[PM-14439] Add PolicyRequirementQuery for enforcement logic (#5336)

* Add PolicyRequirementQuery, helpers and models in preparation for migrating domain code Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
2025-07-04 01:22:50 -05:00 · 2025-02-14 21:05:49 +10:00
parent 54d59b3b92
commit f4341b2f3b
14 changed files with 795 additions and 0 deletions
--- a/src/Infrastructure.EntityFramework/AdminConsole/Repositories/PolicyRepository.cs
+++ b/src/Infrastructure.EntityFramework/AdminConsole/Repositories/PolicyRepository.cs
@ -1,6 +1,8 @@
 using AutoMapper;
 using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
 using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.Enums;
 using Bit.Infrastructure.EntityFramework.AdminConsole.Models;
 using Bit.Infrastructure.EntityFramework.AdminConsole.Repositories.Queries;
 using Bit.Infrastructure.EntityFramework.Repositories;
@ -50,4 +52,43 @@ public class PolicyRepository : Repository<AdminConsoleEntities.Policy, Policy,
            return Mapper.Map<List<AdminConsoleEntities.Policy>>(results);
        }
    }
+
+    public async Task<IEnumerable<PolicyDetails>> GetPolicyDetailsByUserId(Guid userId)
+    {
+        using var scope = ServiceScopeFactory.CreateScope();
+        var dbContext = GetDatabaseContext(scope);
+
+        var providerOrganizations = from pu in dbContext.ProviderUsers
+                                    where pu.UserId == userId
+                                    join po in dbContext.ProviderOrganizations
+                                        on pu.ProviderId equals po.ProviderId
+                                    select po;
+
+        var query = from p in dbContext.Policies
+                    join ou in dbContext.OrganizationUsers
+                        on p.OrganizationId equals ou.OrganizationId
+                    join o in dbContext.Organizations
+                        on p.OrganizationId equals o.Id
+                    where
+                        p.Enabled &&
+                        o.Enabled &&
+                        o.UsePolicies &&
+                        (
+                            (ou.Status != OrganizationUserStatusType.Invited && ou.UserId == userId) ||
+                            // Invited orgUsers do not have a UserId associated with them, so we have to match up their email
+                            (ou.Status == OrganizationUserStatusType.Invited && ou.Email == dbContext.Users.Find(userId).Email)
+                        )
+                    select new PolicyDetails
+                    {
+                        OrganizationUserId = ou.Id,
+                        OrganizationId = p.OrganizationId,
+                        PolicyType = p.Type,
+                        PolicyData = p.Data,
+                        OrganizationUserType = ou.Type,
+                        OrganizationUserStatus = ou.Status,
+                        OrganizationUserPermissionsData = ou.Permissions,
+                        IsProvider = providerOrganizations.Any(po => po.OrganizationId == p.OrganizationId)
+                    };
+        return await query.ToListAsync();
+    }
 }