Flag for org users to access all subvaults

2025-07-16 15:17:33 -05:00 · 2017-04-20 23:50:12 -04:00
parent aa5b79df2b
commit b0b6cac97b
26 changed files with 139 additions and 106 deletions
--- a/src/Core/Models/Api/Request/Organizations/OrganizationUserRequestModels.cs
+++ b/src/Core/Models/Api/Request/Organizations/OrganizationUserRequestModels.cs
@ -12,6 +12,7 @@ namespace Bit.Core.Models.Api
        public string Email { get; set; }
        [Required]
        public Enums.OrganizationUserType? Type { get; set; }
+        public bool AccessAllSubvaults { get; set; }
        public IEnumerable<OrganizationUserSubvaultRequestModel> Subvaults { get; set; }
    }

@ -31,11 +32,13 @@ namespace Bit.Core.Models.Api
    {
        [Required]
        public Enums.OrganizationUserType? Type { get; set; }
+        public bool AccessAllSubvaults { get; set; }
        public IEnumerable<OrganizationUserSubvaultRequestModel> Subvaults { get; set; }

        public OrganizationUser ToOrganizationUser(OrganizationUser existingUser)
        {
            existingUser.Type = Type.Value;
+            existingUser.AccessAllSubvaults = AccessAllSubvaults;
            return existingUser;
        }
    }
--- a/src/Core/Models/Api/Response/OrganizationUserResponseModel.cs
+++ b/src/Core/Models/Api/Response/OrganizationUserResponseModel.cs
@ -22,6 +22,7 @@ namespace Bit.Core.Models.Api
            Email = organizationUser.Email;
            Type = organizationUser.Type;
            Status = organizationUser.Status;
+            AccessAllSubvaults = organizationUser.AccessAllSubvaults;
        }

        public string Id { get; set; }
@ -30,6 +31,7 @@ namespace Bit.Core.Models.Api
        public string Email { get; set; }
        public OrganizationUserType Type { get; set; }
        public OrganizationUserStatusType Status { get; set; }
+        public bool AccessAllSubvaults { get; set; }
    }

    public class OrganizationUserDetailsResponseModel : OrganizationUserResponseModel
--- a/src/Core/Models/Api/Response/SubvaultUserResponseModel.cs
+++ b/src/Core/Models/Api/Response/SubvaultUserResponseModel.cs
@ -15,9 +15,10 @@ namespace Bit.Core.Models.Api
                throw new ArgumentNullException(nameof(subvaultUser));
            }

-            Id = subvaultUser.Id.ToString();
+            Id = subvaultUser.Id?.ToString();
            OrganizationUserId = subvaultUser.OrganizationUserId.ToString();
-            SubvaultId = subvaultUser.SubvaultId.ToString();
+            SubvaultId = subvaultUser.SubvaultId?.ToString();
+            AccessAllSubvaults = subvaultUser.AccessAllSubvaults;
            Name = subvaultUser.Name;
            Email = subvaultUser.Email;
            Type = subvaultUser.Type;
@ -28,6 +29,7 @@ namespace Bit.Core.Models.Api
        public string Id { get; set; }
        public string OrganizationUserId { get; set; }
        public string SubvaultId { get; set; }
+        public bool AccessAllSubvaults { get; set; }
        public string Name { get; set; }
        public string Email { get; set; }
        public OrganizationUserType Type { get; set; }
--- a/src/Core/Models/Data/OrganizationUserUserDetails.cs
+++ b/src/Core/Models/Data/OrganizationUserUserDetails.cs
@ -11,5 +11,6 @@ namespace Bit.Core.Models.Data
        public string Email { get; set; }
        public Enums.OrganizationUserStatusType Status { get; set; }
        public Enums.OrganizationUserType Type { get; set; }
+        public bool AccessAllSubvaults { get; set; }
    }
 }
--- a/src/Core/Models/Data/SubvaultUserUserDetails.cs
+++ b/src/Core/Models/Data/SubvaultUserUserDetails.cs
@ -4,9 +4,10 @@ namespace Bit.Core.Models.Data
 {
    public class SubvaultUserUserDetails
    {
-        public Guid Id { get; set; }
+        public Guid? Id { get; set; }
        public Guid OrganizationUserId { get; set; }
-        public Guid SubvaultId { get; set; }
+        public Guid? SubvaultId { get; set; }
+        public bool AccessAllSubvaults { get; set; }
        public string Name { get; set; }
        public string Email { get; set; }
        public Enums.OrganizationUserStatusType Status { get; set; }
--- a/src/Core/Models/Table/OrganizationUser.cs
+++ b/src/Core/Models/Table/OrganizationUser.cs
@ -13,6 +13,7 @@ namespace Bit.Core.Models.Table
        public string Key { get; set; }
        public OrganizationUserStatusType Status { get; set; }
        public OrganizationUserType Type { get; set; }
+        public bool AccessAllSubvaults { get; set; }
        public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;
        public DateTime RevisionDate { get; internal set; } = DateTime.UtcNow;

--- a/src/Core/Services/IOrganizationService.cs
+++ b/src/Core/Services/IOrganizationService.cs
@ -19,7 +19,7 @@ namespace Bit.Core.Services
        Task DeleteAsync(Organization organization);
        Task UpdateAsync(Organization organization, bool updateBilling = false);
        Task<OrganizationUser> InviteUserAsync(Guid organizationId, Guid invitingUserId, string email,
-            Enums.OrganizationUserType type, IEnumerable<SubvaultUser> subvaults);
+            Enums.OrganizationUserType type, bool accessAllSubvaults, IEnumerable<SubvaultUser> subvaults);
        Task ResendInviteAsync(Guid organizationId, Guid invitingUserId, Guid organizationUserId);
        Task<OrganizationUser> AcceptUserAsync(Guid organizationUserId, User user, string token);
        Task<OrganizationUser> ConfirmUserAsync(Guid organizationId, Guid organizationUserId, string key, Guid confirmingUserId);
--- a/src/Core/Services/Implementations/OrganizationService.cs
+++ b/src/Core/Services/Implementations/OrganizationService.cs
@ -475,7 +475,7 @@ namespace Bit.Core.Services
                    $"{plan.MaxAdditionalSeats.GetValueOrDefault(0)} additional users.");
            }

-            if(plan.Type == Enums.PlanType.Free)
+            if(plan.Type == PlanType.Free)
            {
                var ownerExistingOrgCount =
                    await _organizationUserRepository.GetCountByFreeOrganizationAdminUserAsync(signup.Owner.Id);
@ -555,6 +555,7 @@ namespace Bit.Core.Services
                    Key = signup.OwnerKey,
                    Type = OrganizationUserType.Owner,
                    Status = OrganizationUserStatusType.Confirmed,
+                    AccessAllSubvaults = true,
                    CreationDate = DateTime.UtcNow,
                    RevisionDate = DateTime.UtcNow
                };
@ -631,7 +632,7 @@ namespace Bit.Core.Services
        }

        public async Task<OrganizationUser> InviteUserAsync(Guid organizationId, Guid invitingUserId, string email,
-            OrganizationUserType type, IEnumerable<SubvaultUser> subvaults)
+            OrganizationUserType type, bool accessAllSubvaults, IEnumerable<SubvaultUser> subvaults)
        {
            var organization = await _organizationRepository.GetByIdAsync(organizationId);
            if(organization == null)
@ -664,12 +665,16 @@ namespace Bit.Core.Services
                Key = null,
                Type = type,
                Status = OrganizationUserStatusType.Invited,
+                AccessAllSubvaults = accessAllSubvaults,
                CreationDate = DateTime.UtcNow,
                RevisionDate = DateTime.UtcNow
            };

            await _organizationUserRepository.CreateAsync(orgUser);
-            await SaveUserSubvaultsAsync(orgUser, subvaults, true);
+            if(!orgUser.AccessAllSubvaults && subvaults.Any())
+            {
+                await SaveUserSubvaultsAsync(orgUser, subvaults, true);
+            }
            await SendInviteAsync(orgUser);

            return orgUser;
@ -786,6 +791,12 @@ namespace Bit.Core.Services
            }

            await _organizationUserRepository.ReplaceAsync(user);
+
+            if(user.AccessAllSubvaults)
+            {
+                // We don't need any subvaults if we're flagged to have all access.
+                subvaults = new List<SubvaultUser>();
+            }
            await SaveUserSubvaultsAsync(user, subvaults, false);
        }