[AC-1330] [AC-1816] Deprecate AccessAll in CollectionCipher sprocs (#3480)

2025-07-03 00:52:49 -05:00 · 2023-12-06 11:10:39 +10:00
parent 59879f913b
commit dbf8907bfc
16 changed files with 582 additions and 42 deletions
--- a/src/Infrastructure.EntityFramework/Repositories/CollectionCipherRepository.cs
+++ b/src/Infrastructure.EntityFramework/Repositories/CollectionCipherRepository.cs
@ -46,31 +46,31 @@ public class CollectionCipherRepository : BaseEntityFrameworkRepository, ICollec
        }
    }

-    public async Task<ICollection<CollectionCipher>> GetManyByUserIdAsync(Guid userId)
+    public async Task<ICollection<CollectionCipher>> GetManyByUserIdAsync(Guid userId, bool useFlexibleCollections)
    {
        using (var scope = ServiceScopeFactory.CreateScope())
        {
            var dbContext = GetDatabaseContext(scope);
-            var data = await new CollectionCipherReadByUserIdQuery(userId)
+            var data = await new CollectionCipherReadByUserIdQuery(userId, useFlexibleCollections)
                .Run(dbContext)
                .ToArrayAsync();
            return data;
        }
    }

-    public async Task<ICollection<CollectionCipher>> GetManyByUserIdCipherIdAsync(Guid userId, Guid cipherId)
+    public async Task<ICollection<CollectionCipher>> GetManyByUserIdCipherIdAsync(Guid userId, Guid cipherId, bool useFlexibleCollections)
    {
        using (var scope = ServiceScopeFactory.CreateScope())
        {
            var dbContext = GetDatabaseContext(scope);
-            var data = await new CollectionCipherReadByUserIdCipherIdQuery(userId, cipherId)
+            var data = await new CollectionCipherReadByUserIdCipherIdQuery(userId, cipherId, useFlexibleCollections)
                .Run(dbContext)
                .ToArrayAsync();
            return data;
        }
    }

-    public async Task UpdateCollectionsAsync(Guid cipherId, Guid userId, IEnumerable<Guid> collectionIds)
+    public async Task UpdateCollectionsAsync(Guid cipherId, Guid userId, IEnumerable<Guid> collectionIds, bool useFlexibleCollections)
    {
        using (var scope = ServiceScopeFactory.CreateScope())
        {
@ -81,7 +81,17 @@ public class CollectionCipherRepository : BaseEntityFrameworkRepository, ICollec
                .Select(c => c.OrganizationId)
                .FirstAsync();

-            var availableCollections = await (from c in dbContext.Collections
+            List<Guid> availableCollections;
+            if (useFlexibleCollections)
+            {
+                var availableCollectionsQuery = new CollectionsReadByOrganizationIdUserIdQuery(organizationId, userId);
+                availableCollections = await availableCollectionsQuery
+                    .Run(dbContext)
+                    .Select(c => c.Id).ToListAsync();
+            }
+            else
+            {
+                availableCollections = await (from c in dbContext.Collections
                                              join o in dbContext.Organizations on c.OrganizationId equals o.Id
                                              join ou in dbContext.OrganizationUsers
                                                 on new { OrganizationId = o.Id, UserId = (Guid?)userId } equals
@ -104,6 +114,8 @@ public class CollectionCipherRepository : BaseEntityFrameworkRepository, ICollec
                                                 && (ou.AccessAll || !cu.ReadOnly || g.AccessAll || !cg.ReadOnly)
                                              select c.Id).ToListAsync();

+            }
+
            var collectionCiphers = await (from cc in dbContext.CollectionCiphers
                                           where cc.CipherId == cipherId
                                           select cc).ToListAsync();
@ -176,12 +188,22 @@ public class CollectionCipherRepository : BaseEntityFrameworkRepository, ICollec
        }
    }

-    public async Task UpdateCollectionsForCiphersAsync(IEnumerable<Guid> cipherIds, Guid userId, Guid organizationId, IEnumerable<Guid> collectionIds)
+    public async Task UpdateCollectionsForCiphersAsync(IEnumerable<Guid> cipherIds, Guid userId, Guid organizationId, IEnumerable<Guid> collectionIds, bool useFlexibleCollections)
    {
        using (var scope = ServiceScopeFactory.CreateScope())
        {
            var dbContext = GetDatabaseContext(scope);
-            var availableCollections = from c in dbContext.Collections
+
+            IQueryable<Models.Collection> availableCollections;
+            if (useFlexibleCollections)
+            {
+                var availableCollectionsQuery = new CollectionsReadByOrganizationIdUserIdQuery(organizationId, userId);
+                availableCollections = availableCollectionsQuery
+                    .Run(dbContext);
+            }
+            else
+            {
+                availableCollections = from c in dbContext.Collections
                                       join o in dbContext.Organizations
                                           on c.OrganizationId equals o.Id
                                       join ou in dbContext.OrganizationUsers
@ -204,8 +226,10 @@ public class CollectionCipherRepository : BaseEntityFrameworkRepository, ICollec
                                       where !g.AccessAll && cg.CollectionId == c.Id &&
                                       (o.Id == organizationId && o.Enabled && ou.Status == OrganizationUserStatusType.Confirmed &&
                                       (ou.AccessAll || !cu.ReadOnly || g.AccessAll || !cg.ReadOnly))
-                                       select new { c, o, ou, cu, gu, g, cg };
-            var count = await availableCollections.CountAsync();
+                                       select c;
+
+            }
+
            if (await availableCollections.CountAsync() < 1)
            {
                return;
@ -213,7 +237,7 @@ public class CollectionCipherRepository : BaseEntityFrameworkRepository, ICollec

            var insertData = from collectionId in collectionIds
                             from cipherId in cipherIds
-                             where availableCollections.Select(x => x.c.Id).Contains(collectionId)
+                             where availableCollections.Select(c => c.Id).Contains(collectionId)
                             select new Models.CollectionCipher
                             {
                                 CollectionId = collectionId,
--- a/src/Infrastructure.EntityFramework/Repositories/Queries/CollectionCipherReadByUserIdCipherIdQuery.cs
+++ b/src/Infrastructure.EntityFramework/Repositories/Queries/CollectionCipherReadByUserIdCipherIdQuery.cs
@ -6,7 +6,7 @@ public class CollectionCipherReadByUserIdCipherIdQuery : CollectionCipherReadByU
 {
    private readonly Guid _cipherId;

-    public CollectionCipherReadByUserIdCipherIdQuery(Guid userId, Guid cipherId) : base(userId)
+    public CollectionCipherReadByUserIdCipherIdQuery(Guid userId, Guid cipherId, bool useFlexibleCollections) : base(userId, useFlexibleCollections)
    {
        _cipherId = cipherId;
    }
--- a/src/Infrastructure.EntityFramework/Repositories/Queries/CollectionCipherReadByUserIdQuery.cs
+++ b/src/Infrastructure.EntityFramework/Repositories/Queries/CollectionCipherReadByUserIdQuery.cs
@ -6,13 +6,58 @@ namespace Bit.Infrastructure.EntityFramework.Repositories.Queries;
 public class CollectionCipherReadByUserIdQuery : IQuery<CollectionCipher>
 {
    private readonly Guid _userId;
+    private readonly bool _useFlexibleCollections;

-    public CollectionCipherReadByUserIdQuery(Guid userId)
+    public CollectionCipherReadByUserIdQuery(Guid userId, bool useFlexibleCollections)
    {
        _userId = userId;
+        _useFlexibleCollections = useFlexibleCollections;
    }

    public virtual IQueryable<CollectionCipher> Run(DatabaseContext dbContext)
+    {
+        return _useFlexibleCollections
+            ? Run_VNext(dbContext)
+            : Run_VCurrent(dbContext);
+    }
+
+    private IQueryable<CollectionCipher> Run_VNext(DatabaseContext dbContext)
+    {
+        var query = from cc in dbContext.CollectionCiphers
+
+                    join c in dbContext.Collections
+                        on cc.CollectionId equals c.Id
+
+                    join ou in dbContext.OrganizationUsers
+                        on new { c.OrganizationId, UserId = (Guid?)_userId } equals
+                           new { ou.OrganizationId, ou.UserId }
+
+                    join cu in dbContext.CollectionUsers
+                        on new { CollectionId = c.Id, OrganizationUserId = ou.Id } equals
+                           new { cu.CollectionId, cu.OrganizationUserId } into cu_g
+                    from cu in cu_g.DefaultIfEmpty()
+
+                    join gu in dbContext.GroupUsers
+                        on new { CollectionId = (Guid?)cu.CollectionId, OrganizationUserId = ou.Id } equals
+                           new { CollectionId = (Guid?)null, gu.OrganizationUserId } into gu_g
+                    from gu in gu_g.DefaultIfEmpty()
+
+                    join g in dbContext.Groups
+                        on gu.GroupId equals g.Id into g_g
+                    from g in g_g.DefaultIfEmpty()
+
+                    join cg in dbContext.CollectionGroups
+                        on new { CollectionId = c.Id, gu.GroupId } equals
+                           new { cg.CollectionId, cg.GroupId } into cg_g
+                    from cg in cg_g.DefaultIfEmpty()
+
+                    where ou.Status == OrganizationUserStatusType.Confirmed &&
+                        (cu.CollectionId != null || cg.CollectionId != null)
+                    select cc;
+        return query;
+    }
+
+    private IQueryable<CollectionCipher> Run_VCurrent(DatabaseContext dbContext)
    {
        var query = from cc in dbContext.CollectionCiphers

--- a/src/Infrastructure.EntityFramework/Repositories/Queries/CollectionsReadByOrganizationIdUserIdQuery.cs
+++ b/src/Infrastructure.EntityFramework/Repositories/Queries/CollectionsReadByOrganizationIdUserIdQuery.cs
@ -0,0 +1,44 @@
+using Bit.Core.Enums;
+using Bit.Infrastructure.EntityFramework.Models;
+
+namespace Bit.Infrastructure.EntityFramework.Repositories.Queries;
+
+public class CollectionsReadByOrganizationIdUserIdQuery : IQuery<Collection>
+{
+    private readonly Guid? _organizationId;
+    private readonly Guid _userId;
+
+    public CollectionsReadByOrganizationIdUserIdQuery(Guid? organizationId, Guid userId)
+    {
+        _organizationId = organizationId;
+        _userId = userId;
+    }
+
+    public virtual IQueryable<Collection> Run(DatabaseContext dbContext)
+    {
+        var query = from c in dbContext.Collections
+                    join o in dbContext.Organizations on c.OrganizationId equals o.Id
+                    join ou in dbContext.OrganizationUsers
+                        on new { OrganizationId = o.Id, UserId = (Guid?)_userId } equals
+                        new { ou.OrganizationId, ou.UserId }
+                    join cu in dbContext.CollectionUsers
+                        on new { CollectionId = c.Id, OrganizationUserId = ou.Id } equals
+                        new { cu.CollectionId, cu.OrganizationUserId } into cu_g
+                    from cu in cu_g.DefaultIfEmpty()
+                    join gu in dbContext.GroupUsers
+                        on new { CollectionId = (Guid?)cu.CollectionId, OrganizationUserId = ou.Id } equals
+                        new { CollectionId = (Guid?)null, gu.OrganizationUserId } into gu_g
+                    from gu in gu_g.DefaultIfEmpty()
+                    join g in dbContext.Groups on gu.GroupId equals g.Id into g_g
+                    from g in g_g.DefaultIfEmpty()
+                    join cg in dbContext.CollectionGroups
+                        on new { CollectionId = c.Id, gu.GroupId } equals
+                        new { cg.CollectionId, cg.GroupId } into cg_g
+                    from cg in cg_g.DefaultIfEmpty()
+                    where o.Id == _organizationId && o.Enabled && ou.Status == OrganizationUserStatusType.Confirmed
+                          && (!cu.ReadOnly || !cg.ReadOnly)
+                    select c;
+
+        return query;
+    }
+}