mirror of
https://github.com/bitwarden/server.git
synced 2025-07-14 14:17:35 -05:00
[AC-1374] Limit collection creation/deletion to Owner/Admin (#3145)
* feat: update org table with new column, write migration, refs AC-1374 * feat: update views with new column, refs AC-1374 * feat: Alter sprocs (org create/update) to include new column, refs AC-1374 * feat: update entity/data/request/response models to handle new column, refs AC-1374 * feat: update necessary Provider related views during migration, refs AC-1374 * fix: update org create to default new column to false, refs AC-1374 * feat: added new API/request model for collection management and removed property from update request model, refs AC-1374 * fix: renamed migration script to be after secrets manage beta column changes, refs AC-1374 * fix: dotnet format, refs AC-1374 * feat: add ef migrations to reflect mssql changes, refs AC-1374 * fix: dotnet format, refs AC-1374 * feat: update API signature to accept Guid and explain Cd verbiage, refs AC-1374
This commit is contained in:
Vincent Salucci
@ -789,4 +789,17 @@ public class OrganizationsController : Controller
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
[HttpPut("{id}/collection-management")]
|
||||
public async Task<OrganizationResponseModel> PutCollectionManagement(Guid id, [FromBody] OrganizationCollectionManagementUpdateRequestModel model)
|
||||
{
|
||||
var organization = await _organizationRepository.GetByIdAsync(id);
|
||||
if (organization == null)
|
||||
{
|
||||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
await _organizationService.UpdateAsync(model.ToOrganization(organization));
|
||||
return new OrganizationResponseModel(organization);
|
||||
}
|
||||
}
|
||||
|
||||
@ -0,0 +1,14 @@
|
||||
using Bit.Core.Entities;
|
||||
|
||||
namespace Bit.Api.Models.Request.Organizations;
|
||||
|
||||
public class OrganizationCollectionManagementUpdateRequestModel
|
||||
{
|
||||
public bool LimitCreateDeleteOwnerAdmin { get; set; }
|
||||
|
||||
public virtual Organization ToOrganization(Organization existingOrganization)
|
||||
{
|
||||
existingOrganization.LimitCollectionCdOwnerAdmin = LimitCreateDeleteOwnerAdmin;
|
||||
return existingOrganization;
|
||||
}
|
||||
}
|
||||
@ -58,6 +58,7 @@ public class OrganizationResponseModel : ResponseModel
|
||||
SmServiceAccounts = organization.SmServiceAccounts;
|
||||
MaxAutoscaleSmSeats = organization.MaxAutoscaleSmSeats;
|
||||
MaxAutoscaleSmServiceAccounts = organization.MaxAutoscaleSmServiceAccounts;
|
||||
LimitCollectionCdOwnerAdmin = organization.LimitCollectionCdOwnerAdmin;
|
||||
}
|
||||
|
||||
public Guid Id { get; set; }
|
||||
@ -97,6 +98,7 @@ public class OrganizationResponseModel : ResponseModel
|
||||
public int? SmServiceAccounts { get; set; }
|
||||
public int? MaxAutoscaleSmSeats { get; set; }
|
||||
public int? MaxAutoscaleSmServiceAccounts { get; set; }
|
||||
public bool LimitCollectionCdOwnerAdmin { get; set; }
|
||||
}
|
||||
|
||||
public class OrganizationSubscriptionResponseModel : OrganizationResponseModel
|
||||
|
||||
@ -60,6 +60,7 @@ public class ProfileOrganizationResponseModel : ResponseModel
|
||||
FamilySponsorshipToDelete = organization.FamilySponsorshipToDelete;
|
||||
FamilySponsorshipValidUntil = organization.FamilySponsorshipValidUntil;
|
||||
AccessSecretsManager = organization.AccessSecretsManager;
|
||||
LimitCollectionCdOwnerAdmin = organization.LimitCollectionCdOwnerAdmin;
|
||||
|
||||
if (organization.SsoConfig != null)
|
||||
{
|
||||
@ -113,4 +114,5 @@ public class ProfileOrganizationResponseModel : ResponseModel
|
||||
public DateTime? FamilySponsorshipValidUntil { get; set; }
|
||||
public bool? FamilySponsorshipToDelete { get; set; }
|
||||
public bool AccessSecretsManager { get; set; }
|
||||
public bool LimitCollectionCdOwnerAdmin { get; set; }
|
||||
}
|
||||
|
||||
@ -78,6 +78,10 @@ public class Organization : ITableObject<Guid>, ISubscriber, IStorable, IStorabl
|
||||
public int? MaxAutoscaleSmSeats { get; set; }
|
||||
public int? MaxAutoscaleSmServiceAccounts { get; set; }
|
||||
public bool SecretsManagerBeta { get; set; }
|
||||
/// <summary>
|
||||
/// Refers to the ability for an organization to limit collection creation and deletion to owners and admins only
|
||||
/// </summary>
|
||||
public bool LimitCollectionCdOwnerAdmin { get; set; }
|
||||
|
||||
public void SetNewId()
|
||||
{
|
||||
|
||||
@ -48,4 +48,5 @@ public class OrganizationUserOrganizationDetails
|
||||
public bool UsePasswordManager { get; set; }
|
||||
public int? SmSeats { get; set; }
|
||||
public int? SmServiceAccounts { get; set; }
|
||||
public bool LimitCollectionCdOwnerAdmin { get; set; }
|
||||
}
|
||||
|
||||
@ -142,6 +142,7 @@ public class SelfHostedOrganizationDetails : Organization
|
||||
RevisionDate = RevisionDate,
|
||||
MaxAutoscaleSeats = MaxAutoscaleSeats,
|
||||
OwnersNotifiedOfAutoscaling = OwnersNotifiedOfAutoscaling,
|
||||
LimitCollectionCdOwnerAdmin = LimitCollectionCdOwnerAdmin,
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
@ -107,6 +107,9 @@ public class DatabaseContext : DbContext
|
||||
eGroup.Property(c => c.Id).ValueGeneratedNever();
|
||||
eInstallation.Property(c => c.Id).ValueGeneratedNever();
|
||||
eOrganization.Property(c => c.Id).ValueGeneratedNever();
|
||||
eOrganization.Property(c => c.LimitCollectionCdOwnerAdmin)
|
||||
.ValueGeneratedNever()
|
||||
.HasDefaultValue(true);
|
||||
eOrganizationSponsorship.Property(c => c.Id).ValueGeneratedNever();
|
||||
eOrganizationUser.Property(c => c.Id).ValueGeneratedNever();
|
||||
ePolicy.Property(c => c.Id).ValueGeneratedNever();
|
||||
|
||||
@ -50,7 +50,8 @@
|
||||
@SmServiceAccounts INT = null,
|
||||
@MaxAutoscaleSmSeats INT= null,
|
||||
@MaxAutoscaleSmServiceAccounts INT = null,
|
||||
@SecretsManagerBeta BIT = 0
|
||||
@SecretsManagerBeta BIT = 0,
|
||||
@LimitCollectionCdOwnerAdmin BIT = 0
|
||||
AS
|
||||
BEGIN
|
||||
SET NOCOUNT ON
|
||||
@ -108,7 +109,8 @@ BEGIN
|
||||
[SmServiceAccounts],
|
||||
[MaxAutoscaleSmSeats],
|
||||
[MaxAutoscaleSmServiceAccounts],
|
||||
[SecretsManagerBeta]
|
||||
[SecretsManagerBeta],
|
||||
[LimitCollectionCdOwnerAdmin]
|
||||
)
|
||||
VALUES
|
||||
(
|
||||
@ -163,6 +165,7 @@ BEGIN
|
||||
@SmServiceAccounts,
|
||||
@MaxAutoscaleSmSeats,
|
||||
@MaxAutoscaleSmServiceAccounts,
|
||||
@SecretsManagerBeta
|
||||
@SecretsManagerBeta,
|
||||
@LimitCollectionCdOwnerAdmin
|
||||
)
|
||||
END
|
||||
@ -50,7 +50,8 @@
|
||||
@SmServiceAccounts INT = null,
|
||||
@MaxAutoscaleSmSeats INT = null,
|
||||
@MaxAutoscaleSmServiceAccounts INT = null,
|
||||
@SecretsManagerBeta BIT = 0
|
||||
@SecretsManagerBeta BIT = 0,
|
||||
@LimitCollectionCdOwnerAdmin BIT = 1
|
||||
AS
|
||||
BEGIN
|
||||
SET NOCOUNT ON
|
||||
@ -108,7 +109,8 @@ BEGIN
|
||||
[SmServiceAccounts] = @SmServiceAccounts,
|
||||
[MaxAutoscaleSmSeats] = @MaxAutoscaleSmSeats,
|
||||
[MaxAutoscaleSmServiceAccounts] = @MaxAutoscaleSmServiceAccounts,
|
||||
[SecretsManagerBeta] = @SecretsManagerBeta
|
||||
[SecretsManagerBeta] = @SecretsManagerBeta,
|
||||
[LimitCollectionCdOwnerAdmin] = @LimitCollectionCdOwnerAdmin
|
||||
WHERE
|
||||
[Id] = @Id
|
||||
END
|
||||
|
||||
@ -51,6 +51,7 @@
|
||||
[MaxAutoscaleSmSeats] INT NULL,
|
||||
[MaxAutoscaleSmServiceAccounts] INT NULL,
|
||||
[SecretsManagerBeta] BIT NOT NULL CONSTRAINT [DF_Organization_SecretsManagerBeta] DEFAULT (0),
|
||||
[LimitCollectionCdOwnerAdmin] BIT NOT NULL CONSTRAINT [DF_Organization_LimitCollectionCdOwnerAdmin] DEFAULT (1),
|
||||
CONSTRAINT [PK_Organization] PRIMARY KEY CLUSTERED ([Id] ASC)
|
||||
);
|
||||
|
||||
|
||||
@ -44,7 +44,8 @@ SELECT
|
||||
OU.[AccessSecretsManager],
|
||||
O.[UsePasswordManager],
|
||||
O.[SmSeats],
|
||||
O.[SmServiceAccounts]
|
||||
O.[SmServiceAccounts],
|
||||
O.[LimitCollectionCdOwnerAdmin]
|
||||
FROM
|
||||
[dbo].[OrganizationUser] OU
|
||||
LEFT JOIN
|
||||
|
||||
Reference in New Issue
Block a user