Only org policy (#962)

* added OnlyOrg to PolicyType enum

* blocked accepting new org invitations if OnlyOrg is relevant to the userOrg

* blocked creating new orgs if already in an org with OnlyOrg enabled

* created email alert for OnlyOrg policy

* removed users & sent alerts when appropriate for the OnlyOrg policy

* added method to noop mail service

* cleanup for OnlyOrg policy server logic

* blocked confirming new org users if they have violated the OnlyOrg policy since accepting

* added localization strings needed for the OnlyOrg policy

* allowed OnlyOrg policy configuration from the portal

* used correct localization key for onlyorg

* formatting and messaging changes for OnlyOrg

* formatting

* messaging change

* code review changes for onlyorg

* slimmed down a conditional

* optimized getting many orgUser records from many userIds

* removed a test file

* sql formatting

* weirdness

* trying to resolve git diff formatting issues

src/Api/Controllers/OrganizationsController.cs

@@ -4,6 +4,7 @@ using System.Threading.Tasks;
 using Microsoft.AspNetCore.Mvc;
 using Bit.Core.Repositories;
 using Microsoft.AspNetCore.Authorization;
+using Bit.Core.Enums;
 using Bit.Core.Models.Api;
 using Bit.Core.Exceptions;
 using Bit.Core.Services;
@@ -25,6 +26,7 @@ namespace Bit.Api.Controllers
         private readonly IPaymentService _paymentService;
         private readonly CurrentContext _currentContext;
         private readonly GlobalSettings _globalSettings;
+        private readonly IPolicyRepository _policyRepository;
 
         public OrganizationsController(
             IOrganizationRepository organizationRepository,
@@ -33,7 +35,8 @@ namespace Bit.Api.Controllers
             IUserService userService,
             IPaymentService paymentService,
             CurrentContext currentContext,
-            GlobalSettings globalSettings)
+            GlobalSettings globalSettings,
+            IPolicyRepository policyRepository)
         {
             _organizationRepository = organizationRepository;
             _organizationUserRepository = organizationUserRepository;
@@ -42,6 +45,7 @@ namespace Bit.Api.Controllers
             _paymentService = paymentService;
             _currentContext = currentContext;
             _globalSettings = globalSettings;
+            _policyRepository = policyRepository;
         }
 
         [HttpGet("{id}")]
@@ -156,6 +160,13 @@ namespace Bit.Api.Controllers
                 throw new Exception("Invalid plan selected.");
             }
 
+            var policies = await _policyRepository.GetManyByUserIdAsync(user.Id);
+            if (policies.Any(policy => policy.Type == PolicyType.OnlyOrg))
+            {
+                throw new Exception("You may not create an organization. You belong to an organization " +
+                     "which has a policy that prohibits you from being a member of any other organization.");
+            }
+
             var organizationSignup = model.ToOrganizationSignup(user);
             var result = await _organizationService.SignUpAsync(organizationSignup);
             return new OrganizationResponseModel(result.Item1);
@@ -177,6 +188,13 @@ namespace Bit.Api.Controllers
                 throw new BadRequestException("Invalid license");
             }
 
+            var policies = await _policyRepository.GetManyByUserIdAsync(user.Id);
+            if (policies.Any(policy => policy.Type == PolicyType.OnlyOrg))
+            {
+                throw new Exception("You may not create an organization. You belong to an organization " +
+                     "which has a policy that prohibits you from being a member of any other organization.");
+            }
+
             var result = await _organizationService.SignUpAsync(license, user, model.Key, model.CollectionName);
             return new OrganizationResponseModel(result.Item1);
         }