SqlServer split manage collection permission (#1594)

* SqlServer split manage collection permission

* Clarify names

* Test claims generation

* Test permission serialization

* Simplify claims building

* Use new collections permissions

* Throw on use of deprecated permissions

* Lower case all claims

* Remove todos

* Clean nonexistent project from test solution

* JsonIgnore for both system and newtonsoft json

* Make migrations more robust to multiple runs

* remove duplicate usings

* Remove obsolete permissions

* Test solutions separately to detect failures

* Handle dos line endings

* Fix collections create/update permissions

* Change restore cipher to edit permissions

* Improve formatting

* Simplify map

* Refactor test

util/MySqlMigrations/Migrations/20210921200227_SplitManageCollectionsPermissions.cs

@@ -0,0 +1,22 @@
+using System;
+using Bit.Core.Utilities;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+namespace Bit.MySqlMigrations.Migrations
+{
+    public partial class SplitManageCollectionsPermissions : Migration
+    {
+        private const string _scriptLocation =
+            "MySqlMigrations.Scripts.2021-09-21_00_SplitManageCollectionsPermission.sql";
+
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.Sql(CoreHelpers.GetEmbeddedResourceContentsAsync(_scriptLocation));
+        }
+
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            throw new Exception("Irreversible migration");
+        }
+    }
+}

util/MySqlMigrations/MySqlMigrations.csproj

@@ -16,4 +16,10 @@
     </PackageReference>
   </ItemGroup>
 
+  <ItemGroup>
+    <None Remove="Scripts\2021-09-21_00_SplitManageCollectionsPermission.sql" />
+  </ItemGroup>
+  <ItemGroup>
+    <EmbeddedResource Include="Scripts\2021-09-21_00_SplitManageCollectionsPermission.sql" />
+  </ItemGroup>
 </Project>

util/MySqlMigrations/Scripts/2021-09-21_00_SplitManageCollectionsPermission.sql

@@ -0,0 +1,56 @@
+-- Split Manage Assigned Collections into edit and delete
+UPDATE `bw-vault`.`OrganizationUser`
+SET `Permissions` =
+	JSON_INSERT(
+		`Permissions`,
+		'$.editAssignedCollections',
+		IFNULL(
+			IFNULL(
+				JSON_EXTRACT(`Permissions`,'$.editAssignedCollections'),
+				JSON_EXTRACT(`Permissions`, '$.manageAssignedCollections')),
+			false),
+		'$.deleteAssignedCollections', 
+		IFNULL(
+			IFNULL(
+				JSON_EXTRACT(`Permissions`, '$.deleteAssignedCollections'),
+				JSON_EXTRACT(`Permissions`, '$.manageAssignedCollections')),
+			false)
+	)
+WHERE `Permissions` IS NOT NULL
+    AND JSON_VALID(`Permissions`) > 0
+    AND (
+		JSON_EXTRACT(`Permissions`, '$.editAssignedCollections') IS NULL
+		OR JSON_EXTRACT(`Permissions`, '$.deleteAssignedCollections') IS NULL
+	);
+
+-- Split Manage All Collections into create, edit, and delete
+UPDATE `bw-vault`.`OrganizationUser`
+SET `Permissions` =
+	JSON_INSERT(
+		`Permissions`,
+		'$.createNewCollections',
+		IFNULL(
+			IFNULL(
+				JSON_EXTRACT(`Permissions`, '$.createNewColletions'),
+				JSON_EXTRACT(`Permissions`, '$.manageAllCollections')),
+			false),
+		'$.editAnyCollection',
+		IFNULL(
+			IFNULL(
+				JSON_EXTRACT(`Permissions`, '$.editAnyCollection'),
+				JSON_EXTRACT(`Permissions`, '$.manageAllCollections')),
+			false),
+		'$.deleteAnyCollection',
+		IFNULL(
+			IFNULL(
+				JSON_EXTRACT(`Permissions`, '$.deleteAnyCollection'),
+				JSON_EXTRACT(`Permissions`, '$.manageAllCollections')),
+			false)
+	)
+WHERE `Permissions` IS NOT NULL
+	AND JSON_VALID(`Permissions`) > 0
+    AND (
+		JSON_EXTRACT(`Permissions`, '$.createNewCollections') IS NULL
+		OR JSON_EXTRACT(`Permissions`, '$.editAnyCollection') IS NULL
+		OR JSON_EXTRACT(`Permissions`, '$.deleteAnyCollection') IS NULL
+	);