SqlServer split manage collection permission (#1594)

* SqlServer split manage collection permission

* Clarify names

* Test claims generation

* Test permission serialization

* Simplify claims building

* Use new collections permissions

* Throw on use of deprecated permissions

* Lower case all claims

* Remove todos

* Clean nonexistent project from test solution

* JsonIgnore for both system and newtonsoft json

* Make migrations more robust to multiple runs

* remove duplicate usings

* Remove obsolete permissions

* Test solutions separately to detect failures

* Handle dos line endings

* Fix collections create/update permissions

* Change restore cipher to edit permissions

* Improve formatting

* Simplify map

* Refactor test

util/PostgresMigrations/Migrations/20210921163012_SplitManageCollectionsPermissions.cs

@@ -0,0 +1,22 @@
+using System;
+using Bit.Core.Utilities;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+namespace Bit.PostgresMigrations.Migrations
+{
+    public partial class SplitManageCollectionsPermissions : Migration
+    {
+        private const string _scriptLocation =
+            "PostgresMigration.Scripts.2021-09-21_00_SplitManageCollectionsPermission.psql";
+
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.Sql(CoreHelpers.GetEmbeddedResourceContentsAsync(_scriptLocation));
+        }
+
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            throw new Exception("Irreversible migration");
+        }
+    }
+}

util/PostgresMigrations/PostgresMigrations.csproj

@@ -16,4 +16,10 @@
     </PackageReference>
   </ItemGroup>
 
+  <ItemGroup>
+    <None Remove="Scripts\2021-09-21_00_SplitManageCollectionsPermission.psql" />
+  </ItemGroup>
+  <ItemGroup>
+    <EmbeddedResource Include="Scripts\2021-09-21_00_SplitManageCollectionsPermission.psql" />
+  </ItemGroup>
 </Project>

util/PostgresMigrations/Scripts/2021-09-21_00_SplitManageCollectionsPermission.psql

@@ -0,0 +1,42 @@
+CREATE OR REPLACE FUNCTION updatePermissionsJson(permissions jsonb) returns jsonb LANGUAGE plpgsql AS $$
+	DECLARE manageAllCollections jsonb := COALESCE(jsonb_extract_path(permissions, 'manageAllCollections'), 'false');
+	DECLARE manageAssignedCollections jsonb := COALESCE(jsonb_extract_path(permissions, 'manageAssignedCollections'), 'false');
+
+	DECLARE createNewCollections jsonb := COALESCE(jsonb_extract_path(permissions, 'createNewCollections'), manageAllCollections);
+	DECLARE editAnyCollection jsonb := COALESCE(jsonb_extract_path(permissions, 'editAnyCollection'), manageAllCollections);
+	DECLARE deleteAnyCollection jsonb := COALESCE(jsonb_extract_path(permissions, 'deleteAnyCollection'), manageAllCollections);
+
+	DECLARE editAssignedCollections jsonb := COALESCE(jsonb_extract_path(permissions, 'editAssignedCollections'), manageAssignedCollections);
+	DECLARE deleteAssignedCollections jsonb := COALESCE(jsonb_extract_path(permissions, 'deleteAssignedCollections'), manageAssignedCollections);
+
+	BEGIN
+		RETURN
+			jsonb_set(
+				jsonb_set(
+					jsonb_set(
+						jsonb_set(
+							jsonb_set(
+								permissions,
+								'{createNewCollections}',
+								createNewCollections
+							),
+							'{editAnyCollection}',
+							editAnyCollection
+						),
+						'{deleteAnyCollection}',
+						deleteAnyCollection
+					),
+					'{editAssignedCollections}',
+					editAssignedCollections
+				),
+				'{deleteAssignedCollections}',
+				deleteAssignedCollections
+			);
+	END
+$$;
+
+UPDATE public."OrganizationUser"
+SET "Permissions" = updatePermissionsJson("Permissions"::jsonb)::text
+WHERE "Permissions" IS NOT NULL;
+	
+DROP FUNCTION updatePermissionsJson(jsonb);