[PM-13013] add delete many async method to i user repository and i user service for bulk user deletion (#5035)

* Add DeleteManyAsync method and stored procedure * Add DeleteManyAsync and tests * removed stored procedure, refactor User_DeleteById to accept multiple Ids * add sproc, refactor tests * revert existing sproc * add bulk delete to IUserService * fix sproc * fix and add tests * add migration script, fix test * Add feature flag * add feature flag to tests for deleteManyAsync * enable nullable, delete only user that pass validation * revert changes to DeleteAsync * Cleanup whitespace * remove redundant feature flag * fix tests * move DeleteManyAsync from UserService into DeleteManagedOrganizationUserAccountCommand * refactor validation, remove unneeded tasks * refactor tests, remove unused service
2025-06-30 23:52:50 -05:00 · 2024-12-06 14:40:47 -05:00
parent fb5db40f4c
commit c591997d01
8 changed files with 565 additions and 8 deletions
--- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteManagedOrganizationUserAccountCommand.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteManagedOrganizationUserAccountCommand.cs
@ -1,10 +1,14 @@
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
+using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Context;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
+using Bit.Core.Tools.Enums;
+using Bit.Core.Tools.Models.Business;
+using Bit.Core.Tools.Services;

 #nullable enable

@ -19,7 +23,10 @@ public class DeleteManagedOrganizationUserAccountCommand : IDeleteManagedOrganiz
    private readonly IUserRepository _userRepository;
    private readonly ICurrentContext _currentContext;
    private readonly IHasConfirmedOwnersExceptQuery _hasConfirmedOwnersExceptQuery;
-
+    private readonly IReferenceEventService _referenceEventService;
+    private readonly IPushNotificationService _pushService;
+    private readonly IOrganizationRepository _organizationRepository;
+    private readonly IProviderUserRepository _providerUserRepository;
    public DeleteManagedOrganizationUserAccountCommand(
        IUserService userService,
        IEventService eventService,
@ -27,7 +34,11 @@ public class DeleteManagedOrganizationUserAccountCommand : IDeleteManagedOrganiz
        IOrganizationUserRepository organizationUserRepository,
        IUserRepository userRepository,
        ICurrentContext currentContext,
-        IHasConfirmedOwnersExceptQuery hasConfirmedOwnersExceptQuery)
+        IHasConfirmedOwnersExceptQuery hasConfirmedOwnersExceptQuery,
+        IReferenceEventService referenceEventService,
+        IPushNotificationService pushService,
+        IOrganizationRepository organizationRepository,
+        IProviderUserRepository providerUserRepository)
    {
        _userService = userService;
        _eventService = eventService;
@ -36,6 +47,10 @@ public class DeleteManagedOrganizationUserAccountCommand : IDeleteManagedOrganiz
        _userRepository = userRepository;
        _currentContext = currentContext;
        _hasConfirmedOwnersExceptQuery = hasConfirmedOwnersExceptQuery;
+        _referenceEventService = referenceEventService;
+        _pushService = pushService;
+        _organizationRepository = organizationRepository;
+        _providerUserRepository = providerUserRepository;
    }

    public async Task DeleteUserAsync(Guid organizationId, Guid organizationUserId, Guid? deletingUserId)
@ -89,7 +104,8 @@ public class DeleteManagedOrganizationUserAccountCommand : IDeleteManagedOrganiz
                    throw new NotFoundException("Member not found.");
                }

-                await _userService.DeleteAsync(user);
+                await ValidateUserMembershipAndPremiumAsync(user);
+
                results.Add((orgUserId, string.Empty));
            }
            catch (Exception ex)
@ -98,6 +114,15 @@ public class DeleteManagedOrganizationUserAccountCommand : IDeleteManagedOrganiz
            }
        }

+        var orgUserResultsToDelete = results.Where(result => string.IsNullOrEmpty(result.ErrorMessage));
+        var orgUsersToDelete = orgUsers.Where(orgUser => orgUserResultsToDelete.Any(result => orgUser.Id == result.OrganizationUserId));
+        var usersToDelete = users.Where(user => orgUsersToDelete.Any(orgUser => orgUser.UserId == user.Id));
+
+        if (usersToDelete.Any())
+        {
+            await DeleteManyAsync(usersToDelete);
+        }
+
        await LogDeletedOrganizationUsersAsync(orgUsers, results);

        return results;
@ -158,4 +183,59 @@ public class DeleteManagedOrganizationUserAccountCommand : IDeleteManagedOrganiz
            await _eventService.LogOrganizationUserEventsAsync(events);
        }
    }
+    private async Task DeleteManyAsync(IEnumerable<User> users)
+    {
+
+        await _userRepository.DeleteManyAsync(users);
+        foreach (var user in users)
+        {
+            await _referenceEventService.RaiseEventAsync(
+                new ReferenceEvent(ReferenceEventType.DeleteAccount, user, _currentContext));
+            await _pushService.PushLogOutAsync(user.Id);
+        }
+
+    }
+
+    private async Task ValidateUserMembershipAndPremiumAsync(User user)
+    {
+        // Check if user is the only owner of any organizations.
+        var onlyOwnerCount = await _organizationUserRepository.GetCountByOnlyOwnerAsync(user.Id);
+        if (onlyOwnerCount > 0)
+        {
+            throw new BadRequestException("Cannot delete this user because it is the sole owner of at least one organization. Please delete these organizations or upgrade another user.");
+        }
+
+        var orgs = await _organizationUserRepository.GetManyDetailsByUserAsync(user.Id, OrganizationUserStatusType.Confirmed);
+        if (orgs.Count == 1)
+        {
+            var org = await _organizationRepository.GetByIdAsync(orgs.First().OrganizationId);
+            if (org != null && (!org.Enabled || string.IsNullOrWhiteSpace(org.GatewaySubscriptionId)))
+            {
+                var orgCount = await _organizationUserRepository.GetCountByOrganizationIdAsync(org.Id);
+                if (orgCount <= 1)
+                {
+                    await _organizationRepository.DeleteAsync(org);
+                }
+                else
+                {
+                    throw new BadRequestException("Cannot delete this user because it is the sole owner of at least one organization. Please delete these organizations or upgrade another user.");
+                }
+            }
+        }
+
+        var onlyOwnerProviderCount = await _providerUserRepository.GetCountByOnlyOwnerAsync(user.Id);
+        if (onlyOwnerProviderCount > 0)
+        {
+            throw new BadRequestException("Cannot delete this user because it is the sole owner of at least one provider. Please delete these providers or upgrade another user.");
+        }
+
+        if (!string.IsNullOrWhiteSpace(user.GatewaySubscriptionId))
+        {
+            try
+            {
+                await _userService.CancelPremiumAsync(user);
+            }
+            catch (GatewayException) { }
+        }
+    }
 }
--- a/src/Core/Repositories/IUserRepository.cs
+++ b/src/Core/Repositories/IUserRepository.cs
@ -32,4 +32,5 @@ public interface IUserRepository : IRepository<User, Guid>
    /// <param name="updateDataActions">Registered database calls to update re-encrypted data.</param>
    Task UpdateUserKeyAndEncryptedDataAsync(User user,
        IEnumerable<UpdateEncryptedDataForKeyRotation> updateDataActions);
+    Task DeleteManyAsync(IEnumerable<User> users);
 }