
{
|
||||
AccessEventLogs: false,
|
||||
AccessImportExport: false,
|
||||
AccessReports: false,
|
||||
CreateNewCollections: false,
|
||||
EditAnyCollection: false,
|
||||
DeleteAnyCollection: false,
|
||||
ManageGroups: false,
|
||||
ManagePolicies: false,
|
||||
ManageSso: false,
|
||||
ManageUsers: false,
|
||||
ManageResetPassword: false,
|
||||
ManageScim: false
|
||||
})
|
||||
{
|
||||
organization.Type = OrganizationUserType.User;
|
||||
}
|
||||
}
|
||||
|
||||
// Set 'Edit/Delete Assigned Collections' custom permissions to false
|
||||
if (Permissions is not null)
|
||||
{
|
||||
Permissions.EditAssignedCollections = false;
|
||||
Permissions.DeleteAssignedCollections = false;
|
||||
}
|
||||
}
|
||||
|
||||
public Guid Id { get; set; }
|
||||
|
||||
@ -1,7 +1,6 @@
|
||||
using System.ComponentModel.DataAnnotations;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Models.Data;
|
||||
using Bit.Core.Models.Data.Organizations.OrganizationUsers;
|
||||
|
||||
namespace Bit.Api.AdminConsole.Public.Models;
|
||||
@ -17,7 +16,7 @@ public abstract class MemberBaseModel
|
||||
throw new ArgumentNullException(nameof(user));
|
||||
}
|
||||
|
||||
Type = GetFlexibleCollectionsUserType(user.Type, user.GetPermissions());
|
||||
Type = user.Type;
|
||||
ExternalId = user.ExternalId;
|
||||
ResetPasswordEnrolled = user.ResetPasswordKey != null;
|
||||
|
||||
@ -34,7 +33,7 @@ public abstract class MemberBaseModel
|
||||
throw new ArgumentNullException(nameof(user));
|
||||
}
|
||||
|
||||
Type = GetFlexibleCollectionsUserType(user.Type, user.GetPermissions());
|
||||
Type = user.Type;
|
||||
ExternalId = user.ExternalId;
|
||||
ResetPasswordEnrolled = user.ResetPasswordKey != null;
|
||||
|
||||
@ -66,34 +65,4 @@ public abstract class MemberBaseModel
|
||||
/// default to false.
|
||||
/// </summary>
|
||||
public PermissionsModel? Permissions { get; set; }
|
||||
|
||||
// TODO: AC-2188 - Remove this method when the custom users with no other permissions than 'Edit/Delete Assigned Collections' are migrated
|
||||
private OrganizationUserType GetFlexibleCollectionsUserType(OrganizationUserType type, Permissions permissions)
|
||||
{
|
||||
// Downgrade Custom users with no other permissions than 'Edit/Delete Assigned Collections' to User
|
||||
if (type == OrganizationUserType.Custom)
|
||||
{
|
||||
if ((permissions.EditAssignedCollections || permissions.DeleteAssignedCollections) &&
|
||||
permissions is
|
||||
{
|
||||
AccessEventLogs: false,
|
||||
AccessImportExport: false,
|
||||
AccessReports: false,
|
||||
CreateNewCollections: false,
|
||||
EditAnyCollection: false,
|
||||
DeleteAnyCollection: false,
|
||||
ManageGroups: false,
|
||||
ManagePolicies: false,
|
||||
ManageSso: false,
|
||||
ManageUsers: false,
|
||||
ManageResetPassword: false,
|
||||
ManageScim: false
|
||||
})
|
||||
{
|
||||
return OrganizationUserType.User;
|
||||
}
|
||||
}
|
||||
|
||||
return type;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,6 +1,4 @@
|
||||
using Bit.Core.Models.Data;
|
||||
|
||||
namespace Bit.Core.Enums;
|
||||
namespace Bit.Core.Enums;
|
||||
|
||||
public enum OrganizationUserType : byte
|
||||
{
|
||||
@ -10,35 +8,3 @@ public enum OrganizationUserType : byte
|
||||
// Manager = 3 has been intentionally permanently deleted
|
||||
Custom = 4,
|
||||
}
|
||||
|
||||
public static class OrganizationUserTypeExtensions
|
||||
{
|
||||
public static OrganizationUserType GetFlexibleCollectionsUserType(this OrganizationUserType type, Permissions permissions)
|
||||
{
|
||||
// Downgrade Custom users with no other permissions than 'Edit/Delete Assigned Collections' to User
|
||||
if (type == OrganizationUserType.Custom && permissions is not null)
|
||||
{
|
||||
if ((permissions.EditAssignedCollections || permissions.DeleteAssignedCollections) &&
|
||||
permissions is
|
||||
{
|
||||
AccessEventLogs: false,
|
||||
AccessImportExport: false,
|
||||
AccessReports: false,
|
||||
CreateNewCollections: false,
|
||||
EditAnyCollection: false,
|
||||
DeleteAnyCollection: false,
|
||||
ManageGroups: false,
|
||||
ManagePolicies: false,
|
||||
ManageSso: false,
|
||||
ManageUsers: false,
|
||||
ManageResetPassword: false,
|
||||
ManageScim: false
|
||||
})
|
||||
{
|
||||
return OrganizationUserType.User;
|
||||
}
|
||||
}
|
||||
|
||||
return type;
|
||||
}
|
||||
}
|
||||
|
||||
@ -10,10 +10,6 @@ public class Permissions
|
||||
public bool CreateNewCollections { get; set; }
|
||||
public bool EditAnyCollection { get; set; }
|
||||
public bool DeleteAnyCollection { get; set; }
|
||||
[Obsolete("Pre-Flexible Collections logic.")]
|
||||
public bool EditAssignedCollections { get; set; }
|
||||
[Obsolete("Pre-Flexible Collections logic.")]
|
||||
public bool DeleteAssignedCollections { get; set; }
|
||||
public bool ManageGroups { get; set; }
|
||||
public bool ManagePolicies { get; set; }
|
||||
public bool ManageSso { get; set; }
|
||||
@ -30,8 +26,6 @@ public class Permissions
|
||||
(CreateNewCollections, "createnewcollections"),
|
||||
(EditAnyCollection, "editanycollection"),
|
||||
(DeleteAnyCollection, "deleteanycollection"),
|
||||
(EditAssignedCollections, "editassignedcollections"),
|
||||
(DeleteAssignedCollections, "deleteassignedcollections"),
|
||||
(ManageGroups, "managegroups"),
|
||||
(ManagePolicies, "managepolicies"),
|
||||
(ManageSso, "managesso"),
|
||||
|
||||
@ -1,5 +1,4 @@
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Models.Data.Organizations.OrganizationUsers;
|
||||
using Bit.Core.Models.Data.Organizations.OrganizationUsers;
|
||||
using Bit.Core.Repositories;
|
||||
using Bit.Core.Utilities;
|
||||
using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
|
||||
@ -33,15 +32,6 @@ public class OrganizationUserUserDetailsQuery : IOrganizationUserUserDetailsQuer
|
||||
{
|
||||
var userPermissions = o.GetPermissions();
|
||||
|
||||
// Downgrade Custom users with no other permissions than 'Edit/Delete Assigned Collections' to User
|
||||
o.Type = o.Type.GetFlexibleCollectionsUserType(userPermissions);
|
||||
|
||||
if (userPermissions is not null)
|
||||
{
|
||||
userPermissions.EditAssignedCollections = false;
|
||||
userPermissions.DeleteAssignedCollections = false;
|
||||
}
|
||||
|
||||
o.Permissions = CoreHelpers.ClassToJsonData(userPermissions);
|
||||
|
||||
return o;
|
||||
|
||||
@ -509,8 +509,6 @@ public class CurrentContext : ICurrentContext
|
||||
CreateNewCollections = hasClaim("createnewcollections"),
|
||||
EditAnyCollection = hasClaim("editanycollection"),
|
||||
DeleteAnyCollection = hasClaim("deleteanycollection"),
|
||||
EditAssignedCollections = hasClaim("editassignedcollections"),
|
||||
DeleteAssignedCollections = hasClaim("deleteassignedcollections"),
|
||||
ManageGroups = hasClaim("managegroups"),
|
||||
ManagePolicies = hasClaim("managepolicies"),
|
||||
ManageSso = hasClaim("managesso"),
|
||||
|
||||
Reference in New Issue
Block a user