[AC-2317] Public API - remove old permissions code (#4125)

* Remove FlexibleCollections checks from Public API controllers * Remove AccessAll from Public API * Update tests
2025-06-30 07:36:14 -05:00 · 2024-06-04 08:58:44 +10:00
parent 2c40dc0602
commit cae417e2a2
13 changed files with 24 additions and 172 deletions
--- a/test/Api.IntegrationTest/AdminConsole/Public/Controllers/MembersControllerTests.cs
+++ b/test/Api.IntegrationTest/AdminConsole/Public/Controllers/MembersControllerTests.cs
@ -135,7 +135,6 @@ public class MembersControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
            Email = email,
            Type = OrganizationUserType.Custom,
            ExternalId = "myCustomUser",
-            AccessAll = false,
            Collections = [],
            Groups = []
        };
@ -150,7 +149,6 @@ public class MembersControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
        Assert.Equal(email, result.Email);
        Assert.Equal(OrganizationUserType.Custom, result.Type);
        Assert.Equal("myCustomUser", result.ExternalId);
-        Assert.False(result.AccessAll);
        Assert.Empty(result.Collections);

        // Assert against the database values
@ -160,7 +158,6 @@ public class MembersControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
        Assert.Equal(email, orgUser.Email);
        Assert.Equal(OrganizationUserType.Custom, orgUser.Type);
        Assert.Equal("myCustomUser", orgUser.ExternalId);
-        Assert.False(orgUser.AccessAll);
        Assert.Equal(OrganizationUserStatusType.Invited, orgUser.Status);
        Assert.Equal(_organization.Id, orgUser.OrganizationId);
    }
@ -180,7 +177,6 @@ public class MembersControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
                EditAnyCollection = true,
                AccessEventLogs = true
            },
-            AccessAll = false,
            ExternalId = "example",
            Collections = []
        };
@ -198,7 +194,6 @@ public class MembersControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
        AssertHelper.AssertPropertyEqual(
            new PermissionsModel { DeleteAnyCollection = true, EditAnyCollection = true, AccessEventLogs = true },
            result.Permissions);
-        Assert.False(result.AccessAll);
        Assert.Empty(result.Collections);

        // Assert against the database values
@ -207,7 +202,6 @@ public class MembersControllerTests : IClassFixture<ApiApplicationFactory>, IAsy

        Assert.Equal(OrganizationUserType.Custom, updatedOrgUser.Type);
        Assert.Equal("example", updatedOrgUser.ExternalId);
-        Assert.False(updatedOrgUser.AccessAll);
        Assert.Equal(OrganizationUserStatusType.Confirmed, updatedOrgUser.Status);
        Assert.Equal(_organization.Id, updatedOrgUser.OrganizationId);
    }
@ -225,7 +219,6 @@ public class MembersControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
        var request = new MemberUpdateRequestModel
        {
            Type = OrganizationUserType.Custom,
-            AccessAll = false,
            ExternalId = "example",
            Collections = []
        };
--- a/test/Api.Test/AdminConsole/Public/Controllers/GroupsControllerTests.cs
+++ b/test/Api.Test/AdminConsole/Public/Controllers/GroupsControllerTests.cs
@ -5,7 +5,6 @@ using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces;
 using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Context;
-using Bit.Core.Exceptions;
 using Bit.Core.Models.Data;
 using Bit.Core.Repositories;
 using Bit.Test.Common.AutoFixture;
@ -22,105 +21,7 @@ public class GroupsControllerTests
 {
    [Theory]
    [BitAutoData]
-    public async Task Post_Success_BeforeFlexibleCollectionMigration(Organization organization, GroupCreateUpdateRequestModel groupRequestModel, SutProvider<GroupsController> sutProvider)
-    {
-        // Organization has not migrated
-        organization.FlexibleCollections = false;
-
-        // Permissions do not contain Manage property
-        var expectedPermissions = (groupRequestModel.Collections ?? []).Select(model => new AssociationWithPermissionsRequestModel { Id = model.Id, ReadOnly = model.ReadOnly, HidePasswords = model.HidePasswords.GetValueOrDefault() });
-        groupRequestModel.Collections = expectedPermissions;
-
-        sutProvider.GetDependency<ICurrentContext>().OrganizationId.Returns(organization.Id);
-        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
-
-        var response = await sutProvider.Sut.Post(groupRequestModel) as JsonResult;
-        var responseValue = response.Value as GroupResponseModel;
-
-        await sutProvider.GetDependency<ICreateGroupCommand>().Received(1).CreateGroupAsync(
-            Arg.Is<Group>(g =>
-                g.OrganizationId == organization.Id && g.Name == groupRequestModel.Name &&
-                g.AccessAll == groupRequestModel.AccessAll && g.ExternalId == groupRequestModel.ExternalId),
-            organization,
-            Arg.Any<ICollection<CollectionAccessSelection>>());
-
-        Assert.Equal(groupRequestModel.Name, responseValue.Name);
-        Assert.Equal(groupRequestModel.AccessAll, responseValue.AccessAll);
-        Assert.Equal(groupRequestModel.ExternalId, responseValue.ExternalId);
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task Post_Throws_BadRequestException_BeforeFlexibleCollectionMigration_Manage(Organization organization, GroupCreateUpdateRequestModel groupRequestModel, SutProvider<GroupsController> sutProvider)
-    {
-        // Organization has not migrated
-        organization.FlexibleCollections = false;
-
-        // Contains at least one can manage
-        groupRequestModel.Collections.First().Manage = true;
-
-        sutProvider.GetDependency<ICurrentContext>().OrganizationId.Returns(organization.Id);
-        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
-
-        await sutProvider.GetDependency<ICreateGroupCommand>().DidNotReceiveWithAnyArgs().CreateGroupAsync(default, default, default, default);
-        await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.Post(groupRequestModel));
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task Put_Success_BeforeFlexibleCollectionMigration(Organization organization, Group group, GroupCreateUpdateRequestModel groupRequestModel, SutProvider<GroupsController> sutProvider)
-    {
-        // Organization has not migrated
-        organization.FlexibleCollections = false;
-
-        // Permissions do not contain Manage property
-        var expectedPermissions = (groupRequestModel.Collections ?? []).Select(model => new AssociationWithPermissionsRequestModel { Id = model.Id, ReadOnly = model.ReadOnly, HidePasswords = model.HidePasswords.GetValueOrDefault() });
-        groupRequestModel.Collections = expectedPermissions;
-
-        group.OrganizationId = organization.Id;
-
-        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
-        sutProvider.GetDependency<IGroupRepository>().GetByIdAsync(group.Id).Returns(group);
-        sutProvider.GetDependency<ICurrentContext>().OrganizationId.Returns(organization.Id);
-
-        var response = await sutProvider.Sut.Put(group.Id, groupRequestModel) as JsonResult;
-        var responseValue = response.Value as GroupResponseModel;
-
-        await sutProvider.GetDependency<IUpdateGroupCommand>().Received(1).UpdateGroupAsync(
-            Arg.Is<Group>(g =>
-                g.OrganizationId == organization.Id && g.Name == groupRequestModel.Name &&
-                g.AccessAll == groupRequestModel.AccessAll && g.ExternalId == groupRequestModel.ExternalId),
-            Arg.Is<Organization>(o => o.Id == organization.Id),
-            Arg.Any<ICollection<CollectionAccessSelection>>());
-
-        Assert.Equal(groupRequestModel.Name, responseValue.Name);
-        Assert.Equal(groupRequestModel.AccessAll, responseValue.AccessAll);
-        Assert.Equal(groupRequestModel.ExternalId, responseValue.ExternalId);
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task Put_Throws_BadRequestException_BeforeFlexibleCollectionMigration_Manage(Organization organization, Group group, GroupCreateUpdateRequestModel groupRequestModel, SutProvider<GroupsController> sutProvider)
-    {
-        // Organization has not migrated
-        organization.FlexibleCollections = false;
-
-        // Contains at least one can manage
-        groupRequestModel.Collections.First().Manage = true;
-
-        group.OrganizationId = organization.Id;
-
-        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
-        sutProvider.GetDependency<IGroupRepository>().GetByIdAsync(group.Id).Returns(group);
-        sutProvider.GetDependency<ICurrentContext>().OrganizationId.Returns(organization.Id);
-
-        await sutProvider.GetDependency<IUpdateGroupCommand>().DidNotReceiveWithAnyArgs().UpdateGroupAsync(default, default, default, default);
-        await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.Put(group.Id, groupRequestModel));
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task Post_Success_AfterFlexibleCollectionMigration(Organization organization, GroupCreateUpdateRequestModel groupRequestModel, SutProvider<GroupsController> sutProvider)
+    public async Task Post_Success(Organization organization, GroupCreateUpdateRequestModel groupRequestModel, SutProvider<GroupsController> sutProvider)
    {
        // Organization has migrated
        organization.FlexibleCollections = true;
@ -137,18 +38,17 @@ public class GroupsControllerTests
        await sutProvider.GetDependency<ICreateGroupCommand>().Received(1).CreateGroupAsync(
            Arg.Is<Group>(g =>
                g.OrganizationId == organization.Id && g.Name == groupRequestModel.Name &&
-                g.AccessAll == groupRequestModel.AccessAll && g.ExternalId == groupRequestModel.ExternalId),
+                g.ExternalId == groupRequestModel.ExternalId),
            organization,
            Arg.Any<ICollection<CollectionAccessSelection>>());

        Assert.Equal(groupRequestModel.Name, responseValue.Name);
-        Assert.Equal(groupRequestModel.AccessAll, responseValue.AccessAll);
        Assert.Equal(groupRequestModel.ExternalId, responseValue.ExternalId);
    }

    [Theory]
    [BitAutoData]
-    public async Task Put_Success_AfterFlexibleCollectionMigration(Organization organization, Group group, GroupCreateUpdateRequestModel groupRequestModel, SutProvider<GroupsController> sutProvider)
+    public async Task Put_Success(Organization organization, Group group, GroupCreateUpdateRequestModel groupRequestModel, SutProvider<GroupsController> sutProvider)
    {
        // Organization has migrated
        organization.FlexibleCollections = true;
@ -168,12 +68,11 @@ public class GroupsControllerTests
        await sutProvider.GetDependency<IUpdateGroupCommand>().Received(1).UpdateGroupAsync(
            Arg.Is<Group>(g =>
                g.OrganizationId == organization.Id && g.Name == groupRequestModel.Name &&
-                g.AccessAll == groupRequestModel.AccessAll && g.ExternalId == groupRequestModel.ExternalId),
+                g.ExternalId == groupRequestModel.ExternalId),
            Arg.Is<Organization>(o => o.Id == organization.Id),
            Arg.Any<ICollection<CollectionAccessSelection>>());

        Assert.Equal(groupRequestModel.Name, responseValue.Name);
-        Assert.Equal(groupRequestModel.AccessAll, responseValue.AccessAll);
        Assert.Equal(groupRequestModel.ExternalId, responseValue.ExternalId);
    }
 }