nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 15:42:48 -05:00
Code Activity

[PM-11667] Remove all code related to the outdated custom permissions 'Edit/Delete Assigned Collections' (#4736)

Browse Source
This commit is contained in:
Rui Tomé
2024-09-10 15:06:13 +01:00
committed by GitHub
parent 4c0f8d54f3
commit add8783e31
11 changed files with 5 additions and 580 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
test/Api.IntegrationTest/AdminConsole/Public/Controllers/MembersControllerTests.cs
View File

@ -10,7 +10,6 @@ using Bit.Core.Billing.Enums;
using Bit.Core.Enums;
using Bit.Core.Models.Data;
using Bit.Core.Repositories;
using Bit.Test.Common.AutoFixture.Attributes;
using Bit.Test.Common.Helpers;
using Xunit;
@ -109,26 +108,6 @@ public class MembersControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
result.Permissions);
}
[Theory]
[BitAutoData(true, true)]
[BitAutoData(false, true)]
[BitAutoData(true, false)]
public async Task Get_CustomMember_WithDeprecatedPermissions_TreatsAsUser(bool editAssignedCollections, bool deleteAssignedCollections)
{
var (email, orgUser) = await OrganizationTestHelpers.CreateNewUserWithAccountAsync(_factory, _organization.Id,
OrganizationUserType.Custom, new Permissions { EditAssignedCollections = editAssignedCollections, DeleteAssignedCollections = deleteAssignedCollections });
var response = await _client.GetAsync($"/public/members/{orgUser.Id}");
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var result = await response.Content.ReadFromJsonAsync<MemberResponseModel>();
Assert.NotNull(result);
Assert.Equal(email, result.Email);
Assert.Equal(OrganizationUserType.User, result.Type);
Assert.Null(result.Permissions);
}
[Fact]
public async Task Post_CustomMember_Success()
{

63
test/Api.Test/AdminConsole/Queries/OrganizationUserUserDetailsQueryTests.cs
View File

@ -1,8 +1,5 @@
using Bit.Core.Enums;
using Bit.Core.Models.Data;
using Bit.Core.Models.Data.Organizations.OrganizationUsers;
using Bit.Core.Models.Data.Organizations.OrganizationUsers;
using Bit.Core.Repositories;
using Bit.Core.Utilities;
using Bit.Test.Common.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
using Core.AdminConsole.OrganizationFeatures.OrganizationUsers;
@ -15,33 +12,6 @@ namespace Api.Test.AdminConsole.Queries;
[SutProviderCustomize]
public class OrganizationUserUserDetailsQueryTests
{
[Theory]
[BitAutoData]
public async Task Get_DowngradesCustomUsersWithDeprecatedPermissions(
ICollection<OrganizationUserUserDetails> organizationUsers,
SutProvider<OrganizationUserUserDetailsQuery> sutProvider,
Guid organizationId)
{
Get_Setup(organizationUsers, sutProvider, organizationId);
var customUser = organizationUsers.First();
customUser.Type = OrganizationUserType.Custom;
customUser.Permissions = CoreHelpers.ClassToJsonData(new Permissions
{
EditAssignedCollections = true,
DeleteAssignedCollections = true,
});
var response = await sutProvider.Sut.GetOrganizationUserUserDetails(new OrganizationUserUserDetailsQueryRequest { OrganizationId = organizationId });
var customUserResponse = response.First(r => r.Id == organizationUsers.First().Id);
Assert.Equal(OrganizationUserType.User, customUserResponse.Type);
var customUserPermissions = customUserResponse.GetPermissions();
Assert.False(customUserPermissions.EditAssignedCollections);
Assert.False(customUserPermissions.DeleteAssignedCollections);
}
[Theory]
[BitAutoData]
public async Task Get_HandlesNullPermissionsObject(
@ -56,37 +26,6 @@ public class OrganizationUserUserDetailsQueryTests
Assert.True(response.All(r => organizationUsers.Any(ou => ou.Id == r.Id)));
}
[Theory]
[BitAutoData]
public async Task Get_SetsDeprecatedCustomPermissionstoFalse(
ICollection<OrganizationUserUserDetails> organizationUsers,
SutProvider<OrganizationUserUserDetailsQuery> sutProvider,
Guid organizationId)
{
Get_Setup(organizationUsers, sutProvider, organizationId);
var customUser = organizationUsers.First();
customUser.Type = OrganizationUserType.Custom;
customUser.Permissions = CoreHelpers.ClassToJsonData(new Permissions
{
AccessReports = true,
EditAssignedCollections = true,
DeleteAssignedCollections = true,
AccessEventLogs = true
});
var response = await sutProvider.Sut.GetOrganizationUserUserDetails(new OrganizationUserUserDetailsQueryRequest { OrganizationId = organizationId });
var customUserResponse = response.First(r => r.Id == organizationUsers.First().Id);
Assert.Equal(OrganizationUserType.Custom, customUserResponse.Type);
var customUserPermissions = customUserResponse.GetPermissions();
Assert.True(customUserPermissions.AccessReports);
Assert.True(customUserPermissions.AccessEventLogs);
Assert.False(customUserPermissions.EditAssignedCollections);
Assert.False(customUserPermissions.DeleteAssignedCollections);
}
[Theory]
[BitAutoData]
public async Task Get_ReturnsUsers(

4
test/Core.Test/Models/PermissionsTests.cs
View File

@ -15,8 +15,6 @@ public class PermissionsTests
"\"createNewCollections\": true,",
"\"editAnyCollection\": true,",
"\"deleteAnyCollection\": true,",
"\"editAssignedCollections\": false,",
"\"deleteAssignedCollections\": false,",
"\"manageGroups\": false,",
"\"managePolicies\": false,",
"\"manageSso\": false,",
@ -36,8 +34,6 @@ public class PermissionsTests
CreateNewCollections = true,
EditAnyCollection = true,
DeleteAnyCollection = true,
EditAssignedCollections = false,
DeleteAssignedCollections = false,
ManageGroups = false,
ManagePolicies = false,
ManageSso = false,

335
test/Infrastructure.IntegrationTest/AdminConsole/Migrations/FinalFlexibleCollectionsDataMigrationsTests.cs
View File

@ -1,335 +0,0 @@
using System.Text.Json;
using Bit.Core.AdminConsole.Entities;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Models.Data;
using Bit.Core.Repositories;
using Bit.Core.Utilities;
using Bit.Infrastructure.IntegrationTest.Services;
using Newtonsoft.Json.Linq;
using Xunit;
namespace Bit.Infrastructure.IntegrationTest.AdminConsole.Migrations;
public class FinalFlexibleCollectionsDataMigrationsTests
{
private const string _migrationName = "FinalFlexibleCollectionsDataMigrations";
[DatabaseTheory, DatabaseData(MigrationName = _migrationName)]
public async Task RunMigration_WithEditAssignedCollections_WithCustomUserType_MigratesToUserNullPermissions(
IUserRepository userRepository,
IOrganizationRepository organizationRepository,
IOrganizationUserRepository organizationUserRepository,
IMigrationTesterService migrationTester)
{
// Setup data
var orgUser = await SetupData(
userRepository, organizationRepository, organizationUserRepository,
OrganizationUserType.Custom, editAssignedCollections: true, deleteAssignedCollections: false);
// Run data migration
migrationTester.ApplyMigration();
// Assert that the user was migrated to a User type with null permissions
var migratedOrgUser = await organizationUserRepository.GetByIdAsync(orgUser.Id);
Assert.NotNull(migratedOrgUser);
Assert.Equal(orgUser.Id, migratedOrgUser.Id);
Assert.Equal(OrganizationUserType.User, migratedOrgUser.Type);
Assert.Null(migratedOrgUser.Permissions);
}
[DatabaseTheory, DatabaseData(MigrationName = _migrationName)]
public async Task RunMigration_WithDeleteAssignedCollections_WithCustomUserType_MigratesToUserNullPermissions(
IUserRepository userRepository,
IOrganizationRepository organizationRepository,
IOrganizationUserRepository organizationUserRepository,
IMigrationTesterService migrationTester)
{
// Setup data
var orgUser = await SetupData(
userRepository, organizationRepository, organizationUserRepository,
OrganizationUserType.Custom, editAssignedCollections: false, deleteAssignedCollections: true);
// Run data migration
migrationTester.ApplyMigration();
// Assert that the user was migrated to a User type with null permissions
var migratedOrgUser = await organizationUserRepository.GetByIdAsync(orgUser.Id);
Assert.NotNull(migratedOrgUser);
Assert.Equal(orgUser.Id, migratedOrgUser.Id);
Assert.Equal(OrganizationUserType.User, migratedOrgUser.Type);
Assert.Null(migratedOrgUser.Permissions);
}
[DatabaseTheory, DatabaseData(MigrationName = _migrationName)]
public async Task RunMigration_WithEditAndDeleteAssignedCollections_WithCustomUserType_MigratesToUserNullPermissions(
IUserRepository userRepository,
IOrganizationRepository organizationRepository,
IOrganizationUserRepository organizationUserRepository,
IMigrationTesterService migrationTester)
{
// Setup data
var orgUser = await SetupData(
userRepository, organizationRepository, organizationUserRepository,
OrganizationUserType.Custom, editAssignedCollections: true, deleteAssignedCollections: true);
// Run data migration
migrationTester.ApplyMigration();
// Assert that the user was migrated to a User type with null permissions
var migratedOrgUser = await organizationUserRepository.GetByIdAsync(orgUser.Id);
Assert.NotNull(migratedOrgUser);
Assert.Equal(orgUser.Id, migratedOrgUser.Id);
Assert.Equal(OrganizationUserType.User, migratedOrgUser.Type);
Assert.Null(migratedOrgUser.Permissions);
}
[DatabaseTheory, DatabaseData(MigrationName = _migrationName)]
public async Task RunMigration_WithoutAssignedCollectionsPermissions_WithCustomUserType_RemovesAssignedCollectionsPermissions(
IUserRepository userRepository,
IOrganizationRepository organizationRepository,
IOrganizationUserRepository organizationUserRepository,
IMigrationTesterService migrationTester)
{
// Setup data
var orgUser = await SetupData(
userRepository, organizationRepository, organizationUserRepository, OrganizationUserType.Custom,
editAssignedCollections: false, deleteAssignedCollections: false, accessEventLogs: true);
// Run data migration
migrationTester.ApplyMigration();
// Assert that the user kept the accessEventLogs permission and lost the editAssignedCollections and deleteAssignedCollections permissions
var migratedOrgUser = await organizationUserRepository.GetByIdAsync(orgUser.Id);
Assert.NotNull(migratedOrgUser);
Assert.Equal(orgUser.Id, migratedOrgUser.Id);
Assert.Equal(OrganizationUserType.Custom, migratedOrgUser.Type);
Assert.NotEqual(orgUser.Permissions, migratedOrgUser.Permissions);
Assert.NotNull(migratedOrgUser.Permissions);
Assert.Contains("accessEventLogs", orgUser.Permissions);
Assert.Contains("editAssignedCollections", orgUser.Permissions);
Assert.Contains("deleteAssignedCollections", orgUser.Permissions);
Assert.Contains("accessEventLogs", migratedOrgUser.Permissions);
var migratedOrgUserPermissions = migratedOrgUser.GetPermissions();
Assert.NotNull(migratedOrgUserPermissions);
Assert.True(migratedOrgUserPermissions.AccessEventLogs);
Assert.DoesNotContain("editAssignedCollections", migratedOrgUser.Permissions);
Assert.DoesNotContain("deleteAssignedCollections", migratedOrgUser.Permissions);
}
[DatabaseTheory, DatabaseData(MigrationName = _migrationName)]
public async Task RunMigration_WithAdminUserType_RemovesAssignedCollectionsPermissions(
IUserRepository userRepository,
IOrganizationRepository organizationRepository,
IOrganizationUserRepository organizationUserRepository,
IMigrationTesterService migrationTester)
{
// Setup data
var orgUser = await SetupData(
userRepository, organizationRepository, organizationUserRepository, OrganizationUserType.Admin,
editAssignedCollections: false, deleteAssignedCollections: false, accessEventLogs: true);
// Run data migration
migrationTester.ApplyMigration();
// Assert that the user kept the Admin type and lost the editAssignedCollections and deleteAssignedCollections
// permissions but kept the accessEventLogs permission
var migratedOrgUser = await organizationUserRepository.GetByIdAsync(orgUser.Id);
Assert.NotNull(migratedOrgUser);
Assert.Equal(orgUser.Id, migratedOrgUser.Id);
Assert.Equal(OrganizationUserType.Admin, migratedOrgUser.Type);
Assert.NotEqual(orgUser.Permissions, migratedOrgUser.Permissions);
Assert.NotNull(migratedOrgUser.Permissions);
Assert.Contains("accessEventLogs", orgUser.Permissions);
Assert.Contains("editAssignedCollections", orgUser.Permissions);
Assert.Contains("deleteAssignedCollections", orgUser.Permissions);
Assert.Contains("accessEventLogs", migratedOrgUser.Permissions);
Assert.True(migratedOrgUser.GetPermissions().AccessEventLogs);
Assert.DoesNotContain("editAssignedCollections", migratedOrgUser.Permissions);
Assert.DoesNotContain("deleteAssignedCollections", migratedOrgUser.Permissions);
}
[DatabaseTheory, DatabaseData(MigrationName = _migrationName)]
public async Task RunMigration_WithoutAssignedCollectionsPermissions_DoesNothing(
IUserRepository userRepository,
IOrganizationRepository organizationRepository,
IOrganizationUserRepository organizationUserRepository,
IMigrationTesterService migrationTester)
{
// Setup data
var orgUser = await SetupData(
userRepository, organizationRepository, organizationUserRepository, OrganizationUserType.Custom,
editAssignedCollections: false, deleteAssignedCollections: false, accessEventLogs: false);
// Remove the editAssignedCollections and deleteAssignedCollections permissions
orgUser.Permissions = JsonSerializer.Serialize(new
{
AccessEventLogs = false,
AccessImportExport = false,
AccessReports = false,
CreateNewCollections = false,
EditAnyCollection = false,
DeleteAnyCollection = false,
ManageGroups = false,
ManagePolicies = false,
ManageSso = false,
ManageUsers = false,
ManageResetPassword = false,
ManageScim = false
}, JsonHelpers.CamelCase);
await organizationUserRepository.ReplaceAsync(orgUser);
// Run data migration
migrationTester.ApplyMigration();
// Assert that the user remained unchanged
var migratedOrgUser = await organizationUserRepository.GetByIdAsync(orgUser.Id);
Assert.NotNull(migratedOrgUser);
Assert.Equal(orgUser.Id, migratedOrgUser.Id);
Assert.Equal(OrganizationUserType.Custom, orgUser.Type);
Assert.Equal(OrganizationUserType.Custom, migratedOrgUser.Type);
Assert.NotNull(migratedOrgUser.Permissions);
// Assert that the permissions remain unchanged by comparing JSON data, ignoring the order of properties
Assert.True(JToken.DeepEquals(JObject.Parse(orgUser.Permissions), JObject.Parse(migratedOrgUser.Permissions)));
}
[DatabaseTheory, DatabaseData(MigrationName = _migrationName)]
public async Task RunMigration_HandlesNull(
IUserRepository userRepository,
IOrganizationRepository organizationRepository,
IOrganizationUserRepository organizationUserRepository,
IMigrationTesterService migrationTester)
{
// Setup data
var orgUser = await SetupData(
userRepository, organizationRepository, organizationUserRepository, OrganizationUserType.Custom,
editAssignedCollections: false, deleteAssignedCollections: false, accessEventLogs: false);
orgUser.Permissions = null;
await organizationUserRepository.ReplaceAsync(orgUser);
// Run data migration
migrationTester.ApplyMigration();
// Assert no changes
var migratedOrgUser = await organizationUserRepository.GetByIdAsync(orgUser.Id);
Assert.NotNull(migratedOrgUser);
Assert.Equal(orgUser.Id, migratedOrgUser.Id);
Assert.Equal(orgUser.Type, migratedOrgUser.Type);
Assert.Null(migratedOrgUser.Permissions);
}
[DatabaseTheory, DatabaseData(MigrationName = _migrationName)]
public async Task RunMigration_HandlesNullString(
IUserRepository userRepository,
IOrganizationRepository organizationRepository,
IOrganizationUserRepository organizationUserRepository,
IMigrationTesterService migrationTester)
{
// Setup data
var orgUser = await SetupData(
userRepository, organizationRepository, organizationUserRepository, OrganizationUserType.Custom,
editAssignedCollections: false, deleteAssignedCollections: false, accessEventLogs: false);
// We haven't tracked down the source of this yet but it does occur in our cloud database
orgUser.Permissions = "NULL";
await organizationUserRepository.ReplaceAsync(orgUser);
// Run data migration
migrationTester.ApplyMigration();
// Assert no changes
var migratedOrgUser = await organizationUserRepository.GetByIdAsync(orgUser.Id);
Assert.NotNull(migratedOrgUser);
Assert.Equal(orgUser.Id, migratedOrgUser.Id);
Assert.Equal(orgUser.Type, migratedOrgUser.Type);
Assert.Equal("NULL", migratedOrgUser.Permissions);
}
[DatabaseTheory, DatabaseData(MigrationName = _migrationName)]
public async Task RunMigration_HandlesNonJsonValues(
IUserRepository userRepository,
IOrganizationRepository organizationRepository,
IOrganizationUserRepository organizationUserRepository,
IMigrationTesterService migrationTester)
{
// Setup data
var orgUser = await SetupData(
userRepository, organizationRepository, organizationUserRepository, OrganizationUserType.Custom,
editAssignedCollections: false, deleteAssignedCollections: false, accessEventLogs: false);
orgUser.Permissions = "asdfasdfasfd";
await organizationUserRepository.ReplaceAsync(orgUser);
// Run data migration
migrationTester.ApplyMigration();
// Assert no changes
var migratedOrgUser = await organizationUserRepository.GetByIdAsync(orgUser.Id);
Assert.NotNull(migratedOrgUser);
Assert.Equal(orgUser.Id, migratedOrgUser.Id);
Assert.Equal(orgUser.Type, migratedOrgUser.Type);
Assert.Equal("asdfasdfasfd", migratedOrgUser.Permissions);
}
private async Task<OrganizationUser> SetupData(
IUserRepository userRepository,
IOrganizationRepository organizationRepository,
IOrganizationUserRepository organizationUserRepository,
OrganizationUserType organizationUserType,
bool editAssignedCollections,
bool deleteAssignedCollections,
bool accessEventLogs = false)
{
var permissions = new Permissions
{
AccessEventLogs = accessEventLogs,
AccessImportExport = false,
AccessReports = false,
CreateNewCollections = false,
EditAnyCollection = false,
DeleteAnyCollection = false,
EditAssignedCollections = editAssignedCollections,
DeleteAssignedCollections = deleteAssignedCollections,
ManageGroups = false,
ManagePolicies = false,
ManageSso = false,
ManageUsers = false,
ManageResetPassword = false,
ManageScim = false
};
var user = await userRepository.CreateAsync(new User
{
Name = "Test User 1",
Email = $"test+{Guid.NewGuid()}@example.com",
ApiKey = "TEST",
SecurityStamp = "stamp",
Kdf = KdfType.PBKDF2_SHA256,
KdfIterations = 1,
KdfMemory = 2,
KdfParallelism = 3
});
var organization = await organizationRepository.CreateAsync(new Organization
{
Name = "Test Org",
BillingEmail = user.Email, // TODO: EF does not enforce this being NOT NULl
Plan = "Test", // TODO: EF does not enforce this being NOT NULl
PrivateKey = "privatekey",
});
var orgUser = await organizationUserRepository.CreateAsync(new OrganizationUser
{
OrganizationId = organization.Id,
UserId = user.Id,
Status = OrganizationUserStatusType.Confirmed,
ResetPasswordKey = "resetpasswordkey1",
Type = organizationUserType,
Permissions = JsonSerializer.Serialize(permissions, JsonHelpers.CamelCase)
});
return orgUser;
}
}