diff --git a/src/Api/Controllers/OrganizationUsersController.cs b/src/Api/Controllers/OrganizationUsersController.cs index fed8cf252d..d70d6b3640 100644 --- a/src/Api/Controllers/OrganizationUsersController.cs +++ b/src/Api/Controllers/OrganizationUsersController.cs @@ -59,7 +59,7 @@ namespace Bit.Api.Controllers { var user = await _userService.GetUserByPrincipalAsync(User); var result = await _organizationService.InviteUserAsync(new Guid(orgId), model.Email, - model.Subvaults.Select(s => s.ToSubvaultUser())); + model.Subvaults?.Select(s => s.ToSubvaultUser())); } [HttpPut("{id}/accept")] @@ -87,7 +87,7 @@ namespace Bit.Api.Controllers throw new NotFoundException(); } - await _organizationService.SaveUserAsync(organizationUser, model.Subvaults.Select(s => s.ToSubvaultUser())); + await _organizationService.SaveUserAsync(organizationUser, model.Subvaults?.Select(s => s.ToSubvaultUser())); } [HttpDelete("{id}")] diff --git a/src/Core/Models/Api/Request/Organizations/OrganizationUserRequestModels.cs b/src/Core/Models/Api/Request/Organizations/OrganizationUserRequestModels.cs index 5e0edad031..ddae48e3d0 100644 --- a/src/Core/Models/Api/Request/Organizations/OrganizationUserRequestModels.cs +++ b/src/Core/Models/Api/Request/Organizations/OrganizationUserRequestModels.cs @@ -28,7 +28,6 @@ namespace Bit.Core.Models.Api public class OrganizationUserSubvaultRequestModel { - public string Id { get; set; } public string SubvaultId { get; set; } public bool Admin { get; set; } public bool ReadOnly { get; set; } @@ -46,11 +45,6 @@ namespace Bit.Core.Models.Api subvault.SubvaultId = new Guid(SubvaultId); } - if(!string.IsNullOrWhiteSpace(Id)) - { - subvault.Id = new Guid(Id); - } - return subvault; } } diff --git a/src/Core/Services/Implementations/OrganizationService.cs b/src/Core/Services/Implementations/OrganizationService.cs index 338d71f250..b9909674df 100644 --- a/src/Core/Services/Implementations/OrganizationService.cs +++ b/src/Core/Services/Implementations/OrganizationService.cs @@ -164,26 +164,33 @@ namespace Bit.Core.Services private async Task SaveUserSubvaultsAsync(OrganizationUser user, IEnumerable subvaults, bool newUser) { + if(subvaults == null) + { + subvaults = new List(); + } + var orgSubvaults = await _subvaultRepository.GetManyByOrganizationIdAsync(user.OrganizationId); var currentUserSubvaults = newUser ? null : await _subvaultUserRepository.GetManyByOrganizationUserIdAsync(user.Id); // Let's make sure all these belong to this user and organization. var filteredSubvaults = subvaults.Where(s => orgSubvaults.Any(os => os.Id == s.SubvaultId)); - if(!newUser) - { - filteredSubvaults = filteredSubvaults.Where(s => - s.Id == default(Guid) || currentUserSubvaults.Any(cs => cs.Id == s.Id)); - } - foreach(var subvault in filteredSubvaults) { + var existingSubvaultUser = currentUserSubvaults?.FirstOrDefault(cs => cs.SubvaultId == subvault.SubvaultId); + if(existingSubvaultUser != null) + { + subvault.Id = existingSubvaultUser.Id; + subvault.CreationDate = existingSubvaultUser.CreationDate; + } + subvault.OrganizationUserId = user.Id; await _subvaultUserRepository.UpsertAsync(subvault); } if(!newUser) { - var subvaultsToDelete = currentUserSubvaults.Where(cs => !subvaults.Any(s => s.Id == cs.Id)); + var subvaultsToDelete = currentUserSubvaults.Where(cs => + !filteredSubvaults.Any(s => s.SubvaultId == cs.SubvaultId)); foreach(var subvault in subvaultsToDelete) { await _subvaultUserRepository.DeleteAsync(subvault); diff --git a/src/Sql/dbo/Stored Procedures/SubvaultUser_Update.sql b/src/Sql/dbo/Stored Procedures/SubvaultUser_Update.sql index 5981f0a56b..a96d77b3ac 100644 --- a/src/Sql/dbo/Stored Procedures/SubvaultUser_Update.sql +++ b/src/Sql/dbo/Stored Procedures/SubvaultUser_Update.sql @@ -2,7 +2,6 @@ @Id UNIQUEIDENTIFIER, @SubvaultId UNIQUEIDENTIFIER, @OrganizationUserId UNIQUEIDENTIFIER, - @Key VARCHAR(MAX), @Admin BIT, @ReadOnly BIT, @CreationDate DATETIME2(7),