SqlServer split manage collection permission (#1594)

* SqlServer split manage collection permission * Clarify names * Test claims generation * Test permission serialization * Simplify claims building * Use new collections permissions * Throw on use of deprecated permissions * Lower case all claims * Remove todos * Clean nonexistent project from test solution * JsonIgnore for both system and newtonsoft json * Make migrations more robust to multiple runs * remove duplicate usings * Remove obsolete permissions * Test solutions separately to detect failures * Handle dos line endings * Fix collections create/update permissions * Change restore cipher to edit permissions * Improve formatting * Simplify map * Refactor test
2025-06-30 23:52:50 -05:00 · 2021-10-05 11:12:05 -05:00
parent 55fa4a5f63
commit bd297fb7a2
25 changed files with 3639 additions and 129 deletions
--- a/src/Core/Models/Data/Permissions.cs
+++ b/src/Core/Models/Data/Permissions.cs
@ -1,3 +1,7 @@
+using System;
+using System.Collections.Generic;
+using Newtonsoft.Json;
+
 namespace Bit.Core.Models.Data 
 {
    public class Permissions
@ -6,12 +10,39 @@ namespace Bit.Core.Models.Data
        public bool AccessEventLogs { get; set; }
        public bool AccessImportExport { get; set; }
        public bool AccessReports { get; set; }
-        public bool ManageAssignedCollections { get; set; }
-        public bool ManageAllCollections { get; set; }
+        [Obsolete("This permission exists for client backwards-compatibility. It should not be used to determine permissions in this repository", true)]
+        public bool ManageAllCollections => CreateNewCollections && EditAnyCollection && DeleteAnyCollection;
+        public bool CreateNewCollections { get; set; }
+        public bool EditAnyCollection { get; set; }
+        public bool DeleteAnyCollection { get; set; }
+        [Obsolete("This permission exists for client backwards-compatibility. It should not be used to determine permissions in this repository", true)]
+        public bool ManageAssignedCollections => EditAssignedCollections && DeleteAssignedCollections;
+        public bool EditAssignedCollections { get; set; }
+        public bool DeleteAssignedCollections { get; set; }
        public bool ManageGroups { get; set; }
        public bool ManagePolicies { get; set; }
        public bool ManageSso { get; set; }
        public bool ManageUsers { get; set; }
        public bool ManageResetPassword { get; set; }
+
+        [JsonIgnore]
+        [System.Text.Json.Serialization.JsonIgnore]
+        public List<(bool Permission, string ClaimName)> ClaimsMap => new()
+        {
+            (AccessBusinessPortal, "accessbusinessportal"),
+            (AccessEventLogs, "accesseventlogs"),
+            (AccessImportExport, "accessimportexport"),
+            (AccessReports, "accessreports"),
+            (CreateNewCollections, "createnewcollections"),
+            (EditAnyCollection, "editanycollection"),
+            (DeleteAnyCollection, "deleteanycollection"),
+            (EditAssignedCollections, "editassignedcollections"),
+            (DeleteAssignedCollections, "deleteassignedcollections"),
+            (ManageGroups, "managegroups"),
+            (ManagePolicies, "managepolicies"),
+            (ManageSso, "managesso"),
+            (ManageUsers, "manageusers"),
+            (ManageResetPassword, "manageresetpassword"),
+        };
    }
 }