[AC-2334] Fix unable to load members when permissions is "null" (#3922)

* Also add xmldoc comment to CoreHelpers.LoadClassFromJsonData to warn about this
2025-06-30 15:42:48 -05:00 · 2024-03-26 00:26:12 +10:00
parent fd71ed8584
commit c5d5de0aed
4 changed files with 128 additions and 8 deletions
--- a/test/Api.Test/AdminConsole/Controllers/OrganizationUsersControllerTests.cs
+++ b/test/Api.Test/AdminConsole/Controllers/OrganizationUsersControllerTests.cs
@ -8,14 +8,17 @@ using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
 using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Context;
 using Bit.Core.Entities;
+using Bit.Core.Enums;
 using Bit.Core.Models.Data;
 using Bit.Core.Models.Data.Organizations;
+using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.OrganizationFeatures.OrganizationUsers.Interfaces;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
+using Microsoft.AspNetCore.Authorization;
 using NSubstitute;
 using Xunit;

@ -201,4 +204,104 @@ public class OrganizationUsersControllerTests
                cas.All(c => model.Collections.Any(m => m.Id == c.Id))),
            model.Groups);
    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task Get_WithFlexibleCollections_ReturnsUsers(
+        ICollection<OrganizationUserUserDetails> organizationUsers, OrganizationAbility organizationAbility,
+        SutProvider<OrganizationUsersController> sutProvider)
+    {
+        Get_Setup(organizationAbility, organizationUsers, sutProvider);
+        var response = await sutProvider.Sut.Get(organizationAbility.Id);
+
+        Assert.True(response.Data.All(r => organizationUsers.Any(ou => ou.Id == r.Id)));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task Get_WithFlexibleCollections_HandlesNullPermissionsObject(
+        ICollection<OrganizationUserUserDetails> organizationUsers, OrganizationAbility organizationAbility,
+        SutProvider<OrganizationUsersController> sutProvider)
+    {
+        Get_Setup(organizationAbility, organizationUsers, sutProvider);
+        organizationUsers.First().Permissions = "null";
+        var response = await sutProvider.Sut.Get(organizationAbility.Id);
+
+        Assert.True(response.Data.All(r => organizationUsers.Any(ou => ou.Id == r.Id)));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task Get_WithFlexibleCollections_SetsDeprecatedCustomPermissionstoFalse(
+        ICollection<OrganizationUserUserDetails> organizationUsers, OrganizationAbility organizationAbility,
+        SutProvider<OrganizationUsersController> sutProvider)
+    {
+        Get_Setup(organizationAbility, organizationUsers, sutProvider);
+
+        var customUser = organizationUsers.First();
+        customUser.Type = OrganizationUserType.Custom;
+        customUser.Permissions = CoreHelpers.ClassToJsonData(new Permissions
+        {
+            AccessReports = true,
+            EditAssignedCollections = true,
+            DeleteAssignedCollections = true,
+            AccessEventLogs = true
+        });
+
+        var response = await sutProvider.Sut.Get(organizationAbility.Id);
+
+        var customUserResponse = response.Data.First(r => r.Id == organizationUsers.First().Id);
+        Assert.Equal(OrganizationUserType.Custom, customUserResponse.Type);
+        Assert.True(customUserResponse.Permissions.AccessReports);
+        Assert.True(customUserResponse.Permissions.AccessEventLogs);
+        Assert.False(customUserResponse.Permissions.EditAssignedCollections);
+        Assert.False(customUserResponse.Permissions.DeleteAssignedCollections);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task Get_WithFlexibleCollections_DowngradesCustomUsersWithDeprecatedPermissions(
+        ICollection<OrganizationUserUserDetails> organizationUsers, OrganizationAbility organizationAbility,
+        SutProvider<OrganizationUsersController> sutProvider)
+    {
+        Get_Setup(organizationAbility, organizationUsers, sutProvider);
+
+        var customUser = organizationUsers.First();
+        customUser.Type = OrganizationUserType.Custom;
+        customUser.Permissions = CoreHelpers.ClassToJsonData(new Permissions
+        {
+            EditAssignedCollections = true,
+            DeleteAssignedCollections = true,
+        });
+
+        var response = await sutProvider.Sut.Get(organizationAbility.Id);
+
+        var customUserResponse = response.Data.First(r => r.Id == organizationUsers.First().Id);
+        Assert.Equal(OrganizationUserType.User, customUserResponse.Type);
+        Assert.False(customUserResponse.Permissions.EditAssignedCollections);
+        Assert.False(customUserResponse.Permissions.DeleteAssignedCollections);
+    }
+
+    private void Get_Setup(OrganizationAbility organizationAbility,
+        ICollection<OrganizationUserUserDetails> organizationUsers,
+        SutProvider<OrganizationUsersController> sutProvider)
+    {
+        organizationAbility.FlexibleCollections = true;
+        foreach (var orgUser in organizationUsers)
+        {
+            orgUser.Permissions = null;
+        }
+        sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organizationAbility.Id)
+            .Returns(organizationAbility);
+
+        sutProvider.GetDependency<IAuthorizationService>().AuthorizeAsync(
+            user: Arg.Any<ClaimsPrincipal>(),
+            resource: Arg.Any<Object>(),
+            requirements: Arg.Any<IEnumerable<IAuthorizationRequirement>>())
+            .Returns(AuthorizationResult.Success());
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyDetailsByOrganizationAsync(organizationAbility.Id, Arg.Any<bool>(), Arg.Any<bool>())
+            .Returns(organizationUsers);
+    }
 }