nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-01 16:12:49 -05:00
Code Activity

[AC-1880] Public API - Deprecated properties (#3706)

Browse Source 
* feat: remove required for AccessAll and add xmldoc for usage restrictions, refs AC-1880

* feat: add validation for create group workflow wrt manage property, refs AC-1880

* feat: add validation for update group workflow wrt manage property, refs AC-1880

* feat: add validation for create and update member workflow wrt manage property, refs AC-1880

* feat: add validation for update collection workflow wrt manage property, refs AC-1880

* fix: flaky Public/GroupsControllerTests + more test coverage, refs AC-1880
This commit is contained in:
Vincent Salucci
2024-02-08 07:44:36 -06:00
committed by GitHub
parent 7747744ff9
commit d29755de5a
18 changed files with 221 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/Core/Services/Implementations/CollectionService.cs
View File

@ -55,15 +55,25 @@ public class CollectionService : ICollectionService
var groupsList = groups?.ToList();
var usersList = users?.ToList();
// If using Flexible Collections - a collection should always have someone with Can Manage permissions
if (org.FlexibleCollections && _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1))
if (org.FlexibleCollections)
{
var groupHasManageAccess = groupsList?.Any(g => g.Manage) ?? false;
var userHasManageAccess = usersList?.Any(u => u.Manage) ?? false;
if (!groupHasManageAccess && !userHasManageAccess && !org.AllowAdminAccessToAllCollectionItems)
// Cannot use Manage with ReadOnly/HidePasswords permissions
var invalidAssociations = groupsList?.Where(cas => cas.Manage && (cas.ReadOnly || cas.HidePasswords));
if (invalidAssociations?.Any() ?? false)
{
throw new BadRequestException(
"At least one member or group must have can manage permission.");
throw new BadRequestException("The Manage property is mutually exclusive and cannot be true while the ReadOnly or HidePasswords properties are also true.");
}
// If using Flexible Collections V1 - a collection should always have someone with Can Manage permissions
if (_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1))
{
var groupHasManageAccess = groupsList?.Any(g => g.Manage) ?? false;
var userHasManageAccess = usersList?.Any(u => u.Manage) ?? false;
if (!groupHasManageAccess && !userHasManageAccess && !org.AllowAdminAccessToAllCollectionItems)
{
throw new BadRequestException(
"At least one member or group must have can manage permission.");
}
}
}