nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-05 01:52:49 -05:00
Code Activity

[AC-1139] Reverted changes made to CollectionService and OrganizationService

Browse Source
This commit is contained in:
Rui Tome
2023-11-02 15:22:16 +00:00
parent 70209f1cff
commit c94c8539da
2 changed files with 10 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/Core/Services/Implementations/CollectionService.cs
View File

@ -53,36 +53,21 @@ public class CollectionService : ICollectionService
} }
var groupsList = groups?.ToList(); var groupsList = groups?.ToList();
var usersList = users?.ToList() ?? new List<CollectionAccessSelection>(); var usersList = users?.ToList();
// If using Flexible Collections - a collection should always have someone with Can Manage permissions // If using Flexible Collections - a collection should always have someone with Can Manage permissions
if (_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext)) if (_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext))
{ {
var groupHasManageAccess = groupsList?.Any(g => g.Manage) ?? false; var groupHasManageAccess = groupsList?.Any(g => g.Manage) ?? false;
var userHasManageAccess = usersList.Any(u => u.Manage); var userHasManageAccess = usersList?.Any(u => u.Manage) ?? false;
if (!groupHasManageAccess && !userHasManageAccess) if (!groupHasManageAccess && !userHasManageAccess)
{ {
throw new BadRequestException( throw new BadRequestException(
"At least one member or group must have can manage permission."); "At least one member or group must have can manage permission.");
} }
} }
else
{
// If not using Flexible Collections
// all Organization users with EditAssignedCollections permission should have Manage permission for the collection
var organizationUsers = await _organizationUserRepository
.GetManyByOrganizationAsync(collection.OrganizationId, null);
foreach (var orgUser in organizationUsers.Where(ou => ou.GetPermissions()?.EditAssignedCollections ?? false))
{
var user = usersList.FirstOrDefault(u => u.Id == orgUser.Id);
if (user != null)
{
user.Manage = true;
}
}
}
if (collection.Id == default) if (collection.Id == default(Guid))
{ {
if (org.MaxCollections.HasValue) if (org.MaxCollections.HasValue)
{ {

32
src/Core/Services/Implementations/OrganizationService.cs
View File

@ -61,8 +61,6 @@ public class OrganizationService : IOrganizationService
private readonly IDataProtectorTokenFactory<OrgUserInviteTokenable> _orgUserInviteTokenDataFactory; private readonly IDataProtectorTokenFactory<OrgUserInviteTokenable> _orgUserInviteTokenDataFactory;
private readonly IFeatureService _featureService; private readonly IFeatureService _featureService;
private bool UseFlexibleCollections => _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext);
public OrganizationService( public OrganizationService(
IOrganizationRepository organizationRepository, IOrganizationRepository organizationRepository,
IOrganizationUserRepository organizationUserRepository, IOrganizationUserRepository organizationUserRepository,
@ -434,7 +432,7 @@ public class OrganizationService : IOrganizationService
await ValidateSignUpPoliciesAsync(signup.Owner.Id); await ValidateSignUpPoliciesAsync(signup.Owner.Id);
} }
var useFlexibleCollections = var flexibleCollectionsIsEnabled =
_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext); _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext);
var organization = new Organization var organization = new Organization
@ -474,7 +472,7 @@ public class OrganizationService : IOrganizationService
Status = OrganizationStatusType.Created, Status = OrganizationStatusType.Created,
UsePasswordManager = true, UsePasswordManager = true,
UseSecretsManager = signup.UseSecretsManager, UseSecretsManager = signup.UseSecretsManager,
LimitCollectionCreationDeletion = !useFlexibleCollections LimitCollectionCreationDeletion = !flexibleCollectionsIsEnabled
}; };
if (signup.UseSecretsManager) if (signup.UseSecretsManager)
@ -931,10 +929,6 @@ public class OrganizationService : IOrganizationService
orgUser.Permissions = JsonSerializer.Serialize(invite.Permissions, JsonHelpers.CamelCase); orgUser.Permissions = JsonSerializer.Serialize(invite.Permissions, JsonHelpers.CamelCase);
} }
// If Flexible Collections is disabled and the user has EditAssignedCollections permission
// grant Manage permission for all assigned collections
invite.Collections = ApplyManageCollectionPermissions(orgUser, invite.Collections);
if (!orgUser.AccessAll && invite.Collections.Any()) if (!orgUser.AccessAll && invite.Collections.Any())
{ {
limitedCollectionOrgUsers.Add((orgUser, invite.Collections)); limitedCollectionOrgUsers.Add((orgUser, invite.Collections));
@ -1313,9 +1307,11 @@ public class OrganizationService : IOrganizationService
} }
} }
// If Flexible Collections is disabled and the user has EditAssignedCollections permission if (user.AccessAll)
// grant Manage permission for all assigned collections {
collections = ApplyManageCollectionPermissions(user, collections); // We don't need any collections if we're flagged to have all access.
collections = new List<CollectionAccessSelection>();
}
await _organizationUserRepository.ReplaceAsync(user, collections); await _organizationUserRepository.ReplaceAsync(user, collections);
if (groups != null) if (groups != null)
@ -2420,18 +2416,4 @@ public class OrganizationService : IOrganizationService
await _collectionRepository.CreateAsync(defaultCollection); await _collectionRepository.CreateAsync(defaultCollection);
} }
} }
private IEnumerable<CollectionAccessSelection> ApplyManageCollectionPermissions(OrganizationUser orgUser, IEnumerable<CollectionAccessSelection> collections)
{
if (!UseFlexibleCollections && (orgUser.GetPermissions()?.EditAssignedCollections ?? false))
{
return collections.Select(c =>
{
c.Manage = true;
return c;
}).ToList();
}
return collections;
}
} }