[PM-18234] Add SendPolicyRequirement (#5409)

2025-06-30 15:42:48 -05:00 · 2025-02-24 09:19:52 +10:00
parent 5241e09c1a
commit b0c6fc9146
8 changed files with 384 additions and 6 deletions
--- a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/SendPolicyRequirement.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/SendPolicyRequirement.cs
@ -0,0 +1,54 @@
+using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
+using Bit.Core.Enums;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
+
+/// <summary>
+/// Policy requirements for the Disable Send and Send Options policies.
+/// </summary>
+public class SendPolicyRequirement : IPolicyRequirement
+{
+    /// <summary>
+    /// Indicates whether Send is disabled for the user. If true, the user should not be able to create or edit Sends.
+    /// They may still delete existing Sends.
+    /// </summary>
+    public bool DisableSend { get; init; }
+    /// <summary>
+    /// Indicates whether the user is prohibited from hiding their email from the recipient of a Send.
+    /// </summary>
+    public bool DisableHideEmail { get; init; }
+
+    /// <summary>
+    /// Create a new SendPolicyRequirement.
+    /// </summary>
+    /// <param name="policyDetails">All PolicyDetails relating to the user.</param>
+    /// <remarks>
+    /// This is a <see cref="RequirementFactory{T}"/> for the SendPolicyRequirement.
+    /// </remarks>
+    public static SendPolicyRequirement Create(IEnumerable<PolicyDetails> policyDetails)
+    {
+        var filteredPolicies = policyDetails
+            .ExemptRoles([OrganizationUserType.Owner, OrganizationUserType.Admin])
+            .ExemptStatus([OrganizationUserStatusType.Invited, OrganizationUserStatusType.Revoked])
+            .ExemptProviders()
+            .ToList();
+
+        var result = filteredPolicies
+            .GetPolicyType(PolicyType.SendOptions)
+            .Select(p => p.GetDataModel<SendOptionsPolicyData>())
+            .Aggregate(
+                new SendPolicyRequirement
+                {
+                    // Set Disable Send requirement in the initial seed
+                    DisableSend = filteredPolicies.GetPolicyType(PolicyType.DisableSend).Any()
+                },
+                (result, data) => new SendPolicyRequirement
+                {
+                    DisableSend = result.DisableSend,
+                    DisableHideEmail = result.DisableHideEmail || data.DisableHideEmail
+                });
+
+        return result;
+    }
+}
--- a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyServiceCollectionExtensions.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyServiceCollectionExtensions.cs
@ -32,6 +32,7 @@ public static class PolicyServiceCollectionExtensions
    private static void AddPolicyRequirements(this IServiceCollection services)
    {
        // Register policy requirement factories here
+        services.AddPolicyRequirement(SendPolicyRequirement.Create);
    }

    /// <summary>
--- a/src/Core/Tools/Services/Implementations/SendService.cs
+++ b/src/Core/Tools/Services/Implementations/SendService.cs
@ -1,7 +1,8 @@
 using System.Text.Json;
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
-using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
 using Bit.Core.AdminConsole.Services;
 using Bit.Core.Context;
 using Bit.Core.Entities;
@ -26,7 +27,6 @@ public class SendService : ISendService
    public const string MAX_FILE_SIZE_READABLE = "500 MB";
    private readonly ISendRepository _sendRepository;
    private readonly IUserRepository _userRepository;
-    private readonly IPolicyRepository _policyRepository;
    private readonly IPolicyService _policyService;
    private readonly IUserService _userService;
    private readonly IOrganizationRepository _organizationRepository;
@ -36,6 +36,9 @@ public class SendService : ISendService
    private readonly IReferenceEventService _referenceEventService;
    private readonly GlobalSettings _globalSettings;
    private readonly ICurrentContext _currentContext;
+    private readonly IPolicyRequirementQuery _policyRequirementQuery;
+    private readonly IFeatureService _featureService;
+
    private const long _fileSizeLeeway = 1024L * 1024L; // 1MB

    public SendService(
@ -48,14 +51,14 @@ public class SendService : ISendService
        IPushNotificationService pushService,
        IReferenceEventService referenceEventService,
        GlobalSettings globalSettings,
-        IPolicyRepository policyRepository,
        IPolicyService policyService,
-        ICurrentContext currentContext)
+        ICurrentContext currentContext,
+        IPolicyRequirementQuery policyRequirementQuery,
+        IFeatureService featureService)
    {
        _sendRepository = sendRepository;
        _userRepository = userRepository;
        _userService = userService;
-        _policyRepository = policyRepository;
        _policyService = policyService;
        _organizationRepository = organizationRepository;
        _sendFileStorageService = sendFileStorageService;
@ -64,6 +67,8 @@ public class SendService : ISendService
        _referenceEventService = referenceEventService;
        _globalSettings = globalSettings;
        _currentContext = currentContext;
+        _policyRequirementQuery = policyRequirementQuery;
+        _featureService = featureService;
    }

    public async Task SaveSendAsync(Send send)
@ -286,6 +291,12 @@ public class SendService : ISendService

    private async Task ValidateUserCanSaveAsync(Guid? userId, Send send)
    {
+        if (_featureService.IsEnabled(FeatureFlagKeys.PolicyRequirements))
+        {
+            await ValidateUserCanSaveAsync_vNext(userId, send);
+            return;
+        }
+
        if (!userId.HasValue || (!_currentContext.Organizations?.Any() ?? true))
        {
            return;
@ -308,6 +319,26 @@ public class SendService : ISendService
        }
    }

+    private async Task ValidateUserCanSaveAsync_vNext(Guid? userId, Send send)
+    {
+        if (!userId.HasValue)
+        {
+            return;
+        }
+
+        var sendPolicyRequirement = await _policyRequirementQuery.GetAsync<SendPolicyRequirement>(userId.Value);
+
+        if (sendPolicyRequirement.DisableSend)
+        {
+            throw new BadRequestException("Due to an Enterprise Policy, you are only able to delete an existing Send.");
+        }
+
+        if (sendPolicyRequirement.DisableHideEmail && send.HideEmail.GetValueOrDefault())
+        {
+            throw new BadRequestException("Due to an Enterprise Policy, you are not allowed to hide your email address from recipients when creating or editing a Send.");
+        }
+    }
+
    private async Task<long> StorageRemainingForSendAsync(Send send)
    {
        var storageBytesRemaining = 0L;