nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 07:36:14 -05:00
Code Activity

[AC-2614] Member Access Report Endpoint (#4599)

Browse Source 
* Initial draft of moving the org user controller details method into a query

* Removing comments and addressing pr items

* Adding the org users query to core

* Adding the member access report

* Addressing some pr concerns and refactoring to be more efficient

* Some minor changes to the way properties are spelled

* Setting authorization to organization

* Adding the permissions check for reports and comments

* removing unnecessary usings

* Removing ciphers controller change that was a mistake

* There was a duplication issue in getting collections for users grabbing groups

* Adding comments to the CreateReport method

* Only get the user collections by userId

* Some finaly refactoring

* Adding the no group, no collection, and no perms local strings

* Modifying and adding query test cases

* Removing unnecessary permissions code in query

* Added mapping for id and UsesKeyConnector to MemberAccessReportModel (#4681)

* Moving test cases from controller fully into the query.

---------

Co-authored-by: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
Co-authored-by: aj-rosado <109146700+aj-rosado@users.noreply.github.com>
This commit is contained in:
Tom
2024-09-04 14:33:33 -04:00
committed by GitHub
parent fdf6d8f9c3
commit af3797c540
12 changed files with 503 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
test/Api.Test/AdminConsole/Controllers/OrganizationUsersControllerTests.cs
View File

@ -13,7 +13,6 @@ using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Exceptions;
using Bit.Core.Models.Business;
using Bit.Core.Models.Data;
using Bit.Core.Models.Data.Organizations;
using Bit.Core.Models.Data.Organizations.OrganizationUsers;
using Bit.Core.OrganizationFeatures.OrganizationUsers.Interfaces;
@ -22,6 +21,8 @@ using Bit.Core.Services;
using Bit.Core.Utilities;
using Bit.Test.Common.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Requests;
using Microsoft.AspNetCore.Authorization;
using NSubstitute;
using Xunit;
@ -194,71 +195,6 @@ public class OrganizationUsersControllerTests
Assert.True(response.Data.All(r => organizationUsers.Any(ou => ou.Id == r.Id)));
}
[Theory]
[BitAutoData]
public async Task Get_HandlesNullPermissionsObject(
ICollection<OrganizationUserUserDetails> organizationUsers, OrganizationAbility organizationAbility,
SutProvider<OrganizationUsersController> sutProvider)
{
Get_Setup(organizationAbility, organizationUsers, sutProvider);
organizationUsers.First().Permissions = "null";
var response = await sutProvider.Sut.Get(organizationAbility.Id);
Assert.True(response.Data.All(r => organizationUsers.Any(ou => ou.Id == r.Id)));
}
[Theory]
[BitAutoData]
public async Task Get_SetsDeprecatedCustomPermissionstoFalse(
ICollection<OrganizationUserUserDetails> organizationUsers, OrganizationAbility organizationAbility,
SutProvider<OrganizationUsersController> sutProvider)
{
Get_Setup(organizationAbility, organizationUsers, sutProvider);
var customUser = organizationUsers.First();
customUser.Type = OrganizationUserType.Custom;
customUser.Permissions = CoreHelpers.ClassToJsonData(new Permissions
{
AccessReports = true,
EditAssignedCollections = true,
DeleteAssignedCollections = true,
AccessEventLogs = true
});
var response = await sutProvider.Sut.Get(organizationAbility.Id);
var customUserResponse = response.Data.First(r => r.Id == organizationUsers.First().Id);
Assert.Equal(OrganizationUserType.Custom, customUserResponse.Type);
Assert.True(customUserResponse.Permissions.AccessReports);
Assert.True(customUserResponse.Permissions.AccessEventLogs);
Assert.False(customUserResponse.Permissions.EditAssignedCollections);
Assert.False(customUserResponse.Permissions.DeleteAssignedCollections);
}
[Theory]
[BitAutoData]
public async Task Get_DowngradesCustomUsersWithDeprecatedPermissions(
ICollection<OrganizationUserUserDetails> organizationUsers, OrganizationAbility organizationAbility,
SutProvider<OrganizationUsersController> sutProvider)
{
Get_Setup(organizationAbility, organizationUsers, sutProvider);
var customUser = organizationUsers.First();
customUser.Type = OrganizationUserType.Custom;
customUser.Permissions = CoreHelpers.ClassToJsonData(new Permissions
{
EditAssignedCollections = true,
DeleteAssignedCollections = true,
});
var response = await sutProvider.Sut.Get(organizationAbility.Id);
var customUserResponse = response.Data.First(r => r.Id == organizationUsers.First().Id);
Assert.Equal(OrganizationUserType.User, customUserResponse.Type);
Assert.False(customUserResponse.Permissions.EditAssignedCollections);
Assert.False(customUserResponse.Permissions.DeleteAssignedCollections);
}
[Theory]
[BitAutoData]
public async Task GetAccountRecoveryDetails_ReturnsDetails(
@ -309,6 +245,8 @@ public class OrganizationUsersControllerTests
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organizationAbility.Id)
.Returns(organizationAbility);
sutProvider.GetDependency<IOrganizationUserUserDetailsQuery>().GetOrganizationUserUserDetails(Arg.Any<OrganizationUserUserDetailsQueryRequest>()).Returns(organizationUsers);
sutProvider.GetDependency<IAuthorizationService>().AuthorizeAsync(
user: Arg.Any<ClaimsPrincipal>(),
resource: Arg.Any<Object>(),

117
test/Api.Test/AdminConsole/Queries/OrganizationUserUserDetailsQueryTests.cs Normal file
View File

@ -0,0 +1,117 @@
using Bit.Core.Enums;
using Bit.Core.Models.Data;
using Bit.Core.Models.Data.Organizations.OrganizationUsers;
using Bit.Core.Repositories;
using Bit.Core.Utilities;
using Bit.Test.Common.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
using Core.AdminConsole.OrganizationFeatures.OrganizationUsers;
using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Requests;
using NSubstitute;
using Xunit;
namespace Api.Test.AdminConsole.Queries;
[SutProviderCustomize]
public class OrganizationUserUserDetailsQueryTests
{
[Theory]
[BitAutoData]
public async Task Get_DowngradesCustomUsersWithDeprecatedPermissions(
ICollection<OrganizationUserUserDetails> organizationUsers,
SutProvider<OrganizationUserUserDetailsQuery> sutProvider,
Guid organizationId)
{
Get_Setup(organizationUsers, sutProvider, organizationId);
var customUser = organizationUsers.First();
customUser.Type = OrganizationUserType.Custom;
customUser.Permissions = CoreHelpers.ClassToJsonData(new Permissions
{
EditAssignedCollections = true,
DeleteAssignedCollections = true,
});
var response = await sutProvider.Sut.GetOrganizationUserUserDetails(new OrganizationUserUserDetailsQueryRequest { OrganizationId = organizationId });
var customUserResponse = response.First(r => r.Id == organizationUsers.First().Id);
Assert.Equal(OrganizationUserType.User, customUserResponse.Type);
var customUserPermissions = customUserResponse.GetPermissions();
Assert.False(customUserPermissions.EditAssignedCollections);
Assert.False(customUserPermissions.DeleteAssignedCollections);
}
[Theory]
[BitAutoData]
public async Task Get_HandlesNullPermissionsObject(
ICollection<OrganizationUserUserDetails> organizationUsers,
SutProvider<OrganizationUserUserDetailsQuery> sutProvider,
Guid organizationId)
{
Get_Setup(organizationUsers, sutProvider, organizationId);
organizationUsers.First().Permissions = "null";
var response = await sutProvider.Sut.GetOrganizationUserUserDetails(new OrganizationUserUserDetailsQueryRequest { OrganizationId = organizationId });
Assert.True(response.All(r => organizationUsers.Any(ou => ou.Id == r.Id)));
}
[Theory]
[BitAutoData]
public async Task Get_SetsDeprecatedCustomPermissionstoFalse(
ICollection<OrganizationUserUserDetails> organizationUsers,
SutProvider<OrganizationUserUserDetailsQuery> sutProvider,
Guid organizationId)
{
Get_Setup(organizationUsers, sutProvider, organizationId);
var customUser = organizationUsers.First();
customUser.Type = OrganizationUserType.Custom;
customUser.Permissions = CoreHelpers.ClassToJsonData(new Permissions
{
AccessReports = true,
EditAssignedCollections = true,
DeleteAssignedCollections = true,
AccessEventLogs = true
});
var response = await sutProvider.Sut.GetOrganizationUserUserDetails(new OrganizationUserUserDetailsQueryRequest { OrganizationId = organizationId });
var customUserResponse = response.First(r => r.Id == organizationUsers.First().Id);
Assert.Equal(OrganizationUserType.Custom, customUserResponse.Type);
var customUserPermissions = customUserResponse.GetPermissions();
Assert.True(customUserPermissions.AccessReports);
Assert.True(customUserPermissions.AccessEventLogs);
Assert.False(customUserPermissions.EditAssignedCollections);
Assert.False(customUserPermissions.DeleteAssignedCollections);
}
[Theory]
[BitAutoData]
public async Task Get_ReturnsUsers(
ICollection<OrganizationUserUserDetails> organizationUsers,
SutProvider<OrganizationUserUserDetailsQuery> sutProvider,
Guid organizationId)
{
Get_Setup(organizationUsers, sutProvider, organizationId);
var response = await sutProvider.Sut.GetOrganizationUserUserDetails(new OrganizationUserUserDetailsQueryRequest { OrganizationId = organizationId });
Assert.True(response.All(r => organizationUsers.Any(ou => ou.Id == r.Id)));
}
private void Get_Setup(
ICollection<OrganizationUserUserDetails> organizationUsers,
SutProvider<OrganizationUserUserDetailsQuery> sutProvider,
Guid organizationId)
{
foreach (var orgUser in organizationUsers)
{
orgUser.Permissions = null;
}
sutProvider.GetDependency<IOrganizationUserRepository>()
.GetManyDetailsByOrganizationAsync(organizationId, Arg.Any<bool>(), Arg.Any<bool>())
.Returns(organizationUsers);
}
}