diff --git a/src/Api/Vault/Controllers/CiphersController.cs b/src/Api/Vault/Controllers/CiphersController.cs index daaf8a03fb..0f03f54be1 100644 --- a/src/Api/Vault/Controllers/CiphersController.cs +++ b/src/Api/Vault/Controllers/CiphersController.cs @@ -16,6 +16,7 @@ using Bit.Core.Services; using Bit.Core.Settings; using Bit.Core.Tools.Services; using Bit.Core.Utilities; +using Bit.Core.Vault.Authorization.Permissions; using Bit.Core.Vault.Entities; using Bit.Core.Vault.Models.Data; using Bit.Core.Vault.Queries; @@ -345,6 +346,77 @@ public class CiphersController : Controller return await CanEditCiphersAsync(organizationId, cipherIds); } + private async Task CanDeleteOrRestoreCipherAsAdminAsync(Guid organizationId, IEnumerable cipherIds) + { + if (!_featureService.IsEnabled(FeatureFlagKeys.LimitItemDeletion)) + { + return await CanEditCipherAsAdminAsync(organizationId, cipherIds); + } + + var org = _currentContext.GetOrganization(organizationId); + + // If we're not an "admin", we don't need to check the ciphers + if (org is not ({ Type: OrganizationUserType.Owner or OrganizationUserType.Admin } or { Permissions.EditAnyCollection: true })) + { + // Are we a provider user? If so, we need to be sure we're not restricted + // Once the feature flag is removed, this check can be combined with the above + if (await _currentContext.ProviderUserForOrgAsync(organizationId)) + { + // Provider is restricted from editing ciphers, so we're not an "admin" + if (_featureService.IsEnabled(FeatureFlagKeys.RestrictProviderAccess)) + { + return false; + } + + // Provider is unrestricted, so we're an "admin", don't return early + } + else + { + // Not a provider or admin + return false; + } + } + + // If the user can edit all ciphers for the organization, just check they all belong to the org + if (await CanEditAllCiphersAsync(organizationId)) + { + // TODO: This can likely be optimized to only query the requested ciphers and then checking they belong to the org + var orgCiphers = (await _cipherRepository.GetManyByOrganizationIdAsync(organizationId)).ToDictionary(c => c.Id); + + // Ensure all requested ciphers are in orgCiphers + return cipherIds.All(c => orgCiphers.ContainsKey(c)); + } + + // The user cannot access any ciphers for the organization, we're done + if (!await CanAccessOrganizationCiphersAsync(organizationId)) + { + return false; + } + + var user = await _userService.GetUserByPrincipalAsync(User); + // Select all deletable ciphers for this user belonging to the organization + var deletableOrgCipherList = (await _cipherRepository.GetManyByUserIdAsync(user.Id, true)) + .Where(c => c.OrganizationId == organizationId && c.UserId == null).ToList(); + + // Special case for unassigned ciphers + if (await CanAccessUnassignedCiphersAsync(organizationId)) + { + var unassignedCiphers = + (await _cipherRepository.GetManyUnassignedOrganizationDetailsByOrganizationIdAsync( + organizationId)); + + // Users that can access unassigned ciphers can also delete them + deletableOrgCipherList.AddRange(unassignedCiphers.Select(c => new CipherDetails(c) { Manage = true })); + } + + var organizationAbility = await _applicationCacheService.GetOrganizationAbilityAsync(organizationId); + var deletableOrgCiphers = deletableOrgCipherList + .Where(c => NormalCipherPermissions.CanDelete(user, c, organizationAbility)) + .ToDictionary(c => c.Id); + + return cipherIds.All(c => deletableOrgCiphers.ContainsKey(c)); + } + /// /// TODO: Move this to its own authorization handler or equivalent service - AC-2062 /// @@ -763,12 +835,12 @@ public class CiphersController : Controller [HttpDelete("{id}/admin")] [HttpPost("{id}/delete-admin")] - public async Task DeleteAdmin(string id) + public async Task DeleteAdmin(Guid id) { var userId = _userService.GetProperUserId(User).Value; - var cipher = await _cipherRepository.GetByIdAsync(new Guid(id)); + var cipher = await GetByIdAsync(id, userId); if (cipher == null || !cipher.OrganizationId.HasValue || - !await CanEditCipherAsAdminAsync(cipher.OrganizationId.Value, new[] { cipher.Id })) + !await CanDeleteOrRestoreCipherAsAdminAsync(cipher.OrganizationId.Value, new[] { cipher.Id })) { throw new NotFoundException(); } @@ -808,7 +880,7 @@ public class CiphersController : Controller var cipherIds = model.Ids.Select(i => new Guid(i)).ToList(); if (string.IsNullOrWhiteSpace(model.OrganizationId) || - !await CanEditCipherAsAdminAsync(new Guid(model.OrganizationId), cipherIds)) + !await CanDeleteOrRestoreCipherAsAdminAsync(new Guid(model.OrganizationId), cipherIds)) { throw new NotFoundException(); } @@ -830,12 +902,12 @@ public class CiphersController : Controller } [HttpPut("{id}/delete-admin")] - public async Task PutDeleteAdmin(string id) + public async Task PutDeleteAdmin(Guid id) { var userId = _userService.GetProperUserId(User).Value; - var cipher = await _cipherRepository.GetByIdAsync(new Guid(id)); + var cipher = await GetByIdAsync(id, userId); if (cipher == null || !cipher.OrganizationId.HasValue || - !await CanEditCipherAsAdminAsync(cipher.OrganizationId.Value, new[] { cipher.Id })) + !await CanDeleteOrRestoreCipherAsAdminAsync(cipher.OrganizationId.Value, new[] { cipher.Id })) { throw new NotFoundException(); } @@ -871,7 +943,7 @@ public class CiphersController : Controller var cipherIds = model.Ids.Select(i => new Guid(i)).ToList(); if (string.IsNullOrWhiteSpace(model.OrganizationId) || - !await CanEditCipherAsAdminAsync(new Guid(model.OrganizationId), cipherIds)) + !await CanDeleteOrRestoreCipherAsAdminAsync(new Guid(model.OrganizationId), cipherIds)) { throw new NotFoundException(); } @@ -899,12 +971,12 @@ public class CiphersController : Controller } [HttpPut("{id}/restore-admin")] - public async Task PutRestoreAdmin(string id) + public async Task PutRestoreAdmin(Guid id) { var userId = _userService.GetProperUserId(User).Value; - var cipher = await _cipherRepository.GetOrganizationDetailsByIdAsync(new Guid(id)); + var cipher = await GetByIdAsync(id, userId); if (cipher == null || !cipher.OrganizationId.HasValue || - !await CanEditCipherAsAdminAsync(cipher.OrganizationId.Value, new[] { cipher.Id })) + !await CanDeleteOrRestoreCipherAsAdminAsync(cipher.OrganizationId.Value, new[] { cipher.Id })) { throw new NotFoundException(); } @@ -944,7 +1016,7 @@ public class CiphersController : Controller var cipherIdsToRestore = new HashSet(model.Ids.Select(i => new Guid(i))); - if (model.OrganizationId == default || !await CanEditCipherAsAdminAsync(model.OrganizationId, cipherIdsToRestore)) + if (model.OrganizationId == default || !await CanDeleteOrRestoreCipherAsAdminAsync(model.OrganizationId, cipherIdsToRestore)) { throw new NotFoundException(); } diff --git a/src/Core/AdminConsole/Models/Data/Organizations/OrganizationIntegrationConfigurationDetails.cs b/src/Core/AdminConsole/Models/Data/Organizations/OrganizationIntegrationConfigurationDetails.cs index 3829ef5749..139a7aff25 100644 --- a/src/Core/AdminConsole/Models/Data/Organizations/OrganizationIntegrationConfigurationDetails.cs +++ b/src/Core/AdminConsole/Models/Data/Organizations/OrganizationIntegrationConfigurationDetails.cs @@ -36,7 +36,7 @@ public class OrganizationIntegrationConfigurationDetails { try { - var configuration = Configuration ?? "{}"; + var configuration = Configuration ?? string.Empty; return JsonNode.Parse(configuration) as JsonObject ?? new JsonObject(); } catch @@ -52,7 +52,7 @@ public class OrganizationIntegrationConfigurationDetails { try { - var integration = IntegrationConfiguration ?? "{}"; + var integration = IntegrationConfiguration ?? string.Empty; return JsonNode.Parse(integration) as JsonObject ?? new JsonObject(); } catch diff --git a/src/Core/AdminConsole/Repositories/IOrganizationIntegrationConfigurationRepository.cs b/src/Core/AdminConsole/Repositories/IOrganizationIntegrationConfigurationRepository.cs index 3d1cb7b952..516918fff9 100644 --- a/src/Core/AdminConsole/Repositories/IOrganizationIntegrationConfigurationRepository.cs +++ b/src/Core/AdminConsole/Repositories/IOrganizationIntegrationConfigurationRepository.cs @@ -6,7 +6,7 @@ namespace Bit.Core.Repositories; public interface IOrganizationIntegrationConfigurationRepository : IRepository { - Task> GetConfigurationsAsync( + Task> GetConfigurationDetailsAsync( Guid organizationId, IntegrationType integrationType, EventType eventType); diff --git a/src/Core/Auth/Services/Implementations/AuthRequestService.cs b/src/Core/Auth/Services/Implementations/AuthRequestService.cs index c10fa6ce92..42d51a88f5 100644 --- a/src/Core/Auth/Services/Implementations/AuthRequestService.cs +++ b/src/Core/Auth/Services/Implementations/AuthRequestService.cs @@ -287,12 +287,6 @@ public class AuthRequestService : IAuthRequestService private async Task NotifyAdminsOfDeviceApprovalRequestAsync(OrganizationUser organizationUser, User user) { - if (!_featureService.IsEnabled(FeatureFlagKeys.DeviceApprovalRequestAdminNotifications)) - { - _logger.LogWarning("Skipped sending device approval notification to admins - feature flag disabled"); - return; - } - var adminEmails = await GetAdminAndAccountRecoveryEmailsAsync(organizationUser.OrganizationId); await _mailService.SendDeviceApprovalRequestedNotificationEmailAsync( diff --git a/src/Core/Vault/Services/ICipherService.cs b/src/Core/Vault/Services/ICipherService.cs index 17f55cb47d..7eeb6d2463 100644 --- a/src/Core/Vault/Services/ICipherService.cs +++ b/src/Core/Vault/Services/ICipherService.cs @@ -15,7 +15,7 @@ public interface ICipherService long requestLength, Guid savingUserId, bool orgAdmin = false); Task CreateAttachmentShareAsync(Cipher cipher, Stream stream, string fileName, string key, long requestLength, string attachmentId, Guid organizationShareId); - Task DeleteAsync(Cipher cipher, Guid deletingUserId, bool orgAdmin = false); + Task DeleteAsync(CipherDetails cipherDetails, Guid deletingUserId, bool orgAdmin = false); Task DeleteManyAsync(IEnumerable cipherIds, Guid deletingUserId, Guid? organizationId = null, bool orgAdmin = false); Task DeleteAttachmentAsync(Cipher cipher, string attachmentId, Guid deletingUserId, bool orgAdmin = false); Task PurgeAsync(Guid organizationId); @@ -27,9 +27,9 @@ public interface ICipherService Task ShareManyAsync(IEnumerable<(Cipher cipher, DateTime? lastKnownRevisionDate)> ciphers, Guid organizationId, IEnumerable collectionIds, Guid sharingUserId); Task SaveCollectionsAsync(Cipher cipher, IEnumerable collectionIds, Guid savingUserId, bool orgAdmin); - Task SoftDeleteAsync(Cipher cipher, Guid deletingUserId, bool orgAdmin = false); + Task SoftDeleteAsync(CipherDetails cipherDetails, Guid deletingUserId, bool orgAdmin = false); Task SoftDeleteManyAsync(IEnumerable cipherIds, Guid deletingUserId, Guid? organizationId = null, bool orgAdmin = false); - Task RestoreAsync(Cipher cipher, Guid restoringUserId, bool orgAdmin = false); + Task RestoreAsync(CipherDetails cipherDetails, Guid restoringUserId, bool orgAdmin = false); Task> RestoreManyAsync(IEnumerable cipherIds, Guid restoringUserId, Guid? organizationId = null, bool orgAdmin = false); Task UploadFileForExistingAttachmentAsync(Stream stream, Cipher cipher, CipherAttachment.MetaData attachmentId); Task GetAttachmentDownloadDataAsync(Cipher cipher, string attachmentId); diff --git a/src/Core/Vault/Services/Implementations/CipherService.cs b/src/Core/Vault/Services/Implementations/CipherService.cs index b9daafe599..989fbf43b8 100644 --- a/src/Core/Vault/Services/Implementations/CipherService.cs +++ b/src/Core/Vault/Services/Implementations/CipherService.cs @@ -14,6 +14,7 @@ using Bit.Core.Tools.Enums; using Bit.Core.Tools.Models.Business; using Bit.Core.Tools.Services; using Bit.Core.Utilities; +using Bit.Core.Vault.Authorization.Permissions; using Bit.Core.Vault.Entities; using Bit.Core.Vault.Enums; using Bit.Core.Vault.Models.Data; @@ -44,6 +45,7 @@ public class CipherService : ICipherService private readonly ICurrentContext _currentContext; private readonly IGetCipherPermissionsForUserQuery _getCipherPermissionsForUserQuery; private readonly IPolicyRequirementQuery _policyRequirementQuery; + private readonly IApplicationCacheService _applicationCacheService; private readonly IFeatureService _featureService; public CipherService( @@ -64,6 +66,7 @@ public class CipherService : ICipherService ICurrentContext currentContext, IGetCipherPermissionsForUserQuery getCipherPermissionsForUserQuery, IPolicyRequirementQuery policyRequirementQuery, + IApplicationCacheService applicationCacheService, IFeatureService featureService) { _cipherRepository = cipherRepository; @@ -83,6 +86,7 @@ public class CipherService : ICipherService _currentContext = currentContext; _getCipherPermissionsForUserQuery = getCipherPermissionsForUserQuery; _policyRequirementQuery = policyRequirementQuery; + _applicationCacheService = applicationCacheService; _featureService = featureService; } @@ -421,19 +425,19 @@ public class CipherService : ICipherService return response; } - public async Task DeleteAsync(Cipher cipher, Guid deletingUserId, bool orgAdmin = false) + public async Task DeleteAsync(CipherDetails cipherDetails, Guid deletingUserId, bool orgAdmin = false) { - if (!orgAdmin && !(await UserCanEditAsync(cipher, deletingUserId))) + if (!orgAdmin && !await UserCanDeleteAsync(cipherDetails, deletingUserId)) { throw new BadRequestException("You do not have permissions to delete this."); } - await _cipherRepository.DeleteAsync(cipher); - await _attachmentStorageService.DeleteAttachmentsForCipherAsync(cipher.Id); - await _eventService.LogCipherEventAsync(cipher, EventType.Cipher_Deleted); + await _cipherRepository.DeleteAsync(cipherDetails); + await _attachmentStorageService.DeleteAttachmentsForCipherAsync(cipherDetails.Id); + await _eventService.LogCipherEventAsync(cipherDetails, EventType.Cipher_Deleted); // push - await _pushService.PushSyncCipherDeleteAsync(cipher); + await _pushService.PushSyncCipherDeleteAsync(cipherDetails); } public async Task DeleteManyAsync(IEnumerable cipherIds, Guid deletingUserId, Guid? organizationId = null, bool orgAdmin = false) @@ -450,8 +454,8 @@ public class CipherService : ICipherService else { var ciphers = await _cipherRepository.GetManyByUserIdAsync(deletingUserId); - deletingCiphers = ciphers.Where(c => cipherIdsSet.Contains(c.Id) && c.Edit).Select(x => (Cipher)x).ToList(); - + var filteredCiphers = await FilterCiphersByDeletePermission(ciphers, cipherIdsSet, deletingUserId); + deletingCiphers = filteredCiphers.Select(c => (Cipher)c).ToList(); await _cipherRepository.DeleteAsync(deletingCiphers.Select(c => c.Id), deletingUserId); } @@ -703,33 +707,26 @@ public class CipherService : ICipherService await _pushService.PushSyncCipherUpdateAsync(cipher, collectionIds); } - public async Task SoftDeleteAsync(Cipher cipher, Guid deletingUserId, bool orgAdmin = false) + public async Task SoftDeleteAsync(CipherDetails cipherDetails, Guid deletingUserId, bool orgAdmin = false) { - if (!orgAdmin && !(await UserCanEditAsync(cipher, deletingUserId))) + if (!orgAdmin && !await UserCanDeleteAsync(cipherDetails, deletingUserId)) { throw new BadRequestException("You do not have permissions to soft delete this."); } - if (cipher.DeletedDate.HasValue) + if (cipherDetails.DeletedDate.HasValue) { // Already soft-deleted, we can safely ignore this return; } - cipher.DeletedDate = cipher.RevisionDate = DateTime.UtcNow; + cipherDetails.DeletedDate = cipherDetails.RevisionDate = DateTime.UtcNow; - if (cipher is CipherDetails details) - { - await _cipherRepository.UpsertAsync(details); - } - else - { - await _cipherRepository.UpsertAsync(cipher); - } - await _eventService.LogCipherEventAsync(cipher, EventType.Cipher_SoftDeleted); + await _cipherRepository.UpsertAsync(cipherDetails); + await _eventService.LogCipherEventAsync(cipherDetails, EventType.Cipher_SoftDeleted); // push - await _pushService.PushSyncCipherUpdateAsync(cipher, null); + await _pushService.PushSyncCipherUpdateAsync(cipherDetails, null); } public async Task SoftDeleteManyAsync(IEnumerable cipherIds, Guid deletingUserId, Guid? organizationId, bool orgAdmin) @@ -746,8 +743,8 @@ public class CipherService : ICipherService else { var ciphers = await _cipherRepository.GetManyByUserIdAsync(deletingUserId); - deletingCiphers = ciphers.Where(c => cipherIdsSet.Contains(c.Id) && c.Edit).Select(x => (Cipher)x).ToList(); - + var filteredCiphers = await FilterCiphersByDeletePermission(ciphers, cipherIdsSet, deletingUserId); + deletingCiphers = filteredCiphers.Select(c => (Cipher)c).ToList(); await _cipherRepository.SoftDeleteAsync(deletingCiphers.Select(c => c.Id), deletingUserId); } @@ -762,34 +759,27 @@ public class CipherService : ICipherService await _pushService.PushSyncCiphersAsync(deletingUserId); } - public async Task RestoreAsync(Cipher cipher, Guid restoringUserId, bool orgAdmin = false) + public async Task RestoreAsync(CipherDetails cipherDetails, Guid restoringUserId, bool orgAdmin = false) { - if (!orgAdmin && !(await UserCanEditAsync(cipher, restoringUserId))) + if (!orgAdmin && !await UserCanRestoreAsync(cipherDetails, restoringUserId)) { throw new BadRequestException("You do not have permissions to delete this."); } - if (!cipher.DeletedDate.HasValue) + if (!cipherDetails.DeletedDate.HasValue) { // Already restored, we can safely ignore this return; } - cipher.DeletedDate = null; - cipher.RevisionDate = DateTime.UtcNow; + cipherDetails.DeletedDate = null; + cipherDetails.RevisionDate = DateTime.UtcNow; - if (cipher is CipherDetails details) - { - await _cipherRepository.UpsertAsync(details); - } - else - { - await _cipherRepository.UpsertAsync(cipher); - } - await _eventService.LogCipherEventAsync(cipher, EventType.Cipher_Restored); + await _cipherRepository.UpsertAsync(cipherDetails); + await _eventService.LogCipherEventAsync(cipherDetails, EventType.Cipher_Restored); // push - await _pushService.PushSyncCipherUpdateAsync(cipher, null); + await _pushService.PushSyncCipherUpdateAsync(cipherDetails, null); } public async Task> RestoreManyAsync(IEnumerable cipherIds, Guid restoringUserId, Guid? organizationId = null, bool orgAdmin = false) @@ -812,8 +802,8 @@ public class CipherService : ICipherService else { var ciphers = await _cipherRepository.GetManyByUserIdAsync(restoringUserId); - restoringCiphers = ciphers.Where(c => cipherIdsSet.Contains(c.Id) && c.Edit).Select(c => (CipherOrganizationDetails)c).ToList(); - + var filteredCiphers = await FilterCiphersByDeletePermission(ciphers, cipherIdsSet, restoringUserId); + restoringCiphers = filteredCiphers.Select(c => (CipherOrganizationDetails)c).ToList(); revisionDate = await _cipherRepository.RestoreAsync(restoringCiphers.Select(c => c.Id), restoringUserId); } @@ -844,6 +834,34 @@ public class CipherService : ICipherService return await _cipherRepository.GetCanEditByIdAsync(userId, cipher.Id); } + private async Task UserCanDeleteAsync(CipherDetails cipher, Guid userId) + { + if (!_featureService.IsEnabled(FeatureFlagKeys.LimitItemDeletion)) + { + return await UserCanEditAsync(cipher, userId); + } + + var user = await _userService.GetUserByIdAsync(userId); + var organizationAbility = cipher.OrganizationId.HasValue ? + await _applicationCacheService.GetOrganizationAbilityAsync(cipher.OrganizationId.Value) : null; + + return NormalCipherPermissions.CanDelete(user, cipher, organizationAbility); + } + + private async Task UserCanRestoreAsync(CipherDetails cipher, Guid userId) + { + if (!_featureService.IsEnabled(FeatureFlagKeys.LimitItemDeletion)) + { + return await UserCanEditAsync(cipher, userId); + } + + var user = await _userService.GetUserByIdAsync(userId); + var organizationAbility = cipher.OrganizationId.HasValue ? + await _applicationCacheService.GetOrganizationAbilityAsync(cipher.OrganizationId.Value) : null; + + return NormalCipherPermissions.CanRestore(user, cipher, organizationAbility); + } + private void ValidateCipherLastKnownRevisionDateAsync(Cipher cipher, DateTime? lastKnownRevisionDate) { if (cipher.Id == default || !lastKnownRevisionDate.HasValue) @@ -1010,4 +1028,35 @@ public class CipherService : ICipherService cipher.Data = JsonSerializer.Serialize(newCipherData); } } + + // This method is used to filter ciphers based on the user's permissions to delete them. + // It supports both the old and new logic depending on the feature flag. + private async Task> FilterCiphersByDeletePermission( + IEnumerable ciphers, + HashSet cipherIdsSet, + Guid userId) where T : CipherDetails + { + if (!_featureService.IsEnabled(FeatureFlagKeys.LimitItemDeletion)) + { + return ciphers.Where(c => cipherIdsSet.Contains(c.Id) && c.Edit).ToList(); + } + + var user = await _userService.GetUserByIdAsync(userId); + var organizationAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync(); + + var filteredCiphers = ciphers + .Where(c => cipherIdsSet.Contains(c.Id)) + .GroupBy(c => c.OrganizationId) + .SelectMany(group => + { + var organizationAbility = group.Key.HasValue && + organizationAbilities.TryGetValue(group.Key.Value, out var ability) ? + ability : null; + + return group.Where(c => NormalCipherPermissions.CanDelete(user, c, organizationAbility)); + }) + .ToList(); + + return filteredCiphers; + } } diff --git a/src/Infrastructure.Dapper/AdminConsole/Repositories/OrganizationIntegrationConfigurationRepository.cs b/src/Infrastructure.Dapper/AdminConsole/Repositories/OrganizationIntegrationConfigurationRepository.cs index 1896b8ea3f..f3227dfd22 100644 --- a/src/Infrastructure.Dapper/AdminConsole/Repositories/OrganizationIntegrationConfigurationRepository.cs +++ b/src/Infrastructure.Dapper/AdminConsole/Repositories/OrganizationIntegrationConfigurationRepository.cs @@ -20,7 +20,7 @@ public class OrganizationIntegrationConfigurationRepository : Repository> GetConfigurationsAsync( + public async Task> GetConfigurationDetailsAsync( Guid organizationId, IntegrationType integrationType, EventType eventType) diff --git a/src/Infrastructure.EntityFramework/AdminConsole/Repositories/OrganizationIntegrationConfigurationRepository.cs b/src/Infrastructure.EntityFramework/AdminConsole/Repositories/OrganizationIntegrationConfigurationRepository.cs index 7c51130570..f051830035 100644 --- a/src/Infrastructure.EntityFramework/AdminConsole/Repositories/OrganizationIntegrationConfigurationRepository.cs +++ b/src/Infrastructure.EntityFramework/AdminConsole/Repositories/OrganizationIntegrationConfigurationRepository.cs @@ -16,7 +16,7 @@ public class OrganizationIntegrationConfigurationRepository : Repository context.OrganizationIntegrationConfigurations) { } - public async Task> GetConfigurationsAsync( + public async Task> GetConfigurationDetailsAsync( Guid organizationId, IntegrationType integrationType, EventType eventType) diff --git a/test/Api.Test/Vault/Controllers/CiphersControllerTests.cs b/test/Api.Test/Vault/Controllers/CiphersControllerTests.cs index 14013d9c1c..0bdc6ab545 100644 --- a/test/Api.Test/Vault/Controllers/CiphersControllerTests.cs +++ b/test/Api.Test/Vault/Controllers/CiphersControllerTests.cs @@ -157,9 +157,9 @@ public class CiphersControllerTests [BitAutoData(OrganizationUserType.Custom, false, false)] public async Task CanEditCiphersAsAdminAsync_FlexibleCollections_Success( OrganizationUserType userType, bool allowAdminsAccessToAllItems, bool shouldSucceed, - CurrentContextOrganization organization, Guid userId, Cipher cipher, SutProvider sutProvider) + CurrentContextOrganization organization, Guid userId, CipherDetails cipherDetails, SutProvider sutProvider) { - cipher.OrganizationId = organization.Id; + cipherDetails.OrganizationId = organization.Id; organization.Type = userType; if (userType == OrganizationUserType.Custom) { @@ -169,8 +169,9 @@ public class CiphersControllerTests sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); - sutProvider.GetDependency().GetByIdAsync(cipher.Id).Returns(cipher); - sutProvider.GetDependency().GetManyByOrganizationIdAsync(organization.Id).Returns(new List { cipher }); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); + + sutProvider.GetDependency().GetManyByOrganizationIdAsync(organization.Id).Returns(new List { cipherDetails }); sutProvider.GetDependency().GetOrganizationAbilityAsync(organization.Id).Returns(new OrganizationAbility { @@ -180,13 +181,13 @@ public class CiphersControllerTests if (shouldSucceed) { - await sutProvider.Sut.DeleteAdmin(cipher.Id.ToString()); + await sutProvider.Sut.DeleteAdmin(cipherDetails.Id); await sutProvider.GetDependency().ReceivedWithAnyArgs() .DeleteAsync(default, default); } else { - await Assert.ThrowsAsync(() => sutProvider.Sut.DeleteAdmin(cipher.Id.ToString())); + await Assert.ThrowsAsync(() => sutProvider.Sut.DeleteAdmin(cipherDetails.Id)); await sutProvider.GetDependency().DidNotReceiveWithAnyArgs() .DeleteAsync(default, default); } @@ -197,10 +198,10 @@ public class CiphersControllerTests [BitAutoData(false)] [BitAutoData(true)] public async Task CanEditCiphersAsAdminAsync_Providers( - bool restrictProviders, Cipher cipher, CurrentContextOrganization organization, Guid userId, SutProvider sutProvider + bool restrictProviders, CipherDetails cipherDetails, CurrentContextOrganization organization, Guid userId, SutProvider sutProvider ) { - cipher.OrganizationId = organization.Id; + cipherDetails.OrganizationId = organization.Id; // Simulate that the user is a provider for the organization sutProvider.GetDependency().EditAnyCollection(organization.Id).Returns(true); @@ -208,8 +209,8 @@ public class CiphersControllerTests sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); - sutProvider.GetDependency().GetByIdAsync(cipher.Id).Returns(cipher); - sutProvider.GetDependency().GetManyByOrganizationIdAsync(organization.Id).Returns(new List { cipher }); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); + sutProvider.GetDependency().GetManyByOrganizationIdAsync(organization.Id).Returns(new List { cipherDetails }); sutProvider.GetDependency().GetOrganizationAbilityAsync(organization.Id).Returns(new OrganizationAbility { @@ -221,13 +222,13 @@ public class CiphersControllerTests // Non restricted providers should succeed if (!restrictProviders) { - await sutProvider.Sut.DeleteAdmin(cipher.Id.ToString()); + await sutProvider.Sut.DeleteAdmin(cipherDetails.Id); await sutProvider.GetDependency().ReceivedWithAnyArgs() .DeleteAsync(default, default); } else // Otherwise, they should fail { - await Assert.ThrowsAsync(() => sutProvider.Sut.DeleteAdmin(cipher.Id.ToString())); + await Assert.ThrowsAsync(() => sutProvider.Sut.DeleteAdmin(cipherDetails.Id)); await sutProvider.GetDependency().DidNotReceiveWithAnyArgs() .DeleteAsync(default, default); } @@ -238,93 +239,202 @@ public class CiphersControllerTests [Theory] [BitAutoData(OrganizationUserType.Owner)] [BitAutoData(OrganizationUserType.Admin)] - public async Task DeleteAdmin_WithOwnerOrAdmin_WithAccessToSpecificCipher_DeletesCipher( - OrganizationUserType organizationUserType, Cipher cipher, Guid userId, + public async Task DeleteAdmin_WithOwnerOrAdmin_WithEditPermission_DeletesCipher( + OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId, CurrentContextOrganization organization, SutProvider sutProvider) { - cipher.OrganizationId = organization.Id; + cipherDetails.UserId = null; + cipherDetails.OrganizationId = organization.Id; + cipherDetails.Edit = true; + cipherDetails.Manage = false; + organization.Type = organizationUserType; sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); - sutProvider.GetDependency().GetByIdAsync(cipher.Id).Returns(cipher); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); sutProvider.GetDependency() .GetManyByUserIdAsync(userId) .Returns(new List { - new() { Id = cipher.Id, OrganizationId = cipher.OrganizationId, Edit = true } + cipherDetails }); - await sutProvider.Sut.DeleteAdmin(cipher.Id.ToString()); + await sutProvider.Sut.DeleteAdmin(cipherDetails.Id); - await sutProvider.GetDependency().Received(1).DeleteAsync(cipher, userId, true); + await sutProvider.GetDependency().Received(1).DeleteAsync(cipherDetails, userId, true); + } + + [Theory] + [BitAutoData(OrganizationUserType.Owner)] + [BitAutoData(OrganizationUserType.Admin)] + public async Task DeleteAdmin_WithOwnerOrAdmin_WithoutEditPermission_ThrowsNotFoundException( + OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId, + CurrentContextOrganization organization, SutProvider sutProvider) + { + cipherDetails.UserId = null; + cipherDetails.OrganizationId = organization.Id; + cipherDetails.Edit = false; + cipherDetails.Manage = false; + + organization.Type = organizationUserType; + + sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); + sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); + sutProvider.GetDependency() + .GetManyByUserIdAsync(userId) + .Returns(new List + { + cipherDetails + }); + + await Assert.ThrowsAsync(() => sutProvider.Sut.DeleteAdmin(cipherDetails.Id)); + + await sutProvider.GetDependency().DidNotReceive().DeleteAsync(Arg.Any(), Arg.Any(), Arg.Any()); + } + + [Theory] + [BitAutoData(OrganizationUserType.Owner)] + [BitAutoData(OrganizationUserType.Admin)] + public async Task DeleteAdmin_WithLimitItemDeletionEnabled_WithOwnerOrAdmin_WithManagePermission_DeletesCipher( + OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId, + CurrentContextOrganization organization, SutProvider sutProvider) + { + cipherDetails.UserId = null; + cipherDetails.OrganizationId = organization.Id; + cipherDetails.Edit = true; + cipherDetails.Manage = true; + + organization.Type = organizationUserType; + + sutProvider.GetDependency().IsEnabled(FeatureFlagKeys.LimitItemDeletion).Returns(true); + sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); + sutProvider.GetDependency().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(new User { Id = userId }); + sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); + sutProvider.GetDependency() + .GetManyByUserIdAsync(userId) + .Returns(new List + { + cipherDetails + }); + sutProvider.GetDependency() + .GetOrganizationAbilityAsync(organization.Id) + .Returns(new OrganizationAbility + { + Id = organization.Id, + LimitItemDeletion = true + }); + + await sutProvider.Sut.DeleteAdmin(cipherDetails.Id); + + await sutProvider.GetDependency().Received(1).DeleteAsync(cipherDetails, userId, true); + } + + [Theory] + [BitAutoData(OrganizationUserType.Owner)] + [BitAutoData(OrganizationUserType.Admin)] + public async Task DeleteAdmin_WithLimitItemDeletionEnabled_WithOwnerOrAdmin_WithoutManagePermission_ThrowsNotFoundException( + OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId, + CurrentContextOrganization organization, SutProvider sutProvider) + { + cipherDetails.UserId = null; + cipherDetails.OrganizationId = organization.Id; + cipherDetails.Edit = true; + cipherDetails.Manage = false; + + organization.Type = organizationUserType; + + sutProvider.GetDependency().IsEnabled(FeatureFlagKeys.LimitItemDeletion).Returns(true); + sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); + sutProvider.GetDependency().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(new User { Id = userId }); + sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); + sutProvider.GetDependency() + .GetManyByUserIdAsync(userId) + .Returns(new List + { + cipherDetails + }); + sutProvider.GetDependency() + .GetOrganizationAbilityAsync(organization.Id) + .Returns(new OrganizationAbility + { + Id = organization.Id, + LimitItemDeletion = true + }); + + await Assert.ThrowsAsync(() => sutProvider.Sut.DeleteAdmin(cipherDetails.Id)); + + await sutProvider.GetDependency().DidNotReceive().DeleteAsync(Arg.Any(), Arg.Any(), Arg.Any()); } [Theory] [BitAutoData(OrganizationUserType.Owner)] [BitAutoData(OrganizationUserType.Admin)] public async Task DeleteAdmin_WithOwnerOrAdmin_WithAccessToUnassignedCipher_DeletesCipher( - OrganizationUserType organizationUserType, Cipher cipher, Guid userId, + OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId, CurrentContextOrganization organization, SutProvider sutProvider) { - cipher.OrganizationId = organization.Id; + cipherDetails.OrganizationId = organization.Id; organization.Type = organizationUserType; sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); - sutProvider.GetDependency().GetByIdAsync(cipher.Id).Returns(cipher); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); sutProvider.GetDependency() .GetManyUnassignedOrganizationDetailsByOrganizationIdAsync(organization.Id) - .Returns(new List { new() { Id = cipher.Id } }); + .Returns(new List { new() { Id = cipherDetails.Id } }); - await sutProvider.Sut.DeleteAdmin(cipher.Id.ToString()); + await sutProvider.Sut.DeleteAdmin(cipherDetails.Id); - await sutProvider.GetDependency().Received(1).DeleteAsync(cipher, userId, true); + await sutProvider.GetDependency().Received(1).DeleteAsync(cipherDetails, userId, true); } [Theory] [BitAutoData(OrganizationUserType.Owner)] [BitAutoData(OrganizationUserType.Admin)] - public async Task DeleteAdmin_WithAdminOrOwnerAndAccessToAllCollectionItems_DeletesCipher( - OrganizationUserType organizationUserType, Cipher cipher, Guid userId, + public async Task DeleteAdmin_WithAdminOrOwner_WithAccessToAllCollectionItems_DeletesCipher( + OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId, CurrentContextOrganization organization, SutProvider sutProvider) { - cipher.OrganizationId = organization.Id; + cipherDetails.OrganizationId = organization.Id; organization.Type = organizationUserType; sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); - sutProvider.GetDependency().GetByIdAsync(cipher.Id).Returns(cipher); - sutProvider.GetDependency().GetManyByOrganizationIdAsync(organization.Id).Returns(new List { cipher }); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); + sutProvider.GetDependency().GetManyByOrganizationIdAsync(organization.Id).Returns(new List { cipherDetails }); sutProvider.GetDependency().GetOrganizationAbilityAsync(organization.Id).Returns(new OrganizationAbility { Id = organization.Id, AllowAdminAccessToAllCollectionItems = true }); - await sutProvider.Sut.DeleteAdmin(cipher.Id.ToString()); + await sutProvider.Sut.DeleteAdmin(cipherDetails.Id); - await sutProvider.GetDependency().Received(1).DeleteAsync(cipher, userId, true); + await sutProvider.GetDependency().Received(1).DeleteAsync(cipherDetails, userId, true); } [Theory] [BitAutoData] public async Task DeleteAdmin_WithCustomUser_WithEditAnyCollectionTrue_DeletesCipher( - Cipher cipher, Guid userId, + CipherDetails cipherDetails, Guid userId, CurrentContextOrganization organization, SutProvider sutProvider) { - cipher.OrganizationId = organization.Id; + cipherDetails.OrganizationId = organization.Id; organization.Type = OrganizationUserType.Custom; organization.Permissions.EditAnyCollection = true; sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); - sutProvider.GetDependency().GetByIdAsync(cipher.Id).Returns(cipher); - sutProvider.GetDependency().GetManyByOrganizationIdAsync(organization.Id).Returns(new List { cipher }); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); + sutProvider.GetDependency().GetManyByOrganizationIdAsync(organization.Id).Returns(new List { cipherDetails }); - await sutProvider.Sut.DeleteAdmin(cipher.Id.ToString()); + await sutProvider.Sut.DeleteAdmin(cipherDetails.Id); - await sutProvider.GetDependency().Received(1).DeleteAsync(cipher, userId, true); + await sutProvider.GetDependency().Received(1).DeleteAsync(cipherDetails, userId, true); } [Theory] @@ -341,24 +451,24 @@ public class CiphersControllerTests sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); sutProvider.GetDependency().GetByIdAsync(cipher.Id).Returns(cipher); - await Assert.ThrowsAsync(() => sutProvider.Sut.DeleteAdmin(cipher.Id.ToString())); + await Assert.ThrowsAsync(() => sutProvider.Sut.DeleteAdmin(cipher.Id)); } [Theory] [BitAutoData] public async Task DeleteAdmin_WithProviderUser_DeletesCipher( - Cipher cipher, Guid userId, SutProvider sutProvider) + CipherDetails cipherDetails, Guid userId, SutProvider sutProvider) { - cipher.OrganizationId = Guid.NewGuid(); + cipherDetails.OrganizationId = Guid.NewGuid(); sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); - sutProvider.GetDependency().ProviderUserForOrgAsync(cipher.OrganizationId.Value).Returns(true); - sutProvider.GetDependency().GetByIdAsync(cipher.Id).Returns(cipher); - sutProvider.GetDependency().GetManyByOrganizationIdAsync(cipher.OrganizationId.Value).Returns(new List { cipher }); + sutProvider.GetDependency().ProviderUserForOrgAsync(cipherDetails.OrganizationId.Value).Returns(true); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); + sutProvider.GetDependency().GetManyByOrganizationIdAsync(cipherDetails.OrganizationId.Value).Returns(new List { cipherDetails }); - await sutProvider.Sut.DeleteAdmin(cipher.Id.ToString()); + await sutProvider.Sut.DeleteAdmin(cipherDetails.Id); - await sutProvider.GetDependency().Received(1).DeleteAsync(cipher, userId, true); + await sutProvider.GetDependency().Received(1).DeleteAsync(cipherDetails, userId, true); } [Theory] @@ -373,13 +483,13 @@ public class CiphersControllerTests sutProvider.GetDependency().GetByIdAsync(cipher.Id).Returns(cipher); sutProvider.GetDependency().IsEnabled(FeatureFlagKeys.RestrictProviderAccess).Returns(true); - await Assert.ThrowsAsync(() => sutProvider.Sut.DeleteAdmin(cipher.Id.ToString())); + await Assert.ThrowsAsync(() => sutProvider.Sut.DeleteAdmin(cipher.Id)); } [Theory] [BitAutoData(OrganizationUserType.Owner)] [BitAutoData(OrganizationUserType.Admin)] - public async Task DeleteManyAdmin_WithOwnerOrAdmin_WithAccessToSpecificCiphers_DeletesCiphers( + public async Task DeleteManyAdmin_WithOwnerOrAdmin_WithEditPermission_DeletesCiphers( OrganizationUserType organizationUserType, CipherBulkDeleteRequestModel model, Guid userId, List ciphers, CurrentContextOrganization organization, SutProvider sutProvider) { @@ -408,6 +518,122 @@ public class CiphersControllerTests userId, organization.Id, true); } + [Theory] + [BitAutoData(OrganizationUserType.Owner)] + [BitAutoData(OrganizationUserType.Admin)] + public async Task DeleteManyAdmin_WithOwnerOrAdmin_WithoutEditPermission_ThrowsNotFoundException( + OrganizationUserType organizationUserType, CipherBulkDeleteRequestModel model, Guid userId, List ciphers, + CurrentContextOrganization organization, SutProvider sutProvider) + { + model.OrganizationId = organization.Id.ToString(); + model.Ids = ciphers.Select(c => c.Id.ToString()).ToList(); + + organization.Type = organizationUserType; + + sutProvider.GetDependency() + .GetProperUserId(default) + .ReturnsForAnyArgs(userId); + + sutProvider.GetDependency() + .GetOrganization(new Guid(model.OrganizationId)) + .Returns(organization); + + sutProvider.GetDependency() + .GetManyByOrganizationIdAsync(new Guid(model.OrganizationId)) + .Returns(ciphers); + + sutProvider.GetDependency() + .GetOrganizationAbilityAsync(new Guid(model.OrganizationId)) + .Returns(new OrganizationAbility + { + Id = new Guid(model.OrganizationId), + AllowAdminAccessToAllCollectionItems = false, + }); + + await Assert.ThrowsAsync(() => sutProvider.Sut.DeleteManyAdmin(model)); + } + + [Theory] + [BitAutoData(OrganizationUserType.Owner)] + [BitAutoData(OrganizationUserType.Admin)] + public async Task DeleteManyAdmin_WithLimitItemDeletionEnabled_WithOwnerOrAdmin_WithManagePermission_DeletesCiphers( + OrganizationUserType organizationUserType, CipherBulkDeleteRequestModel model, Guid userId, List ciphers, + CurrentContextOrganization organization, SutProvider sutProvider) + { + model.OrganizationId = organization.Id.ToString(); + model.Ids = ciphers.Select(c => c.Id.ToString()).ToList(); + organization.Type = organizationUserType; + + sutProvider.GetDependency().IsEnabled(FeatureFlagKeys.LimitItemDeletion).Returns(true); + sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); + sutProvider.GetDependency().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(new User { Id = userId }); + sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); + + sutProvider.GetDependency() + .GetManyByUserIdAsync(userId) + .Returns(ciphers.Select(c => new CipherDetails + { + Id = c.Id, + OrganizationId = organization.Id, + Edit = true, + Manage = true + }).ToList()); + + sutProvider.GetDependency() + .GetOrganizationAbilityAsync(organization.Id) + .Returns(new OrganizationAbility + { + Id = organization.Id, + LimitItemDeletion = true + }); + + await sutProvider.Sut.DeleteManyAdmin(model); + + await sutProvider.GetDependency() + .Received(1) + .DeleteManyAsync( + Arg.Is>(ids => + ids.All(id => model.Ids.Contains(id.ToString())) && ids.Count() == model.Ids.Count()), + userId, organization.Id, true); + } + + [Theory] + [BitAutoData(OrganizationUserType.Owner)] + [BitAutoData(OrganizationUserType.Admin)] + public async Task DeleteManyAdmin_WithLimitItemDeletionEnabled_WithOwnerOrAdmin_WithoutManagePermission_ThrowsNotFoundException( + OrganizationUserType organizationUserType, CipherBulkDeleteRequestModel model, Guid userId, List ciphers, + CurrentContextOrganization organization, SutProvider sutProvider) + { + model.OrganizationId = organization.Id.ToString(); + model.Ids = ciphers.Select(c => c.Id.ToString()).ToList(); + organization.Type = organizationUserType; + + sutProvider.GetDependency().IsEnabled(FeatureFlagKeys.LimitItemDeletion).Returns(true); + sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); + sutProvider.GetDependency().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(new User { Id = userId }); + sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); + + sutProvider.GetDependency() + .GetManyByUserIdAsync(userId) + .Returns(ciphers.Select(c => new CipherDetails + { + Id = c.Id, + OrganizationId = organization.Id, + Edit = true, + Manage = false + }).ToList()); + + sutProvider.GetDependency() + .GetOrganizationAbilityAsync(organization.Id) + .Returns(new OrganizationAbility + { + Id = organization.Id, + LimitItemDeletion = true + }); + + await Assert.ThrowsAsync(() => sutProvider.Sut.DeleteManyAdmin(model)); + } + [Theory] [BitAutoData(OrganizationUserType.Owner)] [BitAutoData(OrganizationUserType.Admin)] @@ -555,94 +781,203 @@ public class CiphersControllerTests [Theory] [BitAutoData(OrganizationUserType.Owner)] [BitAutoData(OrganizationUserType.Admin)] - public async Task PutDeleteAdmin_WithOwnerOrAdmin_WithAccessToSpecificCipher_SoftDeletesCipher( - OrganizationUserType organizationUserType, Cipher cipher, Guid userId, + public async Task PutDeleteAdmin_WithOwnerOrAdmin_WithEditPermission_SoftDeletesCipher( + OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId, CurrentContextOrganization organization, SutProvider sutProvider) { - cipher.OrganizationId = organization.Id; + cipherDetails.UserId = null; + cipherDetails.OrganizationId = organization.Id; + cipherDetails.Edit = true; + organization.Type = organizationUserType; sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); - sutProvider.GetDependency().GetByIdAsync(cipher.Id).Returns(cipher); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); sutProvider.GetDependency() .GetManyByUserIdAsync(userId) .Returns(new List { - new() { Id = cipher.Id, OrganizationId = cipher.OrganizationId, Edit = true } + cipherDetails }); - await sutProvider.Sut.PutDeleteAdmin(cipher.Id.ToString()); + await sutProvider.Sut.PutDeleteAdmin(cipherDetails.Id); - await sutProvider.GetDependency().Received(1).SoftDeleteAsync(cipher, userId, true); + await sutProvider.GetDependency().Received(1).SoftDeleteAsync(cipherDetails, userId, true); + } + + [Theory] + [BitAutoData(OrganizationUserType.Owner)] + [BitAutoData(OrganizationUserType.Admin)] + public async Task PutDeleteAdmin_WithOwnerOrAdmin_WithoutEditPermission_ThrowsNotFoundException( + OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId, + CurrentContextOrganization organization, SutProvider sutProvider) + { + cipherDetails.UserId = null; + cipherDetails.OrganizationId = organization.Id; + cipherDetails.Edit = false; + cipherDetails.Manage = false; + + organization.Type = organizationUserType; + + sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); + sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); + sutProvider.GetDependency() + .GetManyByUserIdAsync(userId) + .Returns(new List + { + cipherDetails + }); + + await Assert.ThrowsAsync(() => sutProvider.Sut.PutDeleteAdmin(cipherDetails.Id)); + + await sutProvider.GetDependency().DidNotReceive().SoftDeleteAsync(Arg.Any(), Arg.Any(), Arg.Any()); + } + + [Theory] + [BitAutoData(OrganizationUserType.Owner)] + [BitAutoData(OrganizationUserType.Admin)] + public async Task PutDeleteAdmin_WithLimitItemDeletionEnabled_WithOwnerOrAdmin_WithManagePermission_SoftDeletesCipher( + OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId, + CurrentContextOrganization organization, SutProvider sutProvider) + { + cipherDetails.UserId = null; + cipherDetails.OrganizationId = organization.Id; + cipherDetails.Edit = true; + cipherDetails.Manage = true; + + organization.Type = organizationUserType; + + sutProvider.GetDependency().IsEnabled(FeatureFlagKeys.LimitItemDeletion).Returns(true); + sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); + sutProvider.GetDependency().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(new User { Id = userId }); + sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); + sutProvider.GetDependency() + .GetManyByUserIdAsync(userId) + .Returns(new List + { + cipherDetails + }); + sutProvider.GetDependency() + .GetOrganizationAbilityAsync(organization.Id) + .Returns(new OrganizationAbility + { + Id = organization.Id, + LimitItemDeletion = true + }); + + await sutProvider.Sut.PutDeleteAdmin(cipherDetails.Id); + + await sutProvider.GetDependency().Received(1).SoftDeleteAsync(cipherDetails, userId, true); + } + + [Theory] + [BitAutoData(OrganizationUserType.Owner)] + [BitAutoData(OrganizationUserType.Admin)] + public async Task PutDeleteAdmin_WithLimitItemDeletionEnabled_WithOwnerOrAdmin_WithoutManagePermission_ThrowsNotFoundException( + OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId, + CurrentContextOrganization organization, SutProvider sutProvider) + { + cipherDetails.UserId = null; + cipherDetails.OrganizationId = organization.Id; + cipherDetails.Edit = true; + cipherDetails.Manage = false; + + organization.Type = organizationUserType; + + sutProvider.GetDependency().IsEnabled(FeatureFlagKeys.LimitItemDeletion).Returns(true); + sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); + sutProvider.GetDependency().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(new User { Id = userId }); + sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); + sutProvider.GetDependency() + .GetManyByUserIdAsync(userId) + .Returns(new List + { + cipherDetails + }); + sutProvider.GetDependency() + .GetOrganizationAbilityAsync(organization.Id) + .Returns(new OrganizationAbility + { + Id = organization.Id, + LimitItemDeletion = true + }); + + await Assert.ThrowsAsync(() => sutProvider.Sut.PutDeleteAdmin(cipherDetails.Id)); + + await sutProvider.GetDependency() + .DidNotReceiveWithAnyArgs() + .SoftDeleteManyAsync(default, default, default, default); } [Theory] [BitAutoData(OrganizationUserType.Owner)] [BitAutoData(OrganizationUserType.Admin)] public async Task PutDeleteAdmin_WithOwnerOrAdmin_WithAccessToUnassignedCipher_SoftDeletesCipher( - OrganizationUserType organizationUserType, Cipher cipher, Guid userId, + OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId, CurrentContextOrganization organization, SutProvider sutProvider) { - cipher.OrganizationId = organization.Id; + cipherDetails.OrganizationId = organization.Id; organization.Type = organizationUserType; sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); - sutProvider.GetDependency().GetByIdAsync(cipher.Id).Returns(cipher); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); sutProvider.GetDependency() .GetManyUnassignedOrganizationDetailsByOrganizationIdAsync(organization.Id) - .Returns(new List { new() { Id = cipher.Id } }); + .Returns(new List { new() { Id = cipherDetails.Id } }); - await sutProvider.Sut.PutDeleteAdmin(cipher.Id.ToString()); + await sutProvider.Sut.PutDeleteAdmin(cipherDetails.Id); - await sutProvider.GetDependency().Received(1).SoftDeleteAsync(cipher, userId, true); + await sutProvider.GetDependency().Received(1).SoftDeleteAsync(cipherDetails, userId, true); } [Theory] [BitAutoData(OrganizationUserType.Owner)] [BitAutoData(OrganizationUserType.Admin)] public async Task PutDeleteAdmin_WithOwnerOrAdmin_WithAccessToAllCollectionItems_SoftDeletesCipher( - OrganizationUserType organizationUserType, Cipher cipher, Guid userId, + OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId, CurrentContextOrganization organization, SutProvider sutProvider) { - cipher.OrganizationId = organization.Id; + cipherDetails.OrganizationId = organization.Id; organization.Type = organizationUserType; sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); - sutProvider.GetDependency().GetByIdAsync(cipher.Id).Returns(cipher); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); - sutProvider.GetDependency().GetManyByOrganizationIdAsync(organization.Id).Returns(new List { cipher }); + sutProvider.GetDependency().GetManyByOrganizationIdAsync(organization.Id).Returns(new List { cipherDetails }); sutProvider.GetDependency().GetOrganizationAbilityAsync(organization.Id).Returns(new OrganizationAbility { Id = organization.Id, AllowAdminAccessToAllCollectionItems = true }); - await sutProvider.Sut.PutDeleteAdmin(cipher.Id.ToString()); + await sutProvider.Sut.PutDeleteAdmin(cipherDetails.Id); - await sutProvider.GetDependency().Received(1).SoftDeleteAsync(cipher, userId, true); + await sutProvider.GetDependency().Received(1).SoftDeleteAsync(cipherDetails, userId, true); } [Theory] [BitAutoData] public async Task PutDeleteAdmin_WithCustomUser_WithEditAnyCollectionTrue_SoftDeletesCipher( - Cipher cipher, Guid userId, + CipherDetails cipherDetails, Guid userId, CurrentContextOrganization organization, SutProvider sutProvider) { - cipher.OrganizationId = organization.Id; + cipherDetails.OrganizationId = organization.Id; organization.Type = OrganizationUserType.Custom; organization.Permissions.EditAnyCollection = true; sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); - sutProvider.GetDependency().GetByIdAsync(cipher.Id).Returns(cipher); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); - sutProvider.GetDependency().GetManyByOrganizationIdAsync(organization.Id).Returns(new List { cipher }); + sutProvider.GetDependency().GetManyByOrganizationIdAsync(organization.Id).Returns(new List { cipherDetails }); - await sutProvider.Sut.PutDeleteAdmin(cipher.Id.ToString()); + await sutProvider.Sut.PutDeleteAdmin(cipherDetails.Id); - await sutProvider.GetDependency().Received(1).SoftDeleteAsync(cipher, userId, true); + await sutProvider.GetDependency().Received(1).SoftDeleteAsync(cipherDetails, userId, true); } [Theory] @@ -660,24 +995,24 @@ public class CiphersControllerTests sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); sutProvider.GetDependency().GetManyByOrganizationIdAsync(organization.Id).Returns(new List { cipher }); - await Assert.ThrowsAsync(() => sutProvider.Sut.PutDeleteAdmin(cipher.Id.ToString())); + await Assert.ThrowsAsync(() => sutProvider.Sut.PutDeleteAdmin(cipher.Id)); } [Theory] [BitAutoData] public async Task PutDeleteAdmin_WithProviderUser_SoftDeletesCipher( - Cipher cipher, Guid userId, SutProvider sutProvider) + CipherDetails cipherDetails, Guid userId, SutProvider sutProvider) { - cipher.OrganizationId = Guid.NewGuid(); + cipherDetails.OrganizationId = Guid.NewGuid(); sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); - sutProvider.GetDependency().ProviderUserForOrgAsync(cipher.OrganizationId.Value).Returns(true); - sutProvider.GetDependency().GetByIdAsync(cipher.Id).Returns(cipher); - sutProvider.GetDependency().GetManyByOrganizationIdAsync(cipher.OrganizationId.Value).Returns(new List { cipher }); + sutProvider.GetDependency().ProviderUserForOrgAsync(cipherDetails.OrganizationId.Value).Returns(true); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); + sutProvider.GetDependency().GetManyByOrganizationIdAsync(cipherDetails.OrganizationId.Value).Returns(new List { cipherDetails }); - await sutProvider.Sut.PutDeleteAdmin(cipher.Id.ToString()); + await sutProvider.Sut.PutDeleteAdmin(cipherDetails.Id); - await sutProvider.GetDependency().Received(1).SoftDeleteAsync(cipher, userId, true); + await sutProvider.GetDependency().Received(1).SoftDeleteAsync(cipherDetails, userId, true); } [Theory] @@ -692,13 +1027,13 @@ public class CiphersControllerTests sutProvider.GetDependency().GetByIdAsync(cipher.Id).Returns(cipher); sutProvider.GetDependency().IsEnabled(FeatureFlagKeys.RestrictProviderAccess).Returns(true); - await Assert.ThrowsAsync(() => sutProvider.Sut.PutDeleteAdmin(cipher.Id.ToString())); + await Assert.ThrowsAsync(() => sutProvider.Sut.PutDeleteAdmin(cipher.Id)); } [Theory] [BitAutoData(OrganizationUserType.Owner)] [BitAutoData(OrganizationUserType.Admin)] - public async Task PutDeleteManyAdmin_WithOwnerOrAdmin_WithAccessToSpecificCiphers_SoftDeletesCiphers( + public async Task PutDeleteManyAdmin_WithOwnerOrAdmin_WithEditPermission_SoftDeletesCiphers( OrganizationUserType organizationUserType, CipherBulkDeleteRequestModel model, Guid userId, List ciphers, CurrentContextOrganization organization, SutProvider sutProvider) { @@ -727,6 +1062,113 @@ public class CiphersControllerTests userId, organization.Id, true); } + [Theory] + [BitAutoData(OrganizationUserType.Owner)] + [BitAutoData(OrganizationUserType.Admin)] + public async Task PutDeleteManyAdmin_WithOwnerOrAdmin_WithoutEditPermission_ThrowsNotFoundException( + OrganizationUserType organizationUserType, CipherBulkDeleteRequestModel model, Guid userId, List ciphers, + CurrentContextOrganization organization, SutProvider sutProvider) + { + model.OrganizationId = organization.Id.ToString(); + model.Ids = ciphers.Select(c => c.Id.ToString()).ToList(); + organization.Type = organizationUserType; + + sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); + sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); + + sutProvider.GetDependency() + .GetManyByUserIdAsync(userId) + .Returns(ciphers.Select(c => new CipherDetails + { + Id = c.Id, + OrganizationId = organization.Id, + Edit = false + }).ToList()); + + await Assert.ThrowsAsync(() => sutProvider.Sut.PutDeleteManyAdmin(model)); + } + + [Theory] + [BitAutoData(OrganizationUserType.Owner)] + [BitAutoData(OrganizationUserType.Admin)] + public async Task PutDeleteManyAdmin_WithLimitItemDeletionEnabled_WithOwnerOrAdmin_WithManagePermission_SoftDeletesCiphers( + OrganizationUserType organizationUserType, CipherBulkDeleteRequestModel model, Guid userId, List ciphers, + CurrentContextOrganization organization, SutProvider sutProvider) + { + model.OrganizationId = organization.Id.ToString(); + model.Ids = ciphers.Select(c => c.Id.ToString()).ToList(); + organization.Type = organizationUserType; + + sutProvider.GetDependency().IsEnabled(FeatureFlagKeys.LimitItemDeletion).Returns(true); + sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); + sutProvider.GetDependency().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(new User { Id = userId }); + sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); + + sutProvider.GetDependency() + .GetManyByUserIdAsync(userId) + .Returns(ciphers.Select(c => new CipherDetails + { + Id = c.Id, + OrganizationId = organization.Id, + Edit = true, + Manage = true + }).ToList()); + + sutProvider.GetDependency() + .GetOrganizationAbilityAsync(organization.Id) + .Returns(new OrganizationAbility + { + Id = organization.Id, + LimitItemDeletion = true + }); + + await sutProvider.Sut.PutDeleteManyAdmin(model); + + await sutProvider.GetDependency() + .Received(1) + .SoftDeleteManyAsync( + Arg.Is>(ids => + ids.All(id => model.Ids.Contains(id.ToString())) && ids.Count() == model.Ids.Count()), + userId, organization.Id, true); + } + + [Theory] + [BitAutoData(OrganizationUserType.Owner)] + [BitAutoData(OrganizationUserType.Admin)] + public async Task PutDeleteManyAdmin_WithLimitItemDeletionEnabled_WithOwnerOrAdmin_WithoutManagePermission_ThrowsNotFoundException( + OrganizationUserType organizationUserType, CipherBulkDeleteRequestModel model, Guid userId, List ciphers, + CurrentContextOrganization organization, SutProvider sutProvider) + { + model.OrganizationId = organization.Id.ToString(); + model.Ids = ciphers.Select(c => c.Id.ToString()).ToList(); + organization.Type = organizationUserType; + + sutProvider.GetDependency().IsEnabled(FeatureFlagKeys.LimitItemDeletion).Returns(true); + sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); + sutProvider.GetDependency().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(new User { Id = userId }); + sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); + + sutProvider.GetDependency() + .GetManyByUserIdAsync(userId) + .Returns(ciphers.Select(c => new CipherDetails + { + Id = c.Id, + OrganizationId = organization.Id, + Edit = true, + Manage = false + }).ToList()); + + sutProvider.GetDependency() + .GetOrganizationAbilityAsync(organization.Id) + .Returns(new OrganizationAbility + { + Id = organization.Id, + LimitItemDeletion = true + }); + + await Assert.ThrowsAsync(() => sutProvider.Sut.PutDeleteManyAdmin(model)); + } + [Theory] [BitAutoData(OrganizationUserType.Owner)] [BitAutoData(OrganizationUserType.Admin)] @@ -874,170 +1316,273 @@ public class CiphersControllerTests [Theory] [BitAutoData(OrganizationUserType.Owner)] [BitAutoData(OrganizationUserType.Admin)] - public async Task PutRestoreAdmin_WithOwnerOrAdmin_WithAccessToSpecificCipher_RestoresCipher( - OrganizationUserType organizationUserType, CipherDetails cipher, Guid userId, + public async Task PutRestoreAdmin_WithOwnerOrAdmin_WithEditPermission_RestoresCipher( + OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId, CurrentContextOrganization organization, SutProvider sutProvider) { - cipher.OrganizationId = organization.Id; - cipher.Type = CipherType.Login; - cipher.Data = JsonSerializer.Serialize(new CipherLoginData()); + cipherDetails.UserId = null; + cipherDetails.OrganizationId = organization.Id; + cipherDetails.Type = CipherType.Login; + cipherDetails.Data = JsonSerializer.Serialize(new CipherLoginData()); + cipherDetails.Edit = true; + organization.Type = organizationUserType; sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); - sutProvider.GetDependency().GetOrganizationDetailsByIdAsync(cipher.Id).Returns(cipher); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); sutProvider.GetDependency() .GetManyByUserIdAsync(userId) .Returns(new List { - new() { Id = cipher.Id, OrganizationId = cipher.OrganizationId, Edit = true } + cipherDetails }); - var result = await sutProvider.Sut.PutRestoreAdmin(cipher.Id.ToString()); + var result = await sutProvider.Sut.PutRestoreAdmin(cipherDetails.Id); - Assert.NotNull(result); Assert.IsType(result); - await sutProvider.GetDependency().Received(1).RestoreAsync(cipher, userId, true); + await sutProvider.GetDependency().Received(1).RestoreAsync(cipherDetails, userId, true); + } + + [Theory] + [BitAutoData(OrganizationUserType.Owner)] + [BitAutoData(OrganizationUserType.Admin)] + public async Task PutRestoreAdmin_WithOwnerOrAdmin_WithoutEditPermission_ThrowsNotFoundException( + OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId, + CurrentContextOrganization organization, SutProvider sutProvider) + { + cipherDetails.UserId = null; + cipherDetails.OrganizationId = organization.Id; + cipherDetails.Edit = false; + cipherDetails.Manage = false; + + organization.Type = organizationUserType; + + sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); + sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); + sutProvider.GetDependency() + .GetManyByUserIdAsync(userId) + .Returns(new List + { + cipherDetails + }); + + await Assert.ThrowsAsync(() => sutProvider.Sut.PutRestoreAdmin(cipherDetails.Id)); + } + + [Theory] + [BitAutoData(OrganizationUserType.Owner)] + [BitAutoData(OrganizationUserType.Admin)] + public async Task PutRestoreAdmin_WithLimitItemDeletionEnabled_WithOwnerOrAdmin_WithManagePermission_RestoresCipher( + OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId, + CurrentContextOrganization organization, SutProvider sutProvider) + { + cipherDetails.UserId = null; + cipherDetails.OrganizationId = organization.Id; + cipherDetails.Type = CipherType.Login; + cipherDetails.Data = JsonSerializer.Serialize(new CipherLoginData()); + cipherDetails.Edit = true; + cipherDetails.Manage = true; + + organization.Type = organizationUserType; + + sutProvider.GetDependency().IsEnabled(FeatureFlagKeys.LimitItemDeletion).Returns(true); + sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); + sutProvider.GetDependency().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(new User { Id = userId }); + sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); + sutProvider.GetDependency() + .GetManyByUserIdAsync(userId) + .Returns(new List + { + cipherDetails + }); + sutProvider.GetDependency() + .GetOrganizationAbilityAsync(organization.Id) + .Returns(new OrganizationAbility + { + Id = organization.Id, + LimitItemDeletion = true + }); + + var result = await sutProvider.Sut.PutRestoreAdmin(cipherDetails.Id); + + Assert.IsType(result); + await sutProvider.GetDependency().Received(1).RestoreAsync(cipherDetails, userId, true); + } + + [Theory] + [BitAutoData(OrganizationUserType.Owner)] + [BitAutoData(OrganizationUserType.Admin)] + public async Task PutRestoreAdmin_WithLimitItemDeletionEnabled_WithOwnerOrAdmin_WithoutManagePermission_ThrowsNotFoundException( + OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId, + CurrentContextOrganization organization, SutProvider sutProvider) + { + cipherDetails.UserId = null; + cipherDetails.OrganizationId = organization.Id; + cipherDetails.Edit = true; + cipherDetails.Manage = false; + + organization.Type = organizationUserType; + + sutProvider.GetDependency().IsEnabled(FeatureFlagKeys.LimitItemDeletion).Returns(true); + sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); + sutProvider.GetDependency().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(new User { Id = userId }); + sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); + sutProvider.GetDependency() + .GetManyByUserIdAsync(userId) + .Returns(new List + { + cipherDetails + }); + sutProvider.GetDependency() + .GetOrganizationAbilityAsync(organization.Id) + .Returns(new OrganizationAbility + { + Id = organization.Id, + LimitItemDeletion = true + }); + + await Assert.ThrowsAsync(() => sutProvider.Sut.PutRestoreAdmin(cipherDetails.Id)); } [Theory] [BitAutoData(OrganizationUserType.Owner)] [BitAutoData(OrganizationUserType.Admin)] public async Task PutRestoreAdmin_WithOwnerOrAdmin_WithAccessToUnassignedCipher_RestoresCipher( - OrganizationUserType organizationUserType, CipherDetails cipher, Guid userId, + OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId, CurrentContextOrganization organization, SutProvider sutProvider) { - cipher.OrganizationId = organization.Id; - cipher.Type = CipherType.Login; - cipher.Data = JsonSerializer.Serialize(new CipherLoginData()); + cipherDetails.OrganizationId = organization.Id; + cipherDetails.Type = CipherType.Login; + cipherDetails.Data = JsonSerializer.Serialize(new CipherLoginData()); organization.Type = organizationUserType; sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); - sutProvider.GetDependency().GetOrganizationDetailsByIdAsync(cipher.Id).Returns(cipher); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); sutProvider.GetDependency() .GetManyUnassignedOrganizationDetailsByOrganizationIdAsync(organization.Id) - .Returns(new List { new() { Id = cipher.Id } }); + .Returns(new List { new() { Id = cipherDetails.Id } }); - var result = await sutProvider.Sut.PutRestoreAdmin(cipher.Id.ToString()); + var result = await sutProvider.Sut.PutRestoreAdmin(cipherDetails.Id); - Assert.NotNull(result); Assert.IsType(result); - await sutProvider.GetDependency().Received(1).RestoreAsync(cipher, userId, true); + await sutProvider.GetDependency().Received(1).RestoreAsync(cipherDetails, userId, true); } [Theory] [BitAutoData(OrganizationUserType.Owner)] [BitAutoData(OrganizationUserType.Admin)] public async Task PutRestoreAdmin_WithOwnerOrAdmin_WithAccessToAllCollectionItems_RestoresCipher( - OrganizationUserType organizationUserType, CipherDetails cipher, Guid userId, + OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId, CurrentContextOrganization organization, SutProvider sutProvider) { - cipher.OrganizationId = organization.Id; - cipher.Type = CipherType.Login; - cipher.Data = JsonSerializer.Serialize(new CipherLoginData()); + cipherDetails.OrganizationId = organization.Id; + cipherDetails.Type = CipherType.Login; + cipherDetails.Data = JsonSerializer.Serialize(new CipherLoginData()); organization.Type = organizationUserType; sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); - sutProvider.GetDependency().GetOrganizationDetailsByIdAsync(cipher.Id).Returns(cipher); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); - sutProvider.GetDependency().GetManyByOrganizationIdAsync(organization.Id).Returns(new List { cipher }); + sutProvider.GetDependency().GetManyByOrganizationIdAsync(organization.Id).Returns(new List { cipherDetails }); sutProvider.GetDependency().GetOrganizationAbilityAsync(organization.Id).Returns(new OrganizationAbility { Id = organization.Id, AllowAdminAccessToAllCollectionItems = true }); - var result = await sutProvider.Sut.PutRestoreAdmin(cipher.Id.ToString()); + var result = await sutProvider.Sut.PutRestoreAdmin(cipherDetails.Id); - Assert.NotNull(result); - await sutProvider.GetDependency().Received(1).RestoreAsync(cipher, userId, true); + Assert.IsType(result); + await sutProvider.GetDependency().Received(1).RestoreAsync(cipherDetails, userId, true); } [Theory] [BitAutoData] public async Task PutRestoreAdmin_WithCustomUser_WithEditAnyCollectionTrue_RestoresCipher( - CipherDetails cipher, Guid userId, + CipherDetails cipherDetails, Guid userId, CurrentContextOrganization organization, SutProvider sutProvider) { - cipher.OrganizationId = organization.Id; - cipher.Type = CipherType.Login; - cipher.Data = JsonSerializer.Serialize(new CipherLoginData()); + cipherDetails.OrganizationId = organization.Id; + cipherDetails.Type = CipherType.Login; + cipherDetails.Data = JsonSerializer.Serialize(new CipherLoginData()); organization.Type = OrganizationUserType.Custom; organization.Permissions.EditAnyCollection = true; sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); - sutProvider.GetDependency().GetOrganizationDetailsByIdAsync(cipher.Id).Returns(cipher); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); - sutProvider.GetDependency().GetManyByOrganizationIdAsync(organization.Id).Returns(new List { cipher }); + sutProvider.GetDependency().GetManyByOrganizationIdAsync(organization.Id).Returns(new List { cipherDetails }); - var result = await sutProvider.Sut.PutRestoreAdmin(cipher.Id.ToString()); + var result = await sutProvider.Sut.PutRestoreAdmin(cipherDetails.Id); - Assert.NotNull(result); Assert.IsType(result); - await sutProvider.GetDependency().Received(1).RestoreAsync(cipher, userId, true); + await sutProvider.GetDependency().Received(1).RestoreAsync(cipherDetails, userId, true); } [Theory] [BitAutoData] public async Task PutRestoreAdmin_WithCustomUser_WithEditAnyCollectionFalse_ThrowsNotFoundException( - CipherDetails cipher, Guid userId, + CipherDetails cipherDetails, Guid userId, CurrentContextOrganization organization, SutProvider sutProvider) { - cipher.OrganizationId = organization.Id; - cipher.Type = CipherType.Login; - cipher.Data = JsonSerializer.Serialize(new CipherLoginData()); + cipherDetails.OrganizationId = organization.Id; + cipherDetails.Type = CipherType.Login; + cipherDetails.Data = JsonSerializer.Serialize(new CipherLoginData()); organization.Type = OrganizationUserType.Custom; organization.Permissions.EditAnyCollection = false; sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); - sutProvider.GetDependency().GetOrganizationDetailsByIdAsync(cipher.Id).Returns(cipher); + sutProvider.GetDependency().GetOrganizationDetailsByIdAsync(cipherDetails.Id).Returns(cipherDetails); sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); - sutProvider.GetDependency().GetManyByOrganizationIdAsync(organization.Id).Returns(new List { cipher }); + sutProvider.GetDependency().GetManyByOrganizationIdAsync(organization.Id).Returns(new List { cipherDetails }); - await Assert.ThrowsAsync(() => sutProvider.Sut.PutRestoreAdmin(cipher.Id.ToString())); + await Assert.ThrowsAsync(() => sutProvider.Sut.PutRestoreAdmin(cipherDetails.Id)); } [Theory] [BitAutoData] public async Task PutRestoreAdmin_WithProviderUser_RestoresCipher( - CipherDetails cipher, Guid userId, SutProvider sutProvider) + CipherDetails cipherDetails, Guid userId, SutProvider sutProvider) { - cipher.OrganizationId = Guid.NewGuid(); - cipher.Type = CipherType.Login; - cipher.Data = JsonSerializer.Serialize(new CipherLoginData()); + cipherDetails.OrganizationId = Guid.NewGuid(); + cipherDetails.Type = CipherType.Login; + cipherDetails.Data = JsonSerializer.Serialize(new CipherLoginData()); sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); - sutProvider.GetDependency().ProviderUserForOrgAsync(cipher.OrganizationId.Value).Returns(true); - sutProvider.GetDependency().GetOrganizationDetailsByIdAsync(cipher.Id).Returns(cipher); - sutProvider.GetDependency().GetManyByOrganizationIdAsync(cipher.OrganizationId.Value).Returns(new List { cipher }); + sutProvider.GetDependency().ProviderUserForOrgAsync(cipherDetails.OrganizationId.Value).Returns(true); + sutProvider.GetDependency().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails); + sutProvider.GetDependency().GetManyByOrganizationIdAsync(cipherDetails.OrganizationId.Value).Returns(new List { cipherDetails }); - var result = await sutProvider.Sut.PutRestoreAdmin(cipher.Id.ToString()); + var result = await sutProvider.Sut.PutRestoreAdmin(cipherDetails.Id); - Assert.NotNull(result); Assert.IsType(result); - await sutProvider.GetDependency().Received(1).RestoreAsync(cipher, userId, true); + await sutProvider.GetDependency().Received(1).RestoreAsync(cipherDetails, userId, true); } [Theory] [BitAutoData] public async Task PutRestoreAdmin_WithProviderUser_WithRestrictProviderAccessTrue_ThrowsNotFoundException( - CipherDetails cipher, Guid userId, SutProvider sutProvider) + CipherDetails cipherDetails, Guid userId, SutProvider sutProvider) { - cipher.OrganizationId = Guid.NewGuid(); + cipherDetails.OrganizationId = Guid.NewGuid(); sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); - sutProvider.GetDependency().ProviderUserForOrgAsync(cipher.OrganizationId.Value).Returns(true); - sutProvider.GetDependency().GetOrganizationDetailsByIdAsync(cipher.Id).Returns(cipher); + sutProvider.GetDependency().ProviderUserForOrgAsync(cipherDetails.OrganizationId.Value).Returns(true); + sutProvider.GetDependency().GetOrganizationDetailsByIdAsync(cipherDetails.Id).Returns(cipherDetails); sutProvider.GetDependency().IsEnabled(FeatureFlagKeys.RestrictProviderAccess).Returns(true); - await Assert.ThrowsAsync(() => sutProvider.Sut.PutRestoreAdmin(cipher.Id.ToString())); + await Assert.ThrowsAsync(() => sutProvider.Sut.PutRestoreAdmin(cipherDetails.Id)); } [Theory] [BitAutoData(OrganizationUserType.Owner)] [BitAutoData(OrganizationUserType.Admin)] - public async Task PutRestoreManyAdmin_WithOwnerOrAdmin_WithAccessToSpecificCiphers_RestoresCiphers( + public async Task PutRestoreManyAdmin_WithOwnerOrAdmin_WithEditPermission_RestoresCiphers( OrganizationUserType organizationUserType, CipherBulkRestoreRequestModel model, Guid userId, List ciphers, CurrentContextOrganization organization, SutProvider sutProvider) { @@ -1047,7 +1592,6 @@ public class CiphersControllerTests sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); - sutProvider.GetDependency().GetManyByOrganizationIdAsync(organization.Id).Returns(ciphers); sutProvider.GetDependency() .GetManyByUserIdAsync(userId) .Returns(ciphers.Select(c => new CipherDetails @@ -1071,7 +1615,6 @@ public class CiphersControllerTests var result = await sutProvider.Sut.PutRestoreManyAdmin(model); - Assert.NotNull(result); await sutProvider.GetDependency().Received(1) .RestoreManyAsync( Arg.Is>(ids => @@ -1079,6 +1622,130 @@ public class CiphersControllerTests userId, organization.Id, true); } + [Theory] + [BitAutoData(OrganizationUserType.Owner)] + [BitAutoData(OrganizationUserType.Admin)] + public async Task PutRestoreManyAdmin_WithOwnerOrAdmin_WithoutEditPermission_ThrowsNotFoundException( + OrganizationUserType organizationUserType, CipherBulkRestoreRequestModel model, Guid userId, List ciphers, + CurrentContextOrganization organization, SutProvider sutProvider) + { + model.OrganizationId = organization.Id; + model.Ids = ciphers.Select(c => c.Id.ToString()).ToList(); + organization.Type = organizationUserType; + + sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); + sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); + sutProvider.GetDependency() + .GetManyByUserIdAsync(userId) + .Returns(ciphers.Select(c => new CipherDetails + { + Id = c.Id, + OrganizationId = organization.Id, + Edit = false, + Type = CipherType.Login, + Data = JsonSerializer.Serialize(new CipherLoginData()) + }).ToList()); + + await Assert.ThrowsAsync(() => sutProvider.Sut.PutRestoreManyAdmin(model)); + } + + [Theory] + [BitAutoData(OrganizationUserType.Owner)] + [BitAutoData(OrganizationUserType.Admin)] + public async Task PutRestoreManyAdmin_WithLimitItemDeletionEnabled_WithOwnerOrAdmin_WithManagePermission_RestoresCiphers( + OrganizationUserType organizationUserType, CipherBulkRestoreRequestModel model, Guid userId, List ciphers, + CurrentContextOrganization organization, SutProvider sutProvider) + { + model.OrganizationId = organization.Id; + model.Ids = ciphers.Select(c => c.Id.ToString()).ToList(); + organization.Type = organizationUserType; + + sutProvider.GetDependency().IsEnabled(FeatureFlagKeys.LimitItemDeletion).Returns(true); + sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); + sutProvider.GetDependency().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(new User { Id = userId }); + sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); + + sutProvider.GetDependency() + .GetManyByUserIdAsync(userId) + .Returns(ciphers.Select(c => new CipherDetails + { + Id = c.Id, + OrganizationId = organization.Id, + Edit = true, + Manage = true + }).ToList()); + + sutProvider.GetDependency() + .GetOrganizationAbilityAsync(organization.Id) + .Returns(new OrganizationAbility + { + Id = organization.Id, + LimitItemDeletion = true + }); + + var cipherOrgDetails = ciphers.Select(c => new CipherOrganizationDetails + { + Id = c.Id, + OrganizationId = organization.Id, + Type = CipherType.Login, + Data = JsonSerializer.Serialize(new CipherLoginData()) + }).ToList(); + + sutProvider.GetDependency() + .RestoreManyAsync( + Arg.Is>(ids => + ids.All(id => model.Ids.Contains(id.ToString())) && ids.Count == model.Ids.Count()), + userId, organization.Id, true) + .Returns(cipherOrgDetails); + + var result = await sutProvider.Sut.PutRestoreManyAdmin(model); + + Assert.Equal(ciphers.Count, result.Data.Count()); + await sutProvider.GetDependency() + .Received(1) + .RestoreManyAsync( + Arg.Is>(ids => + ids.All(id => model.Ids.Contains(id.ToString())) && ids.Count == model.Ids.Count()), + userId, organization.Id, true); + } + + [Theory] + [BitAutoData(OrganizationUserType.Owner)] + [BitAutoData(OrganizationUserType.Admin)] + public async Task PutRestoreManyAdmin_WithLimitItemDeletionEnabled_WithOwnerOrAdmin_WithoutManagePermission_ThrowsNotFoundException( + OrganizationUserType organizationUserType, CipherBulkRestoreRequestModel model, Guid userId, List ciphers, + CurrentContextOrganization organization, SutProvider sutProvider) + { + model.OrganizationId = organization.Id; + model.Ids = ciphers.Select(c => c.Id.ToString()).ToList(); + organization.Type = organizationUserType; + + sutProvider.GetDependency().IsEnabled(FeatureFlagKeys.LimitItemDeletion).Returns(true); + sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(userId); + sutProvider.GetDependency().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(new User { Id = userId }); + sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); + sutProvider.GetDependency() + .GetManyByUserIdAsync(userId) + .Returns(ciphers.Select(c => new CipherDetails + { + Id = c.Id, + OrganizationId = organization.Id, + Edit = true, + Manage = false, + Type = CipherType.Login, + Data = JsonSerializer.Serialize(new CipherLoginData()) + }).ToList()); + sutProvider.GetDependency() + .GetOrganizationAbilityAsync(organization.Id) + .Returns(new OrganizationAbility + { + Id = organization.Id, + LimitItemDeletion = true + }); + + await Assert.ThrowsAsync(() => sutProvider.Sut.PutRestoreManyAdmin(model)); + } + [Theory] [BitAutoData(OrganizationUserType.Owner)] [BitAutoData(OrganizationUserType.Admin)] diff --git a/test/Core.Test/AdminConsole/Models/Data/Organizations/OrganizationIntegrationConfigurationDetailsTests.cs b/test/Core.Test/AdminConsole/Models/Data/Organizations/OrganizationIntegrationConfigurationDetailsTests.cs index 3c5eec751f..99a11903b4 100644 --- a/test/Core.Test/AdminConsole/Models/Data/Organizations/OrganizationIntegrationConfigurationDetailsTests.cs +++ b/test/Core.Test/AdminConsole/Models/Data/Organizations/OrganizationIntegrationConfigurationDetailsTests.cs @@ -7,7 +7,7 @@ namespace Bit.Core.Test.Models.Data.Organizations; public class OrganizationIntegrationConfigurationDetailsTests { [Fact] - public void MergedConfiguration_BothHaveValues() + public void MergedConfiguration_WithValidConfigAndIntegration_ReturnsMergedJson() { var config = new { config = "A new config value" }; var integration = new { integration = "An integration value" }; @@ -23,7 +23,7 @@ public class OrganizationIntegrationConfigurationDetailsTests } [Fact] - public void MergedConfiguration_BothNotJson() + public void MergedConfiguration_WithInvalidJsonConfigAndIntegration_ReturnsEmptyJson() { var expectedObj = new { }; var expected = JsonSerializer.Serialize(expectedObj); @@ -37,7 +37,7 @@ public class OrganizationIntegrationConfigurationDetailsTests } [Fact] - public void MergedConfiguration_BothNull() + public void MergedConfiguration_WithNullConfigAndIntegration_ReturnsEmptyJson() { var expectedObj = new { }; var expected = JsonSerializer.Serialize(expectedObj); @@ -51,7 +51,7 @@ public class OrganizationIntegrationConfigurationDetailsTests } [Fact] - public void MergedConfiguration_ConfigNull() + public void MergedConfiguration_WithValidIntegrationAndNullConfig_ReturnsIntegrationJson() { var integration = new { integration = "An integration value" }; var expectedObj = new { integration = "An integration value" }; @@ -66,7 +66,7 @@ public class OrganizationIntegrationConfigurationDetailsTests } [Fact] - public void MergedConfiguration_IntegrationNull() + public void MergedConfiguration_WithValidConfigAndNullIntegration_ReturnsConfigJson() { var config = new { config = "A new config value" }; var expectedObj = new { config = "A new config value" }; diff --git a/test/Core.Test/Auth/Services/AuthRequestServiceTests.cs b/test/Core.Test/Auth/Services/AuthRequestServiceTests.cs index 5e99ecf171..edd7a06fa7 100644 --- a/test/Core.Test/Auth/Services/AuthRequestServiceTests.cs +++ b/test/Core.Test/Auth/Services/AuthRequestServiceTests.cs @@ -273,78 +273,7 @@ public class AuthRequestServiceTests /// each of them. /// [Theory, BitAutoData] - public async Task CreateAuthRequestAsync_AdminApproval_CreatesForEachOrganization( - SutProvider sutProvider, - AuthRequestCreateRequestModel createModel, - User user, - OrganizationUser organizationUser1, - OrganizationUser organizationUser2) - { - createModel.Type = AuthRequestType.AdminApproval; - user.Email = createModel.Email; - organizationUser1.UserId = user.Id; - organizationUser2.UserId = user.Id; - - sutProvider.GetDependency() - .GetByEmailAsync(user.Email) - .Returns(user); - - sutProvider.GetDependency() - .DeviceType - .Returns(DeviceType.ChromeExtension); - - sutProvider.GetDependency() - .UserId - .Returns(user.Id); - - sutProvider.GetDependency() - .PasswordlessAuth.KnownDevicesOnly - .Returns(false); - - - sutProvider.GetDependency() - .GetManyByUserAsync(user.Id) - .Returns(new List - { - organizationUser1, - organizationUser2, - }); - - sutProvider.GetDependency() - .CreateAsync(Arg.Any()) - .Returns(c => c.ArgAt(0)); - - var authRequest = await sutProvider.Sut.CreateAuthRequestAsync(createModel); - - Assert.Equal(organizationUser1.OrganizationId, authRequest.OrganizationId); - - await sutProvider.GetDependency() - .Received(1) - .CreateAsync(Arg.Is(o => o.OrganizationId == organizationUser1.OrganizationId)); - - await sutProvider.GetDependency() - .Received(1) - .CreateAsync(Arg.Is(o => o.OrganizationId == organizationUser2.OrganizationId)); - - await sutProvider.GetDependency() - .Received(2) - .CreateAsync(Arg.Any()); - - await sutProvider.GetDependency() - .Received(1) - .LogUserEventAsync(user.Id, EventType.User_RequestedDeviceApproval); - - await sutProvider.GetDependency() - .DidNotReceiveWithAnyArgs() - .SendDeviceApprovalRequestedNotificationEmailAsync( - Arg.Any>(), - Arg.Any(), - Arg.Any(), - Arg.Any()); - } - - [Theory, BitAutoData] - public async Task CreateAuthRequestAsync_AdminApproval_WithAdminNotifications_CreatesForEachOrganization_SendsEmails( + public async Task CreateAuthRequestAsync_AdminApproval_CreatesForEachOrganization_SendsEmails( SutProvider sutProvider, AuthRequestCreateRequestModel createModel, User user, @@ -369,10 +298,6 @@ public class AuthRequestServiceTests ManageResetPassword = true, }); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.DeviceApprovalRequestAdminNotifications) - .Returns(true); - sutProvider.GetDependency() .GetByEmailAsync(user.Email) .Returns(user); diff --git a/test/Core.Test/Vault/Services/CipherServiceTests.cs b/test/Core.Test/Vault/Services/CipherServiceTests.cs index a7dcbddcea..ed07799c93 100644 --- a/test/Core.Test/Vault/Services/CipherServiceTests.cs +++ b/test/Core.Test/Vault/Services/CipherServiceTests.cs @@ -8,6 +8,7 @@ using Bit.Core.Billing.Enums; using Bit.Core.Entities; using Bit.Core.Enums; using Bit.Core.Exceptions; +using Bit.Core.Models.Data.Organizations; using Bit.Core.Platform.Push; using Bit.Core.Repositories; using Bit.Core.Services; @@ -670,7 +671,7 @@ public class CipherServiceTests [Theory] [BitAutoData] - public async Task RestoreAsync_UpdatesUserCipher(Guid restoringUserId, Cipher cipher, SutProvider sutProvider) + public async Task RestoreAsync_UpdatesUserCipher(Guid restoringUserId, CipherDetails cipher, SutProvider sutProvider) { sutProvider.GetDependency().GetCanEditByIdAsync(restoringUserId, cipher.Id).Returns(true); @@ -687,7 +688,7 @@ public class CipherServiceTests [Theory] [OrganizationCipherCustomize] [BitAutoData] - public async Task RestoreAsync_UpdatesOrganizationCipher(Guid restoringUserId, Cipher cipher, SutProvider sutProvider) + public async Task RestoreAsync_UpdatesOrganizationCipher(Guid restoringUserId, CipherDetails cipher, SutProvider sutProvider) { sutProvider.GetDependency().GetCanEditByIdAsync(restoringUserId, cipher.Id).Returns(true); @@ -704,11 +705,11 @@ public class CipherServiceTests [Theory] [BitAutoData] public async Task RestoreAsync_WithAlreadyRestoredCipher_SkipsOperation( - Guid restoringUserId, Cipher cipher, SutProvider sutProvider) + Guid restoringUserId, CipherDetails cipherDetails, SutProvider sutProvider) { - cipher.DeletedDate = null; + cipherDetails.DeletedDate = null; - await sutProvider.Sut.RestoreAsync(cipher, restoringUserId, true); + await sutProvider.Sut.RestoreAsync(cipherDetails, restoringUserId, true); await sutProvider.GetDependency().DidNotReceiveWithAnyArgs().UpsertAsync(default); await sutProvider.GetDependency().DidNotReceiveWithAnyArgs().LogCipherEventAsync(default, default); @@ -718,13 +719,13 @@ public class CipherServiceTests [Theory] [BitAutoData] public async Task RestoreAsync_WithPersonalCipherBelongingToDifferentUser_ThrowsBadRequestException( - Guid restoringUserId, Cipher cipher, SutProvider sutProvider) + Guid restoringUserId, CipherDetails cipherDetails, SutProvider sutProvider) { - cipher.UserId = Guid.NewGuid(); - cipher.OrganizationId = null; + cipherDetails.UserId = Guid.NewGuid(); + cipherDetails.OrganizationId = null; var exception = await Assert.ThrowsAsync( - () => sutProvider.Sut.RestoreAsync(cipher, restoringUserId)); + () => sutProvider.Sut.RestoreAsync(cipherDetails, restoringUserId)); Assert.Contains("do not have permissions", exception.Message); await sutProvider.GetDependency().DidNotReceiveWithAnyArgs().UpsertAsync(default); @@ -736,14 +737,14 @@ public class CipherServiceTests [OrganizationCipherCustomize] [BitAutoData] public async Task RestoreAsync_WithOrgCipherLackingEditPermission_ThrowsBadRequestException( - Guid restoringUserId, Cipher cipher, SutProvider sutProvider) + Guid restoringUserId, CipherDetails cipherDetails, SutProvider sutProvider) { sutProvider.GetDependency() - .GetCanEditByIdAsync(restoringUserId, cipher.Id) + .GetCanEditByIdAsync(restoringUserId, cipherDetails.Id) .Returns(false); var exception = await Assert.ThrowsAsync( - () => sutProvider.Sut.RestoreAsync(cipher, restoringUserId)); + () => sutProvider.Sut.RestoreAsync(cipherDetails, restoringUserId)); Assert.Contains("do not have permissions", exception.Message); await sutProvider.GetDependency().DidNotReceiveWithAnyArgs().UpsertAsync(default); @@ -753,7 +754,7 @@ public class CipherServiceTests [Theory] [BitAutoData] - public async Task RestoreAsync_WithCipherDetailsType_RestoresCipherDetails( + public async Task RestoreAsync_WithEditPermission_RestoresCipherDetails( Guid restoringUserId, CipherDetails cipherDetails, SutProvider sutProvider) { sutProvider.GetDependency() @@ -773,6 +774,91 @@ public class CipherServiceTests await sutProvider.GetDependency().Received(1).PushSyncCipherUpdateAsync(cipherDetails, null); } + [Theory] + [OrganizationCipherCustomize] + [BitAutoData] + public async Task RestoreAsync_WithOrgAdminOverride_RestoresCipher( + Guid restoringUserId, CipherDetails cipherDetails, SutProvider sutProvider) + { + cipherDetails.DeletedDate = DateTime.UtcNow; + + await sutProvider.Sut.RestoreAsync(cipherDetails, restoringUserId, true); + + Assert.Null(cipherDetails.DeletedDate); + Assert.NotEqual(DateTime.UtcNow, cipherDetails.RevisionDate); + await sutProvider.GetDependency().Received(1).UpsertAsync(cipherDetails); + await sutProvider.GetDependency().Received(1).LogCipherEventAsync(cipherDetails, EventType.Cipher_Restored); + await sutProvider.GetDependency().Received(1).PushSyncCipherUpdateAsync(cipherDetails, null); + } + + [Theory] + [OrganizationCipherCustomize] + [BitAutoData] + public async Task RestoreAsync_WithLimitItemDeletionEnabled_WithManagePermission_RestoresCipher( + Guid restoringUserId, CipherDetails cipherDetails, User user, SutProvider sutProvider) + { + cipherDetails.OrganizationId = Guid.NewGuid(); + cipherDetails.DeletedDate = DateTime.UtcNow; + cipherDetails.Edit = false; + cipherDetails.Manage = true; + + sutProvider.GetDependency() + .IsEnabled(FeatureFlagKeys.LimitItemDeletion) + .Returns(true); + sutProvider.GetDependency() + .GetUserByIdAsync(restoringUserId) + .Returns(user); + sutProvider.GetDependency() + .GetOrganizationAbilityAsync(cipherDetails.OrganizationId.Value) + .Returns(new OrganizationAbility + { + Id = cipherDetails.OrganizationId.Value, + LimitItemDeletion = true + }); + + await sutProvider.Sut.RestoreAsync(cipherDetails, restoringUserId); + + Assert.Null(cipherDetails.DeletedDate); + Assert.NotEqual(DateTime.UtcNow, cipherDetails.RevisionDate); + await sutProvider.GetDependency().Received(1).UpsertAsync(cipherDetails); + await sutProvider.GetDependency().Received(1).LogCipherEventAsync(cipherDetails, EventType.Cipher_Restored); + await sutProvider.GetDependency().Received(1).PushSyncCipherUpdateAsync(cipherDetails, null); + } + + [Theory] + [OrganizationCipherCustomize] + [BitAutoData] + public async Task RestoreAsync_WithLimitItemDeletionEnabled_WithoutManagePermission_ThrowsBadRequestException( + Guid restoringUserId, CipherDetails cipherDetails, User user, SutProvider sutProvider) + { + cipherDetails.OrganizationId = Guid.NewGuid(); + cipherDetails.DeletedDate = DateTime.UtcNow; + cipherDetails.Edit = true; + cipherDetails.Manage = false; + + sutProvider.GetDependency() + .IsEnabled(FeatureFlagKeys.LimitItemDeletion) + .Returns(true); + sutProvider.GetDependency() + .GetUserByIdAsync(restoringUserId) + .Returns(user); + sutProvider.GetDependency() + .GetOrganizationAbilityAsync(cipherDetails.OrganizationId.Value) + .Returns(new OrganizationAbility + { + Id = cipherDetails.OrganizationId.Value, + LimitItemDeletion = true + }); + + var exception = await Assert.ThrowsAsync( + () => sutProvider.Sut.RestoreAsync(cipherDetails, restoringUserId)); + + Assert.Contains("do not have permissions", exception.Message); + await sutProvider.GetDependency().DidNotReceiveWithAnyArgs().UpsertAsync(default); + await sutProvider.GetDependency().DidNotReceiveWithAnyArgs().LogCipherEventAsync(default, default); + await sutProvider.GetDependency().DidNotReceiveWithAnyArgs().PushSyncCipherUpdateAsync(default, default); + } + [Theory] [BitAutoData] public async Task RestoreManyAsync_UpdatesCiphers(ICollection ciphers, @@ -852,6 +938,239 @@ public class CipherServiceTests await AssertNoActionsAsync(sutProvider); } + [Theory] + [BitAutoData] + public async Task RestoreManyAsync_WithPersonalCipherBelongingToDifferentUser_DoesNotRestoreCiphers( + Guid restoringUserId, List ciphers, SutProvider sutProvider) + { + var cipherIds = ciphers.Select(c => c.Id).ToArray(); + var differentUserId = Guid.NewGuid(); + + foreach (var cipher in ciphers) + { + cipher.UserId = differentUserId; + cipher.OrganizationId = null; + cipher.DeletedDate = DateTime.UtcNow; + } + + sutProvider.GetDependency() + .GetManyByUserIdAsync(restoringUserId) + .Returns(new List()); + + var result = await sutProvider.Sut.RestoreManyAsync(cipherIds, restoringUserId); + + Assert.Empty(result); + await sutProvider.GetDependency() + .Received(1) + .RestoreAsync(Arg.Is>(ids => !ids.Any()), restoringUserId); + await sutProvider.GetDependency() + .DidNotReceiveWithAnyArgs() + .LogCipherEventsAsync(Arg.Any>>()); + await sutProvider.GetDependency() + .Received(1) + .PushSyncCiphersAsync(restoringUserId); + } + + [Theory] + [OrganizationCipherCustomize] + [BitAutoData] + public async Task RestoreManyAsync_WithOrgCipherAndEditPermission_RestoresCiphers( + Guid restoringUserId, List ciphers, Guid organizationId, SutProvider sutProvider) + { + var cipherIds = ciphers.Select(c => c.Id).ToArray(); + var previousRevisionDate = DateTime.UtcNow; + + foreach (var cipher in ciphers) + { + cipher.OrganizationId = organizationId; + cipher.Edit = true; + cipher.DeletedDate = DateTime.UtcNow; + cipher.RevisionDate = previousRevisionDate; + } + + sutProvider.GetDependency() + .GetManyByUserIdAsync(restoringUserId) + .Returns(ciphers); + + var revisionDate = previousRevisionDate + TimeSpan.FromMinutes(1); + sutProvider.GetDependency() + .RestoreAsync(Arg.Any>(), restoringUserId) + .Returns(revisionDate); + + var result = await sutProvider.Sut.RestoreManyAsync(cipherIds, restoringUserId); + + Assert.Equal(ciphers.Count, result.Count); + foreach (var cipher in result) + { + Assert.Null(cipher.DeletedDate); + Assert.Equal(revisionDate, cipher.RevisionDate); + } + + await sutProvider.GetDependency() + .Received(1) + .RestoreAsync(Arg.Is>(ids => ids.Count() == cipherIds.Count() && + ids.All(id => cipherIds.Contains(id))), restoringUserId); + await sutProvider.GetDependency() + .Received(1) + .LogCipherEventsAsync(Arg.Any>>()); + await sutProvider.GetDependency() + .Received(1) + .PushSyncCiphersAsync(restoringUserId); + } + + [Theory] + [OrganizationCipherCustomize] + [BitAutoData] + public async Task RestoreManyAsync_WithOrgCipherLackingEditPermission_DoesNotRestoreCiphers( + Guid restoringUserId, List ciphers, Guid organizationId, SutProvider sutProvider) + { + var cipherIds = ciphers.Select(c => c.Id).ToArray(); + var cipherDetailsList = ciphers.Select(c => new CipherDetails + { + Id = c.Id, + OrganizationId = organizationId, + Edit = false, + DeletedDate = DateTime.UtcNow + }).ToList(); + + sutProvider.GetDependency() + .GetManyByUserIdAsync(restoringUserId) + .Returns(cipherDetailsList); + + var result = await sutProvider.Sut.RestoreManyAsync(cipherIds, restoringUserId); + + Assert.Empty(result); + await sutProvider.GetDependency() + .Received(1) + .RestoreAsync(Arg.Is>(ids => !ids.Any()), restoringUserId); + await sutProvider.GetDependency() + .DidNotReceiveWithAnyArgs() + .LogCipherEventsAsync(Arg.Any>>()); + await sutProvider.GetDependency() + .Received(1) + .PushSyncCiphersAsync(restoringUserId); + } + + [Theory] + [OrganizationCipherCustomize] + [BitAutoData] + public async Task RestoreManyAsync_WithLimitItemDeletionEnabled_WithManagePermission_RestoresCiphers( + Guid restoringUserId, List ciphers, User user, SutProvider sutProvider) + { + var organizationId = Guid.NewGuid(); + var cipherIds = ciphers.Select(c => c.Id).ToArray(); + var previousRevisionDate = DateTime.UtcNow; + + foreach (var cipher in ciphers) + { + cipher.OrganizationId = organizationId; + cipher.Edit = false; + cipher.Manage = true; + cipher.DeletedDate = DateTime.UtcNow; + cipher.RevisionDate = previousRevisionDate; + } + + sutProvider.GetDependency() + .IsEnabled(FeatureFlagKeys.LimitItemDeletion) + .Returns(true); + sutProvider.GetDependency() + .GetManyByUserIdAsync(restoringUserId) + .Returns(ciphers); + sutProvider.GetDependency() + .GetUserByIdAsync(restoringUserId) + .Returns(user); + sutProvider.GetDependency() + .GetOrganizationAbilitiesAsync() + .Returns(new Dictionary + { + { + organizationId, new OrganizationAbility + { + Id = organizationId, + LimitItemDeletion = true + } + } + }); + + var revisionDate = previousRevisionDate + TimeSpan.FromMinutes(1); + sutProvider.GetDependency() + .RestoreAsync(Arg.Any>(), restoringUserId) + .Returns(revisionDate); + + var result = await sutProvider.Sut.RestoreManyAsync(cipherIds, restoringUserId); + + Assert.Equal(ciphers.Count, result.Count); + foreach (var cipher in result) + { + Assert.Null(cipher.DeletedDate); + Assert.Equal(revisionDate, cipher.RevisionDate); + } + + await sutProvider.GetDependency() + .Received(1) + .RestoreAsync(Arg.Is>(ids => ids.Count() == cipherIds.Count() && + ids.All(id => cipherIds.Contains(id))), restoringUserId); + await sutProvider.GetDependency() + .Received(1) + .LogCipherEventsAsync(Arg.Any>>()); + await sutProvider.GetDependency() + .Received(1) + .PushSyncCiphersAsync(restoringUserId); + } + + [Theory] + [OrganizationCipherCustomize] + [BitAutoData] + public async Task RestoreManyAsync_WithLimitItemDeletionEnabled_WithoutManagePermission_DoesNotRestoreCiphers( + Guid restoringUserId, List ciphers, User user, SutProvider sutProvider) + { + var organizationId = Guid.NewGuid(); + var cipherIds = ciphers.Select(c => c.Id).ToArray(); + + foreach (var cipher in ciphers) + { + cipher.OrganizationId = organizationId; + cipher.Edit = true; + cipher.Manage = false; + cipher.DeletedDate = DateTime.UtcNow; + } + + sutProvider.GetDependency() + .IsEnabled(FeatureFlagKeys.LimitItemDeletion) + .Returns(true); + sutProvider.GetDependency() + .GetManyByUserIdAsync(restoringUserId) + .Returns(ciphers); + sutProvider.GetDependency() + .GetUserByIdAsync(restoringUserId) + .Returns(user); + sutProvider.GetDependency() + .GetOrganizationAbilitiesAsync() + .Returns(new Dictionary + { + { + organizationId, new OrganizationAbility + { + Id = organizationId, + LimitItemDeletion = true + } + } + }); + + var result = await sutProvider.Sut.RestoreManyAsync(cipherIds, restoringUserId); + + Assert.Empty(result); + await sutProvider.GetDependency() + .Received(1) + .RestoreAsync(Arg.Is>(ids => !ids.Any()), restoringUserId); + await sutProvider.GetDependency() + .DidNotReceiveWithAnyArgs() + .LogCipherEventsAsync(Arg.Any>>()); + await sutProvider.GetDependency() + .Received(1) + .PushSyncCiphersAsync(restoringUserId); + } + [Theory, BitAutoData] public async Task ShareManyAsync_FreeOrgWithAttachment_Throws(SutProvider sutProvider, IEnumerable ciphers, Guid organizationId, List collectionIds) @@ -1126,47 +1445,47 @@ public class CipherServiceTests [Theory] [BitAutoData] public async Task DeleteAsync_WithPersonalCipherOwner_DeletesCipher( - Guid deletingUserId, Cipher cipher, SutProvider sutProvider) + Guid deletingUserId, CipherDetails cipherDetails, SutProvider sutProvider) { - cipher.UserId = deletingUserId; - cipher.OrganizationId = null; + cipherDetails.UserId = deletingUserId; + cipherDetails.OrganizationId = null; - await sutProvider.Sut.DeleteAsync(cipher, deletingUserId); + await sutProvider.Sut.DeleteAsync(cipherDetails, deletingUserId); - await sutProvider.GetDependency().Received(1).DeleteAsync(cipher); - await sutProvider.GetDependency().Received(1).DeleteAttachmentsForCipherAsync(cipher.Id); - await sutProvider.GetDependency().Received(1).LogCipherEventAsync(cipher, EventType.Cipher_Deleted); - await sutProvider.GetDependency().Received(1).PushSyncCipherDeleteAsync(cipher); + await sutProvider.GetDependency().Received(1).DeleteAsync(cipherDetails); + await sutProvider.GetDependency().Received(1).DeleteAttachmentsForCipherAsync(cipherDetails.Id); + await sutProvider.GetDependency().Received(1).LogCipherEventAsync(cipherDetails, EventType.Cipher_Deleted); + await sutProvider.GetDependency().Received(1).PushSyncCipherDeleteAsync(cipherDetails); } [Theory] [OrganizationCipherCustomize] [BitAutoData] public async Task DeleteAsync_WithOrgCipherAndEditPermission_DeletesCipher( - Guid deletingUserId, Cipher cipher, SutProvider sutProvider) + Guid deletingUserId, CipherDetails cipherDetails, SutProvider sutProvider) { sutProvider.GetDependency() - .GetCanEditByIdAsync(deletingUserId, cipher.Id) + .GetCanEditByIdAsync(deletingUserId, cipherDetails.Id) .Returns(true); - await sutProvider.Sut.DeleteAsync(cipher, deletingUserId); + await sutProvider.Sut.DeleteAsync(cipherDetails, deletingUserId); - await sutProvider.GetDependency().Received(1).DeleteAsync(cipher); - await sutProvider.GetDependency().Received(1).DeleteAttachmentsForCipherAsync(cipher.Id); - await sutProvider.GetDependency().Received(1).LogCipherEventAsync(cipher, EventType.Cipher_Deleted); - await sutProvider.GetDependency().Received(1).PushSyncCipherDeleteAsync(cipher); + await sutProvider.GetDependency().Received(1).DeleteAsync(cipherDetails); + await sutProvider.GetDependency().Received(1).DeleteAttachmentsForCipherAsync(cipherDetails.Id); + await sutProvider.GetDependency().Received(1).LogCipherEventAsync(cipherDetails, EventType.Cipher_Deleted); + await sutProvider.GetDependency().Received(1).PushSyncCipherDeleteAsync(cipherDetails); } [Theory] [BitAutoData] public async Task DeleteAsync_WithPersonalCipherBelongingToDifferentUser_ThrowsBadRequestException( - Guid deletingUserId, Cipher cipher, SutProvider sutProvider) + Guid deletingUserId, CipherDetails cipherDetails, SutProvider sutProvider) { - cipher.UserId = Guid.NewGuid(); - cipher.OrganizationId = null; + cipherDetails.UserId = Guid.NewGuid(); + cipherDetails.OrganizationId = null; var exception = await Assert.ThrowsAsync( - () => sutProvider.Sut.DeleteAsync(cipher, deletingUserId)); + () => sutProvider.Sut.DeleteAsync(cipherDetails, deletingUserId)); Assert.Contains("do not have permissions", exception.Message); await sutProvider.GetDependency().DidNotReceiveWithAnyArgs().DeleteAsync(default); @@ -1179,14 +1498,14 @@ public class CipherServiceTests [OrganizationCipherCustomize] [BitAutoData] public async Task DeleteAsync_WithOrgCipherLackingEditPermission_ThrowsBadRequestException( - Guid deletingUserId, Cipher cipher, SutProvider sutProvider) + Guid deletingUserId, CipherDetails cipherDetails, SutProvider sutProvider) { sutProvider.GetDependency() - .GetCanEditByIdAsync(deletingUserId, cipher.Id) + .GetCanEditByIdAsync(deletingUserId, cipherDetails.Id) .Returns(false); var exception = await Assert.ThrowsAsync( - () => sutProvider.Sut.DeleteAsync(cipher, deletingUserId)); + () => sutProvider.Sut.DeleteAsync(cipherDetails, deletingUserId)); Assert.Contains("do not have permissions", exception.Message); await sutProvider.GetDependency().DidNotReceiveWithAnyArgs().DeleteAsync(default); @@ -1196,62 +1515,400 @@ public class CipherServiceTests } [Theory] + [OrganizationCipherCustomize] [BitAutoData] - public async Task SoftDeleteAsync_WithPersonalCipherOwner_SoftDeletesCipher( - Guid deletingUserId, Cipher cipher, SutProvider sutProvider) + public async Task DeleteAsync_WithOrgAdminOverride_DeletesCipher( + Guid deletingUserId, CipherDetails cipherDetails, SutProvider sutProvider) { - cipher.UserId = deletingUserId; - cipher.OrganizationId = null; - cipher.DeletedDate = null; + await sutProvider.Sut.DeleteAsync(cipherDetails, deletingUserId, true); + + await sutProvider.GetDependency().Received(1).DeleteAsync(cipherDetails); + await sutProvider.GetDependency().Received(1).DeleteAttachmentsForCipherAsync(cipherDetails.Id); + await sutProvider.GetDependency().Received(1).LogCipherEventAsync(cipherDetails, EventType.Cipher_Deleted); + await sutProvider.GetDependency().Received(1).PushSyncCipherDeleteAsync(cipherDetails); + } + + [Theory] + [OrganizationCipherCustomize] + [BitAutoData] + public async Task DeleteAsync_WithLimitItemDeletionEnabled_WithManagePermission_DeletesCipher( + Guid deletingUserId, CipherDetails cipherDetails, User user, SutProvider sutProvider) + { + cipherDetails.OrganizationId = Guid.NewGuid(); + cipherDetails.Edit = false; + cipherDetails.Manage = true; + + sutProvider.GetDependency() + .IsEnabled(FeatureFlagKeys.LimitItemDeletion) + .Returns(true); + sutProvider.GetDependency() + .GetUserByIdAsync(deletingUserId) + .Returns(user); + sutProvider.GetDependency() + .GetOrganizationAbilityAsync(cipherDetails.OrganizationId.Value) + .Returns(new OrganizationAbility + { + Id = cipherDetails.OrganizationId.Value, + LimitItemDeletion = true + }); + + await sutProvider.Sut.DeleteAsync(cipherDetails, deletingUserId); + + await sutProvider.GetDependency().Received(1).DeleteAsync(cipherDetails); + await sutProvider.GetDependency().Received(1).DeleteAttachmentsForCipherAsync(cipherDetails.Id); + await sutProvider.GetDependency().Received(1).LogCipherEventAsync(cipherDetails, EventType.Cipher_Deleted); + await sutProvider.GetDependency().Received(1).PushSyncCipherDeleteAsync(cipherDetails); + } + + [Theory] + [OrganizationCipherCustomize] + [BitAutoData] + public async Task DeleteAsync_WithLimitItemDeletionEnabled_WithoutManagePermission_ThrowsBadRequestException( + Guid deletingUserId, CipherDetails cipherDetails, User user, SutProvider sutProvider) + { + cipherDetails.OrganizationId = Guid.NewGuid(); + cipherDetails.Edit = true; + cipherDetails.Manage = false; + + sutProvider.GetDependency() + .IsEnabled(FeatureFlagKeys.LimitItemDeletion) + .Returns(true); + sutProvider.GetDependency() + .GetUserByIdAsync(deletingUserId) + .Returns(user); + sutProvider.GetDependency() + .GetOrganizationAbilityAsync(cipherDetails.OrganizationId.Value) + .Returns(new OrganizationAbility + { + Id = cipherDetails.OrganizationId.Value, + LimitItemDeletion = true + }); + + var exception = await Assert.ThrowsAsync( + () => sutProvider.Sut.DeleteAsync(cipherDetails, deletingUserId)); + + Assert.Contains("do not have permissions", exception.Message); + await sutProvider.GetDependency().DidNotReceiveWithAnyArgs().DeleteAsync(default); + await sutProvider.GetDependency().DidNotReceiveWithAnyArgs().DeleteAttachmentsForCipherAsync(default); + await sutProvider.GetDependency().DidNotReceiveWithAnyArgs().LogCipherEventAsync(default, default); + await sutProvider.GetDependency().DidNotReceiveWithAnyArgs().PushSyncCipherDeleteAsync(default); + } + + [Theory] + [OrganizationCipherCustomize] + [BitAutoData] + public async Task DeleteManyAsync_WithOrgAdminOverride_DeletesCiphers( + Guid deletingUserId, List ciphers, Guid organizationId, SutProvider sutProvider) + { + var cipherIds = ciphers.Select(c => c.Id).ToArray(); + + foreach (var cipher in ciphers) + { + cipher.OrganizationId = organizationId; + } sutProvider.GetDependency() - .GetCanEditByIdAsync(deletingUserId, cipher.Id) + .GetManyByOrganizationIdAsync(organizationId) + .Returns(ciphers); + + await sutProvider.Sut.DeleteManyAsync(cipherIds, deletingUserId, organizationId, true); + + await sutProvider.GetDependency() + .Received(1) + .DeleteByIdsOrganizationIdAsync(Arg.Is>(ids => ids.Count() == cipherIds.Count() && + ids.All(id => cipherIds.Contains(id))), organizationId); + await sutProvider.GetDependency() + .Received(1) + .LogCipherEventsAsync(Arg.Any>>()); + await sutProvider.GetDependency() + .Received(1) + .PushSyncCiphersAsync(deletingUserId); + } + + [Theory] + [BitAutoData] + public async Task DeleteManyAsync_WithPersonalCipherOwner_DeletesCiphers( + Guid deletingUserId, List ciphers, SutProvider sutProvider) + { + var cipherIds = ciphers.Select(c => c.Id).ToArray(); + + foreach (var cipher in ciphers) + { + cipher.UserId = deletingUserId; + cipher.OrganizationId = null; + cipher.Edit = true; + } + + sutProvider.GetDependency() + .GetManyByUserIdAsync(deletingUserId) + .Returns(ciphers); + + await sutProvider.Sut.DeleteManyAsync(cipherIds, deletingUserId); + + await sutProvider.GetDependency() + .Received(1) + .DeleteAsync(Arg.Is>(ids => ids.Count() == cipherIds.Count() && + ids.All(id => cipherIds.Contains(id))), deletingUserId); + await sutProvider.GetDependency() + .Received(1) + .LogCipherEventsAsync(Arg.Any>>()); + await sutProvider.GetDependency() + .Received(1) + .PushSyncCiphersAsync(deletingUserId); + } + + [Theory] + [BitAutoData] + public async Task DeleteManyAsync_WithPersonalCipherBelongingToDifferentUser_DoesNotDeleteCiphers( + Guid deletingUserId, List ciphers, SutProvider sutProvider) + { + var cipherIds = ciphers.Select(c => c.Id).ToArray(); + var differentUserId = Guid.NewGuid(); + + foreach (var cipher in ciphers) + { + cipher.UserId = differentUserId; + cipher.OrganizationId = null; + } + + sutProvider.GetDependency() + .GetManyByUserIdAsync(deletingUserId) + .Returns(new List()); + + await sutProvider.Sut.DeleteManyAsync(cipherIds, deletingUserId); + + await sutProvider.GetDependency() + .Received(1) + .DeleteAsync(Arg.Is>(ids => !ids.Any()), deletingUserId); + await sutProvider.GetDependency() + .DidNotReceiveWithAnyArgs() + .LogCipherEventsAsync(Arg.Any>>()); + await sutProvider.GetDependency() + .Received(1) + .PushSyncCiphersAsync(deletingUserId); + } + + [Theory] + [OrganizationCipherCustomize] + [BitAutoData] + public async Task DeleteManyAsync_WithOrgCipherAndEditPermission_DeletesCiphers( + Guid deletingUserId, List ciphers, Guid organizationId, SutProvider sutProvider) + { + var cipherIds = ciphers.Select(c => c.Id).ToArray(); + foreach (var cipher in ciphers) + { + cipher.OrganizationId = organizationId; + cipher.Edit = true; + } + + sutProvider.GetDependency() + .GetManyByUserIdAsync(deletingUserId) + .Returns(ciphers); + + await sutProvider.Sut.DeleteManyAsync(cipherIds, deletingUserId, organizationId); + + await sutProvider.GetDependency() + .Received(1) + .DeleteAsync(Arg.Is>(ids => ids.Count() == cipherIds.Count() && ids.All(id => cipherIds.Contains(id))), deletingUserId); + await sutProvider.GetDependency() + .Received(1) + .LogCipherEventsAsync(Arg.Any>>()); + await sutProvider.GetDependency() + .Received(1) + .PushSyncCiphersAsync(deletingUserId); + } + + [Theory] + [OrganizationCipherCustomize] + [BitAutoData] + public async Task DeleteManyAsync_WithOrgCipherLackingEditPermission_DoesNotDeleteCiphers( + Guid deletingUserId, List ciphers, Guid organizationId, SutProvider sutProvider) + { + var cipherIds = ciphers.Select(c => c.Id).ToArray(); + var cipherDetailsList = ciphers.Select(c => new CipherDetails + { + Id = c.Id, + OrganizationId = organizationId, + Edit = false + }).ToList(); + + sutProvider.GetDependency() + .GetManyByUserIdAsync(deletingUserId) + .Returns(cipherDetailsList); + + await sutProvider.Sut.DeleteManyAsync(cipherIds, deletingUserId, organizationId); + + await sutProvider.GetDependency() + .Received(1) + .DeleteAsync(Arg.Is>(ids => !ids.Any()), deletingUserId); + await sutProvider.GetDependency() + .DidNotReceiveWithAnyArgs() + .LogCipherEventsAsync(Arg.Any>>()); + await sutProvider.GetDependency() + .Received(1) + .PushSyncCiphersAsync(deletingUserId); + } + + [Theory] + [OrganizationCipherCustomize] + [BitAutoData] + public async Task DeleteManyAsync_WithLimitItemDeletionEnabled_WithoutManagePermission_DoesNotDeleteCiphers( + Guid deletingUserId, List ciphers, User user, SutProvider sutProvider) + { + var organizationId = Guid.NewGuid(); + var cipherIds = ciphers.Select(c => c.Id).ToArray(); + + foreach (var cipher in ciphers) + { + cipher.OrganizationId = organizationId; + cipher.Edit = true; + cipher.Manage = false; + } + + sutProvider.GetDependency() + .IsEnabled(FeatureFlagKeys.LimitItemDeletion) + .Returns(true); + sutProvider.GetDependency() + .GetManyByUserIdAsync(deletingUserId) + .Returns(ciphers); + sutProvider.GetDependency() + .GetUserByIdAsync(deletingUserId) + .Returns(user); + sutProvider.GetDependency() + .GetOrganizationAbilitiesAsync() + .Returns(new Dictionary + { + { + organizationId, new OrganizationAbility + { + Id = organizationId, + LimitItemDeletion = true + } + } + }); + + await sutProvider.Sut.DeleteManyAsync(cipherIds, deletingUserId, organizationId); + + await sutProvider.GetDependency() + .Received(1) + .DeleteAsync(Arg.Is>(ids => !ids.Any()), deletingUserId); + await sutProvider.GetDependency() + .DidNotReceiveWithAnyArgs() + .LogCipherEventsAsync(Arg.Any>>()); + await sutProvider.GetDependency() + .Received(1) + .PushSyncCiphersAsync(deletingUserId); + } + + [Theory] + [OrganizationCipherCustomize] + [BitAutoData] + public async Task DeleteManyAsync_WithLimitItemDeletionEnabled_WithManagePermission_DeletesCiphers( + Guid deletingUserId, List ciphers, User user, SutProvider sutProvider) + { + var organizationId = Guid.NewGuid(); + var cipherIds = ciphers.Select(c => c.Id).ToArray(); + + foreach (var cipher in ciphers) + { + cipher.OrganizationId = organizationId; + cipher.Edit = false; + cipher.Manage = true; + } + + sutProvider.GetDependency() + .IsEnabled(FeatureFlagKeys.LimitItemDeletion) + .Returns(true); + sutProvider.GetDependency() + .GetManyByUserIdAsync(deletingUserId) + .Returns(ciphers); + sutProvider.GetDependency() + .GetUserByIdAsync(deletingUserId) + .Returns(user); + sutProvider.GetDependency() + .GetOrganizationAbilitiesAsync() + .Returns(new Dictionary + { + { + organizationId, new OrganizationAbility + { + Id = organizationId, + LimitItemDeletion = true + } + } + }); + + await sutProvider.Sut.DeleteManyAsync(cipherIds, deletingUserId, organizationId); + + await sutProvider.GetDependency() + .Received(1) + .DeleteAsync(Arg.Is>(ids => ids.Count() == cipherIds.Count() && + ids.All(id => cipherIds.Contains(id))), deletingUserId); + await sutProvider.GetDependency() + .Received(1) + .LogCipherEventsAsync(Arg.Any>>()); + await sutProvider.GetDependency() + .Received(1) + .PushSyncCiphersAsync(deletingUserId); + } + + [Theory] + [BitAutoData] + public async Task SoftDeleteAsync_WithPersonalCipherOwner_SoftDeletesCipher( + Guid deletingUserId, CipherDetails cipherDetails, SutProvider sutProvider) + { + cipherDetails.UserId = deletingUserId; + cipherDetails.OrganizationId = null; + cipherDetails.DeletedDate = null; + + sutProvider.GetDependency() + .GetCanEditByIdAsync(deletingUserId, cipherDetails.Id) .Returns(true); - await sutProvider.Sut.SoftDeleteAsync(cipher, deletingUserId); + await sutProvider.Sut.SoftDeleteAsync(cipherDetails, deletingUserId); - Assert.NotNull(cipher.DeletedDate); - Assert.Equal(cipher.RevisionDate, cipher.DeletedDate); - await sutProvider.GetDependency().Received(1).UpsertAsync(cipher); - await sutProvider.GetDependency().Received(1).LogCipherEventAsync(cipher, EventType.Cipher_SoftDeleted); - await sutProvider.GetDependency().Received(1).PushSyncCipherUpdateAsync(cipher, null); + Assert.NotNull(cipherDetails.DeletedDate); + Assert.Equal(cipherDetails.RevisionDate, cipherDetails.DeletedDate); + await sutProvider.GetDependency().Received(1).UpsertAsync(cipherDetails); + await sutProvider.GetDependency().Received(1).LogCipherEventAsync(cipherDetails, EventType.Cipher_SoftDeleted); + await sutProvider.GetDependency().Received(1).PushSyncCipherUpdateAsync(cipherDetails, null); } [Theory] [OrganizationCipherCustomize] [BitAutoData] public async Task SoftDeleteAsync_WithOrgCipherAndEditPermission_SoftDeletesCipher( - Guid deletingUserId, Cipher cipher, SutProvider sutProvider) + Guid deletingUserId, CipherDetails cipherDetails, SutProvider sutProvider) { - cipher.DeletedDate = null; + cipherDetails.DeletedDate = null; sutProvider.GetDependency() - .GetCanEditByIdAsync(deletingUserId, cipher.Id) + .GetCanEditByIdAsync(deletingUserId, cipherDetails.Id) .Returns(true); - await sutProvider.Sut.SoftDeleteAsync(cipher, deletingUserId); + await sutProvider.Sut.SoftDeleteAsync(cipherDetails, deletingUserId); - Assert.NotNull(cipher.DeletedDate); - Assert.Equal(cipher.DeletedDate, cipher.RevisionDate); - await sutProvider.GetDependency().Received(1).UpsertAsync(cipher); - await sutProvider.GetDependency().Received(1).LogCipherEventAsync(cipher, EventType.Cipher_SoftDeleted); - await sutProvider.GetDependency().Received(1).PushSyncCipherUpdateAsync(cipher, null); + Assert.NotNull(cipherDetails.DeletedDate); + Assert.Equal(cipherDetails.RevisionDate, cipherDetails.DeletedDate); + await sutProvider.GetDependency().Received(1).UpsertAsync(cipherDetails); + await sutProvider.GetDependency().Received(1).LogCipherEventAsync(cipherDetails, EventType.Cipher_SoftDeleted); + await sutProvider.GetDependency().Received(1).PushSyncCipherUpdateAsync(cipherDetails, null); } [Theory] [BitAutoData] public async Task SoftDeleteAsync_WithPersonalCipherBelongingToDifferentUser_ThrowsBadRequestException( - Guid deletingUserId, Cipher cipher, SutProvider sutProvider) + Guid deletingUserId, CipherDetails cipherDetails, SutProvider sutProvider) { - cipher.UserId = Guid.NewGuid(); - cipher.OrganizationId = null; + cipherDetails.UserId = Guid.NewGuid(); + cipherDetails.OrganizationId = null; sutProvider.GetDependency() - .GetCanEditByIdAsync(deletingUserId, cipher.Id) + .GetCanEditByIdAsync(deletingUserId, cipherDetails.Id) .Returns(false); var exception = await Assert.ThrowsAsync( - () => sutProvider.Sut.SoftDeleteAsync(cipher, deletingUserId)); + () => sutProvider.Sut.SoftDeleteAsync(cipherDetails, deletingUserId)); Assert.Contains("do not have permissions", exception.Message); } @@ -1260,51 +1917,395 @@ public class CipherServiceTests [OrganizationCipherCustomize] [BitAutoData] public async Task SoftDeleteAsync_WithOrgCipherLackingEditPermission_ThrowsBadRequestException( - Guid deletingUserId, Cipher cipher, SutProvider sutProvider) + Guid deletingUserId, CipherDetails cipherDetails, SutProvider sutProvider) { sutProvider.GetDependency() - .GetCanEditByIdAsync(deletingUserId, cipher.Id) + .GetCanEditByIdAsync(deletingUserId, cipherDetails.Id) .Returns(false); var exception = await Assert.ThrowsAsync( - () => sutProvider.Sut.SoftDeleteAsync(cipher, deletingUserId)); + () => sutProvider.Sut.SoftDeleteAsync(cipherDetails, deletingUserId)); Assert.Contains("do not have permissions", exception.Message); } [Theory] [BitAutoData] - public async Task SoftDeleteAsync_WithCipherDetailsType_SoftDeletesCipherDetails( - Guid deletingUserId, CipherDetails cipher, SutProvider sutProvider) + public async Task SoftDeleteAsync_WithEditPermission_SoftDeletesCipherDetails( + Guid deletingUserId, CipherDetails cipherDetails, SutProvider sutProvider) { - cipher.DeletedDate = null; + cipherDetails.DeletedDate = null; - await sutProvider.Sut.SoftDeleteAsync(cipher, deletingUserId, true); + await sutProvider.Sut.SoftDeleteAsync(cipherDetails, deletingUserId, true); - Assert.NotNull(cipher.DeletedDate); - Assert.Equal(cipher.DeletedDate, cipher.RevisionDate); - await sutProvider.GetDependency().Received(1).UpsertAsync(cipher); - await sutProvider.GetDependency().Received(1).LogCipherEventAsync(cipher, EventType.Cipher_SoftDeleted); - await sutProvider.GetDependency().Received(1).PushSyncCipherUpdateAsync(cipher, null); + Assert.NotNull(cipherDetails.DeletedDate); + Assert.Equal(cipherDetails.RevisionDate, cipherDetails.DeletedDate); + await sutProvider.GetDependency().Received(1).UpsertAsync(cipherDetails); + await sutProvider.GetDependency().Received(1).LogCipherEventAsync(cipherDetails, EventType.Cipher_SoftDeleted); + await sutProvider.GetDependency().Received(1).PushSyncCipherUpdateAsync(cipherDetails, null); } [Theory] [BitAutoData] public async Task SoftDeleteAsync_WithAlreadySoftDeletedCipher_SkipsOperation( - Guid deletingUserId, Cipher cipher, SutProvider sutProvider) + Guid deletingUserId, CipherDetails cipherDetails, SutProvider sutProvider) { sutProvider.GetDependency() - .GetCanEditByIdAsync(deletingUserId, cipher.Id) + .GetCanEditByIdAsync(deletingUserId, cipherDetails.Id) .Returns(true); - cipher.DeletedDate = DateTime.UtcNow.AddDays(-1); + cipherDetails.DeletedDate = DateTime.UtcNow.AddDays(-1); - await sutProvider.Sut.SoftDeleteAsync(cipher, deletingUserId); + await sutProvider.Sut.SoftDeleteAsync(cipherDetails, deletingUserId); await sutProvider.GetDependency().DidNotReceive().UpsertAsync(Arg.Any()); await sutProvider.GetDependency().DidNotReceive().LogCipherEventAsync(Arg.Any(), Arg.Any()); await sutProvider.GetDependency().DidNotReceive().PushSyncCipherUpdateAsync(Arg.Any(), Arg.Any>()); } + [Theory] + [OrganizationCipherCustomize] + [BitAutoData] + public async Task SoftDeleteAsync_WithOrgAdminOverride_SoftDeletesCipher( + Guid deletingUserId, CipherDetails cipherDetails, SutProvider sutProvider) + { + cipherDetails.DeletedDate = null; + + await sutProvider.Sut.SoftDeleteAsync(cipherDetails, deletingUserId, true); + + await sutProvider.GetDependency().Received(1).UpsertAsync(cipherDetails); + await sutProvider.GetDependency().Received(1).LogCipherEventAsync(cipherDetails, EventType.Cipher_SoftDeleted); + await sutProvider.GetDependency().Received(1).PushSyncCipherUpdateAsync(cipherDetails, null); + } + + [Theory] + [OrganizationCipherCustomize] + [BitAutoData] + public async Task SoftDeleteAsync_WithLimitItemDeletionEnabled_WithManagePermission_SoftDeletesCipher( + Guid deletingUserId, CipherDetails cipherDetails, User user, SutProvider sutProvider) + { + cipherDetails.OrganizationId = Guid.NewGuid(); + cipherDetails.DeletedDate = null; + cipherDetails.Edit = false; + cipherDetails.Manage = true; + + sutProvider.GetDependency() + .IsEnabled(FeatureFlagKeys.LimitItemDeletion) + .Returns(true); + sutProvider.GetDependency() + .GetUserByIdAsync(deletingUserId) + .Returns(user); + sutProvider.GetDependency() + .GetOrganizationAbilityAsync(cipherDetails.OrganizationId.Value) + .Returns(new OrganizationAbility + { + Id = cipherDetails.OrganizationId.Value, + LimitItemDeletion = true + }); + + await sutProvider.Sut.SoftDeleteAsync(cipherDetails, deletingUserId); + + Assert.NotNull(cipherDetails.DeletedDate); + Assert.Equal(cipherDetails.RevisionDate, cipherDetails.DeletedDate); + await sutProvider.GetDependency().Received(1).UpsertAsync(cipherDetails); + await sutProvider.GetDependency().Received(1).LogCipherEventAsync(cipherDetails, EventType.Cipher_SoftDeleted); + await sutProvider.GetDependency().Received(1).PushSyncCipherUpdateAsync(cipherDetails, null); + } + + [Theory] + [OrganizationCipherCustomize] + [BitAutoData] + public async Task SoftDeleteAsync_WithLimitItemDeletionEnabled_WithoutManagePermission_ThrowsBadRequestException( + Guid deletingUserId, CipherDetails cipherDetails, User user, SutProvider sutProvider) + { + cipherDetails.OrganizationId = Guid.NewGuid(); + cipherDetails.DeletedDate = null; + cipherDetails.Edit = true; + cipherDetails.Manage = false; + + sutProvider.GetDependency() + .IsEnabled(FeatureFlagKeys.LimitItemDeletion) + .Returns(true); + sutProvider.GetDependency() + .GetUserByIdAsync(deletingUserId) + .Returns(user); + sutProvider.GetDependency() + .GetOrganizationAbilityAsync(cipherDetails.OrganizationId.Value) + .Returns(new OrganizationAbility + { + Id = cipherDetails.OrganizationId.Value, + LimitItemDeletion = true + }); + + var exception = await Assert.ThrowsAsync( + () => sutProvider.Sut.SoftDeleteAsync(cipherDetails, deletingUserId)); + + Assert.Contains("do not have permissions", exception.Message); + await sutProvider.GetDependency().DidNotReceiveWithAnyArgs().UpsertAsync(default); + await sutProvider.GetDependency().DidNotReceiveWithAnyArgs().LogCipherEventAsync(default, default); + await sutProvider.GetDependency().DidNotReceiveWithAnyArgs().PushSyncCipherUpdateAsync(default, default); + } + + [Theory] + [OrganizationCipherCustomize] + [BitAutoData] + public async Task SoftDeleteManyAsync_WithOrgAdminOverride_SoftDeletesCiphers( + Guid deletingUserId, List ciphers, Guid organizationId, SutProvider sutProvider) + { + var cipherIds = ciphers.Select(c => c.Id).ToArray(); + + foreach (var cipher in ciphers) + { + cipher.OrganizationId = organizationId; + } + + sutProvider.GetDependency() + .GetManyByOrganizationIdAsync(organizationId) + .Returns(ciphers); + + await sutProvider.Sut.SoftDeleteManyAsync(cipherIds, deletingUserId, organizationId, true); + + await sutProvider.GetDependency() + .Received(1) + .SoftDeleteByIdsOrganizationIdAsync(Arg.Is>(ids => ids.Count() == cipherIds.Count() && + ids.All(id => cipherIds.Contains(id))), organizationId); + await sutProvider.GetDependency() + .Received(1) + .LogCipherEventsAsync(Arg.Any>>()); + await sutProvider.GetDependency() + .Received(1) + .PushSyncCiphersAsync(deletingUserId); + } + + [Theory] + [BitAutoData] + public async Task SoftDeleteManyAsync_WithPersonalCipherOwner_SoftDeletesCiphers( + Guid deletingUserId, List ciphers, SutProvider sutProvider) + { + var cipherIds = ciphers.Select(c => c.Id).ToArray(); + + foreach (var cipher in ciphers) + { + cipher.UserId = deletingUserId; + cipher.OrganizationId = null; + cipher.Edit = true; + cipher.DeletedDate = null; + } + + sutProvider.GetDependency() + .GetManyByUserIdAsync(deletingUserId) + .Returns(ciphers); + + await sutProvider.Sut.SoftDeleteManyAsync(cipherIds, deletingUserId, null, false); + + await sutProvider.GetDependency() + .Received(1) + .SoftDeleteAsync(Arg.Is>(ids => ids.Count() == cipherIds.Count() && + ids.All(id => cipherIds.Contains(id))), deletingUserId); + await sutProvider.GetDependency() + .Received(1) + .LogCipherEventsAsync(Arg.Any>>()); + await sutProvider.GetDependency() + .Received(1) + .PushSyncCiphersAsync(deletingUserId); + } + + [Theory] + [BitAutoData] + public async Task SoftDeleteManyAsync_WithPersonalCipherBelongingToDifferentUser_DoesNotDeleteCiphers( + Guid deletingUserId, List ciphers, SutProvider sutProvider) + { + var cipherIds = ciphers.Select(c => c.Id).ToArray(); + var differentUserId = Guid.NewGuid(); + + foreach (var cipher in ciphers) + { + cipher.UserId = differentUserId; + cipher.OrganizationId = null; + } + + sutProvider.GetDependency() + .GetManyByUserIdAsync(deletingUserId) + .Returns(new List()); + + await sutProvider.Sut.SoftDeleteManyAsync(cipherIds, deletingUserId, null, false); + + await sutProvider.GetDependency() + .Received(1) + .SoftDeleteAsync(Arg.Is>(ids => !ids.Any()), deletingUserId); + await sutProvider.GetDependency() + .DidNotReceiveWithAnyArgs() + .LogCipherEventsAsync(Arg.Any>>()); + await sutProvider.GetDependency() + .Received(1) + .PushSyncCiphersAsync(deletingUserId); + } + + [Theory] + [OrganizationCipherCustomize] + [BitAutoData] + public async Task SoftDeleteManyAsync_WithOrgCipherAndEditPermission_SoftDeletesCiphers( + Guid deletingUserId, List ciphers, Guid organizationId, SutProvider sutProvider) + { + var cipherIds = ciphers.Select(c => c.Id).ToArray(); + foreach (var cipher in ciphers) + { + cipher.OrganizationId = organizationId; + cipher.Edit = true; + cipher.DeletedDate = null; + } + + sutProvider.GetDependency() + .GetManyByUserIdAsync(deletingUserId) + .Returns(ciphers); + + await sutProvider.Sut.SoftDeleteManyAsync(cipherIds, deletingUserId, organizationId, false); + + await sutProvider.GetDependency() + .Received(1) + .SoftDeleteAsync(Arg.Is>(ids => ids.Count() == cipherIds.Count() && ids.All(id => cipherIds.Contains(id))), deletingUserId); + await sutProvider.GetDependency() + .Received(1) + .LogCipherEventsAsync(Arg.Any>>()); + await sutProvider.GetDependency() + .Received(1) + .PushSyncCiphersAsync(deletingUserId); + } + + [Theory] + [OrganizationCipherCustomize] + [BitAutoData] + public async Task SoftDeleteManyAsync_WithOrgCipherLackingEditPermission_DoesNotDeleteCiphers( + Guid deletingUserId, List ciphers, Guid organizationId, SutProvider sutProvider) + { + var cipherIds = ciphers.Select(c => c.Id).ToArray(); + var cipherDetailsList = ciphers.Select(c => new CipherDetails + { + Id = c.Id, + OrganizationId = organizationId, + Edit = false + }).ToList(); + + sutProvider.GetDependency() + .GetManyByUserIdAsync(deletingUserId) + .Returns(cipherDetailsList); + + await sutProvider.Sut.SoftDeleteManyAsync(cipherIds, deletingUserId, organizationId, false); + + await sutProvider.GetDependency() + .Received(1) + .SoftDeleteAsync(Arg.Is>(ids => !ids.Any()), deletingUserId); + await sutProvider.GetDependency() + .DidNotReceiveWithAnyArgs() + .LogCipherEventsAsync(Arg.Any>>()); + await sutProvider.GetDependency() + .Received(1) + .PushSyncCiphersAsync(deletingUserId); + } + + [Theory] + [OrganizationCipherCustomize] + [BitAutoData] + public async Task SoftDeleteManyAsync_WithLimitItemDeletionEnabled_WithoutManagePermission_DoesNotDeleteCiphers( + Guid deletingUserId, List ciphers, User user, SutProvider sutProvider) + { + var organizationId = Guid.NewGuid(); + var cipherIds = ciphers.Select(c => c.Id).ToArray(); + + foreach (var cipher in ciphers) + { + cipher.OrganizationId = organizationId; + cipher.Edit = true; + cipher.Manage = false; + } + + sutProvider.GetDependency() + .IsEnabled(FeatureFlagKeys.LimitItemDeletion) + .Returns(true); + sutProvider.GetDependency() + .GetManyByUserIdAsync(deletingUserId) + .Returns(ciphers); + sutProvider.GetDependency() + .GetUserByIdAsync(deletingUserId) + .Returns(user); + sutProvider.GetDependency() + .GetOrganizationAbilitiesAsync() + .Returns(new Dictionary + { + { + organizationId, new OrganizationAbility + { + Id = organizationId, + LimitItemDeletion = true + } + } + }); + + await sutProvider.Sut.SoftDeleteManyAsync(cipherIds, deletingUserId, organizationId, false); + + await sutProvider.GetDependency() + .Received(1) + .SoftDeleteAsync(Arg.Is>(ids => !ids.Any()), deletingUserId); + await sutProvider.GetDependency() + .DidNotReceiveWithAnyArgs() + .LogCipherEventsAsync(Arg.Any>>()); + await sutProvider.GetDependency() + .Received(1) + .PushSyncCiphersAsync(deletingUserId); + } + + [Theory] + [OrganizationCipherCustomize] + [BitAutoData] + public async Task SoftDeleteManyAsync_WithLimitItemDeletionEnabled_WithManagePermission_SoftDeletesCiphers( + Guid deletingUserId, List ciphers, User user, SutProvider sutProvider) + { + var organizationId = Guid.NewGuid(); + var cipherIds = ciphers.Select(c => c.Id).ToArray(); + + foreach (var cipher in ciphers) + { + cipher.OrganizationId = organizationId; + cipher.Edit = false; + cipher.Manage = true; + cipher.DeletedDate = null; + } + + sutProvider.GetDependency() + .IsEnabled(FeatureFlagKeys.LimitItemDeletion) + .Returns(true); + sutProvider.GetDependency() + .GetManyByUserIdAsync(deletingUserId) + .Returns(ciphers); + sutProvider.GetDependency() + .GetUserByIdAsync(deletingUserId) + .Returns(user); + sutProvider.GetDependency() + .GetOrganizationAbilitiesAsync() + .Returns(new Dictionary + { + { + organizationId, new OrganizationAbility + { + Id = organizationId, + LimitItemDeletion = true + } + } + }); + + await sutProvider.Sut.SoftDeleteManyAsync(cipherIds, deletingUserId, organizationId, false); + + await sutProvider.GetDependency() + .Received(1) + .SoftDeleteAsync(Arg.Is>(ids => ids.Count() == cipherIds.Count() && + ids.All(id => cipherIds.Contains(id))), deletingUserId); + await sutProvider.GetDependency() + .Received(1) + .LogCipherEventsAsync(Arg.Any>>()); + await sutProvider.GetDependency() + .Received(1) + .PushSyncCiphersAsync(deletingUserId); + } + private async Task AssertNoActionsAsync(SutProvider sutProvider) { await sutProvider.GetDependency().DidNotReceiveWithAnyArgs().GetManyOrganizationDetailsByOrganizationIdAsync(default);