From cb6c411b400bb25d5d8e56b3918a695454c15114 Mon Sep 17 00:00:00 2001 From: Rui Tome Date: Mon, 23 Oct 2023 20:37:41 +0100 Subject: [PATCH] [AC-1748] Fixed logic to set manage = true for collections if user has EditAssignedCollection permission --- .../Implementations/CollectionService.cs | 8 +-- .../Implementations/OrganizationService.cs | 63 ++++++++----------- 2 files changed, 27 insertions(+), 44 deletions(-) diff --git a/src/Core/Services/Implementations/CollectionService.cs b/src/Core/Services/Implementations/CollectionService.cs index ec99e0fb99..9c3eefd8f8 100644 --- a/src/Core/Services/Implementations/CollectionService.cs +++ b/src/Core/Services/Implementations/CollectionService.cs @@ -69,20 +69,16 @@ public class CollectionService : ICollectionService else { // If not using Flexible Collections - // all users with EditAnyCollection permission should have Can Manage permission for the collection + // all users with EditAssignedCollections permission should have Manage permission for the collection var organizationUsers = await _organizationUserRepository .GetManyByOrganizationAsync(collection.OrganizationId, null); - foreach (var orgUser in organizationUsers.Where(ou => ou.GetPermissions()?.EditAnyCollection ?? false)) + foreach (var orgUser in organizationUsers.Where(ou => ou.GetPermissions()?.EditAssignedCollections ?? false)) { var user = usersList.FirstOrDefault(u => u.Id == orgUser.Id); if (user != null) { user.Manage = true; } - else - { - usersList.Add(new CollectionAccessSelection { Id = orgUser.Id, Manage = true }); - } } } diff --git a/src/Core/Services/Implementations/OrganizationService.cs b/src/Core/Services/Implementations/OrganizationService.cs index b47520a6c8..51216d82a0 100644 --- a/src/Core/Services/Implementations/OrganizationService.cs +++ b/src/Core/Services/Implementations/OrganizationService.cs @@ -919,22 +919,11 @@ public class OrganizationService : IOrganizationService orgUser.Permissions = JsonSerializer.Serialize(invite.Permissions, JsonHelpers.CamelCase); } - var collections = invite.Collections; - if (!FlexibleCollectionsIsEnabled) - { - // If not using Flexible Collections - add access to all collections if user has EditAnyCollection or AccessAll permissions - if (orgUser.GetPermissions()?.EditAnyCollection ?? false) - { - var orgCollections = await _collectionRepository.GetManyByOrganizationIdAsync(orgUser.OrganizationId); - collections = orgCollections.Select(c => new CollectionAccessSelection { Id = c.Id, Manage = true }); - } - else if (orgUser.AccessAll) - { - var orgCollections = await _collectionRepository.GetManyByOrganizationIdAsync(orgUser.OrganizationId); - collections = orgCollections.Select(c => new CollectionAccessSelection { Id = c.Id, ReadOnly = true }); - } - } - limitedCollectionOrgUsers.Add((orgUser, collections)); + // If Flexible Collections is disabled and the user has EditAssignedCollections permission + // grant Manage permission for all assigned collections + invite.Collections = ApplyManageCollectionPermissions(orgUser, invite.Collections); + + limitedCollectionOrgUsers.Add((orgUser, invite.Collections)); if (invite.Groups != null && invite.Groups.Any()) { @@ -1021,7 +1010,7 @@ public class OrganizationService : IOrganizationService throw new AggregateException("One or more errors occurred while inviting users.", exceptions); } - return (limitedCollectionOrgUsers.Select(orgUser => orgUser.Item1).ToList(), events); + return (limitedCollectionOrgUsers.Select(o => o.Item1).ToList(), events); } public async Task>> ResendInvitesAsync(Guid organizationId, Guid? invitingUserId, @@ -1447,25 +1436,9 @@ public class OrganizationService : IOrganizationService } } - // If not using Flexible Collections - add access to all collections if user has EditAnyCollection or AccessAll permissions - if (!FlexibleCollectionsIsEnabled) - { - if (user.GetPermissions()?.EditAnyCollection ?? false) - { - var orgCollections = await _collectionRepository.GetManyByOrganizationIdAsync(user.OrganizationId); - collections = orgCollections.Select(c => new CollectionAccessSelection { Id = c.Id, Manage = true }); - } - else if (user.AccessAll) - { - var orgCollections = await _collectionRepository.GetManyByOrganizationIdAsync(user.OrganizationId); - collections = orgCollections.Select(c => new CollectionAccessSelection { Id = c.Id, ReadOnly = true }); - } - else - { - collections = collections.Where(c => !c.Manage); - } - } - + // If Flexible Collections is disabled and the user has EditAssignedCollections permission + // grant Manage permission for all assigned collections + collections = ApplyManageCollectionPermissions(user, collections); await _organizationUserRepository.ReplaceAsync(user, collections); if (groups != null) @@ -2090,7 +2063,7 @@ public class OrganizationService : IOrganizationService throw new BadRequestException("Custom users can not manage Admins or Owners."); } - if (newType == OrganizationUserType.Custom && !await ValidateCustomPermissionsGrantAsync(organizationId, permissions)) + if (newType == OrganizationUserType.Custom && !await ValidateCustomPermissionsGrant(organizationId, permissions)) { throw new BadRequestException("Custom users can only grant the same custom permissions that they have."); } @@ -2115,7 +2088,7 @@ public class OrganizationService : IOrganizationService } } - private async Task ValidateCustomPermissionsGrantAsync(Guid organizationId, Permissions permissions) + private async Task ValidateCustomPermissionsGrant(Guid organizationId, Permissions permissions) { if (permissions == null || await _currentContext.OrganizationAdmin(organizationId)) { @@ -2570,4 +2543,18 @@ public class OrganizationService : IOrganizationService await _collectionRepository.CreateAsync(defaultCollection); } } + + private IEnumerable ApplyManageCollectionPermissions(OrganizationUser orgUser, IEnumerable collections) + { + if (!FlexibleCollectionsIsEnabled && (orgUser.GetPermissions()?.EditAssignedCollections ?? false)) + { + return collections.Select(c => + { + c.Manage = true; + return c; + }).ToList(); + } + + return collections; + } }