nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-05-07 12:42:24 -05:00
Code

[PM-19383] add admin endpoint, fix typecasting error (#5681)

Browse Source 
* add admin endpoint, fix typecasting error

* fix typecast issue

* wip

* cleanup
This commit is contained in:
Brandon Treston 2025-05-05 13:36:43 -04:00 committed by GitHub
parent 887fa46374
commit e2f0ddf373
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 21 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/Api/Vault/Controllers/CiphersController.cs
View File

@ -1241,6 +1241,20 @@ public class CiphersController : Controller
return new CipherMiniResponseModel(cipher, _globalSettings, cipher.OrganizationUseTotp);
}
[HttpGet("{id}/attachment/{attachmentId}/admin")]
public async Task<AttachmentResponseModel> GetAttachmentDataAdmin(Guid id, string attachmentId)
{
var cipher = await _cipherRepository.GetOrganizationDetailsByIdAsync(id);
if (cipher == null || !cipher.OrganizationId.HasValue ||
!await CanEditCipherAsAdminAsync(cipher.OrganizationId.Value, new[] { cipher.Id }))
{
throw new NotFoundException();
}
var result = await _cipherService.GetAttachmentDownloadDataAsync(cipher, attachmentId);
return new AttachmentResponseModel(result);
}
[HttpGet("{id}/attachment/{attachmentId}")]
public async Task<AttachmentResponseModel> GetAttachmentData(Guid id, string attachmentId)
{
@ -1287,18 +1301,17 @@ public class CiphersController : Controller
[HttpDelete("{id}/attachment/{attachmentId}/admin")]
[HttpPost("{id}/attachment/{attachmentId}/delete-admin")]
public async Task DeleteAttachmentAdmin(string id, string attachmentId)
public async Task<DeleteAttachmentResponseData> DeleteAttachmentAdmin(Guid id, string attachmentId)
{
var idGuid = new Guid(id);
var userId = _userService.GetProperUserId(User).Value;
var cipher = await _cipherRepository.GetByIdAsync(idGuid);
var cipher = await _cipherRepository.GetByIdAsync(id);
if (cipher == null || !cipher.OrganizationId.HasValue ||
!await CanEditCipherAsAdminAsync(cipher.OrganizationId.Value, new[] { cipher.Id }))
{
throw new NotFoundException();
}
await _cipherService.DeleteAttachmentAsync(cipher, attachmentId, userId, true);
return await _cipherService.DeleteAttachmentAsync(cipher, attachmentId, userId, true);
}
[AllowAnonymous]

8
src/Core/Vault/Services/Implementations/CipherService.cs
View File

@ -379,7 +379,7 @@ public class CipherService : ICipherService
if (!valid || realSize > MAX_FILE_SIZE)
{
// File reported differs in size from that promised. Must be a rogue client. Delete Send
await DeleteAttachmentAsync(cipher, attachmentData);
await DeleteAttachmentAsync(cipher, attachmentData, false);
return false;
}
// Update Send data if necessary
@ -483,7 +483,7 @@ public class CipherService : ICipherService
throw new NotFoundException();
}
return await DeleteAttachmentAsync(cipher, cipher.GetAttachments()[attachmentId]);
return await DeleteAttachmentAsync(cipher, cipher.GetAttachments()[attachmentId], orgAdmin);
}
public async Task PurgeAsync(Guid organizationId)
@ -877,7 +877,7 @@ public class CipherService : ICipherService
}
}
private async Task<DeleteAttachmentResponseData> DeleteAttachmentAsync(Cipher cipher, CipherAttachment.MetaData attachmentData)
private async Task<DeleteAttachmentResponseData> DeleteAttachmentAsync(Cipher cipher, CipherAttachment.MetaData attachmentData, bool orgAdmin)
{
if (attachmentData == null || string.IsNullOrWhiteSpace(attachmentData.AttachmentId))
{
@ -891,7 +891,7 @@ public class CipherService : ICipherService
// Update the revision date when an attachment is deleted
cipher.RevisionDate = DateTime.UtcNow;
await _cipherRepository.ReplaceAsync((CipherDetails)cipher);
await _cipherRepository.ReplaceAsync(orgAdmin ? cipher : (CipherDetails)cipher);
// push
await _pushService.PushSyncCipherUpdateAsync(cipher, null);