nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 05:00:19 -05:00
Code

[PM-10292] Remove Flexible Collections v1 from Core (#4579)

Browse Source 
* chore: remove fc v1 from OrganizationService, refs PM-10292

* chore: remove fc v1 from CollectionService, refs PM-10292

* chore: remove fc v1 from OrganizationCiphersQuery, refs PM-10292

* fix: update CollectionServiceTests, refs PM-10292
This commit is contained in:
Vincent Salucci 2024-08-06 11:14:16 -05:00 committed by GitHub
parent 7d48102865
commit f49fb3a891
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 10 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/Core/AdminConsole/Services/Implementations/OrganizationService.cs
View File

@ -437,9 +437,6 @@ public class OrganizationService : IOrganizationService
ValidatePlan(plan, signup.AdditionalSeats, "Password Manager"); ValidatePlan(plan, signup.AdditionalSeats, "Password Manager");
var flexibleCollectionsV1Enabled =
_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1);
var organization = new Organization var organization = new Organization
{ {
// Pre-generate the org id so that we can save it with the Stripe subscription. // Pre-generate the org id so that we can save it with the Stripe subscription.
@ -476,10 +473,6 @@ public class OrganizationService : IOrganizationService
UsePasswordManager = true, UsePasswordManager = true,
// Secrets Manager not available for purchase with Consolidated Billing. // Secrets Manager not available for purchase with Consolidated Billing.
UseSecretsManager = false, UseSecretsManager = false,
// This is a transitional setting that defaults to ON until Flexible Collections v1 is released
// (to preserve existing behavior) and defaults to OFF after release (enabling new behavior)
AllowAdminAccessToAllCollectionItems = !flexibleCollectionsV1Enabled
}; };
var returnValue = await SignUpAsync(organization, default, signup.OwnerKey, signup.CollectionName, false); var returnValue = await SignUpAsync(organization, default, signup.OwnerKey, signup.CollectionName, false);
@ -522,9 +515,6 @@ public class OrganizationService : IOrganizationService
await ValidateSignUpPoliciesAsync(signup.Owner.Id); await ValidateSignUpPoliciesAsync(signup.Owner.Id);
} }
var flexibleCollectionsV1IsEnabled =
_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1);
var organization = new Organization var organization = new Organization
{ {
// Pre-generate the org id so that we can save it with the Stripe subscription.. // Pre-generate the org id so that we can save it with the Stripe subscription..
@ -561,11 +551,7 @@ public class OrganizationService : IOrganizationService
RevisionDate = DateTime.UtcNow, RevisionDate = DateTime.UtcNow,
Status = OrganizationStatusType.Created, Status = OrganizationStatusType.Created,
UsePasswordManager = true, UsePasswordManager = true,
UseSecretsManager = signup.UseSecretsManager, UseSecretsManager = signup.UseSecretsManager
// This is a transitional setting that defaults to ON until Flexible Collections v1 is released
// (to preserve existing behavior) and defaults to OFF after release (enabling new behavior)
AllowAdminAccessToAllCollectionItems = !flexibleCollectionsV1IsEnabled
}; };
if (signup.UseSecretsManager) if (signup.UseSecretsManager)

20
src/Core/Services/Implementations/CollectionService.cs
View File

@ -17,7 +17,6 @@ public class CollectionService : ICollectionService
private readonly ICollectionRepository _collectionRepository; private readonly ICollectionRepository _collectionRepository;
private readonly IReferenceEventService _referenceEventService; private readonly IReferenceEventService _referenceEventService;
private readonly ICurrentContext _currentContext; private readonly ICurrentContext _currentContext;
private readonly IFeatureService _featureService;
public CollectionService( public CollectionService(
IEventService eventService, IEventService eventService,
@ -25,8 +24,7 @@ public class CollectionService : ICollectionService
IOrganizationUserRepository organizationUserRepository, IOrganizationUserRepository organizationUserRepository,
ICollectionRepository collectionRepository, ICollectionRepository collectionRepository,
IReferenceEventService referenceEventService, IReferenceEventService referenceEventService,
ICurrentContext currentContext, ICurrentContext currentContext)
IFeatureService featureService)
{ {
_eventService = eventService; _eventService = eventService;
_organizationRepository = organizationRepository; _organizationRepository = organizationRepository;
@ -34,7 +32,6 @@ public class CollectionService : ICollectionService
_collectionRepository = collectionRepository; _collectionRepository = collectionRepository;
_referenceEventService = referenceEventService; _referenceEventService = referenceEventService;
_currentContext = currentContext; _currentContext = currentContext;
_featureService = featureService;
} }
public async Task SaveAsync(Collection collection, IEnumerable<CollectionAccessSelection> groups = null, public async Task SaveAsync(Collection collection, IEnumerable<CollectionAccessSelection> groups = null,
@ -56,16 +53,13 @@ public class CollectionService : ICollectionService
throw new BadRequestException("The Manage property is mutually exclusive and cannot be true while the ReadOnly or HidePasswords properties are also true."); throw new BadRequestException("The Manage property is mutually exclusive and cannot be true while the ReadOnly or HidePasswords properties are also true.");
} }
// If using Flexible Collections V1 - a collection should always have someone with Can Manage permissions // A collection should always have someone with Can Manage permissions
if (_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1)) var groupHasManageAccess = groupsList?.Any(g => g.Manage) ?? false;
var userHasManageAccess = usersList?.Any(u => u.Manage) ?? false;
if (!groupHasManageAccess && !userHasManageAccess && !org.AllowAdminAccessToAllCollectionItems)
{ {
var groupHasManageAccess = groupsList?.Any(g => g.Manage) ?? false; throw new BadRequestException(
var userHasManageAccess = usersList?.Any(u => u.Manage) ?? false; "At least one member or group must have can manage permission.");
if (!groupHasManageAccess && !userHasManageAccess && !org.AllowAdminAccessToAllCollectionItems)
{
throw new BadRequestException(
"At least one member or group must have can manage permission.");
}
} }
if (collection.Id == default(Guid)) if (collection.Id == default(Guid))

28
src/Core/Vault/Queries/OrganizationCiphersQuery.cs
View File

@ -1,6 +1,4 @@
using Bit.Core.Exceptions; using Bit.Core.Repositories;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Bit.Core.Vault.Models.Data; using Bit.Core.Vault.Models.Data;
using Bit.Core.Vault.Repositories; using Bit.Core.Vault.Repositories;
@ -10,15 +8,11 @@ public class OrganizationCiphersQuery : IOrganizationCiphersQuery
{ {
private readonly ICipherRepository _cipherRepository; private readonly ICipherRepository _cipherRepository;
private readonly ICollectionCipherRepository _collectionCipherRepository; private readonly ICollectionCipherRepository _collectionCipherRepository;
private readonly IFeatureService _featureService;
private bool FlexibleCollectionsV1Enabled => _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1); public OrganizationCiphersQuery(ICipherRepository cipherRepository, ICollectionCipherRepository collectionCipherRepository)
public OrganizationCiphersQuery(ICipherRepository cipherRepository, ICollectionCipherRepository collectionCipherRepository, IFeatureService featureService)
{ {
_cipherRepository = cipherRepository; _cipherRepository = cipherRepository;
_collectionCipherRepository = collectionCipherRepository; _collectionCipherRepository = collectionCipherRepository;
_featureService = featureService;
} }
/// <summary> /// <summary>
@ -26,12 +20,6 @@ public class OrganizationCiphersQuery : IOrganizationCiphersQuery
/// </summary> /// </summary>
public async Task<IEnumerable<CipherDetailsWithCollections>> GetOrganizationCiphersForUser(Guid organizationId, Guid userId) public async Task<IEnumerable<CipherDetailsWithCollections>> GetOrganizationCiphersForUser(Guid organizationId, Guid userId)
{ {
if (!FlexibleCollectionsV1Enabled)
{
// Flexible collections is OFF, should not be using this query
throw new FeatureUnavailableException("Flexible collections is OFF when it should be ON.");
}
var ciphers = await _cipherRepository.GetManyByUserIdAsync(userId, withOrganizations: true); var ciphers = await _cipherRepository.GetManyByUserIdAsync(userId, withOrganizations: true);
var orgCiphers = ciphers.Where(c => c.OrganizationId == organizationId).ToList(); var orgCiphers = ciphers.Where(c => c.OrganizationId == organizationId).ToList();
var orgCipherIds = orgCiphers.Select(c => c.Id); var orgCipherIds = orgCiphers.Select(c => c.Id);
@ -50,12 +38,6 @@ public class OrganizationCiphersQuery : IOrganizationCiphersQuery
/// <param name="organizationId"></param> /// <param name="organizationId"></param>
public async Task<IEnumerable<CipherOrganizationDetailsWithCollections>> GetAllOrganizationCiphers(Guid organizationId) public async Task<IEnumerable<CipherOrganizationDetailsWithCollections>> GetAllOrganizationCiphers(Guid organizationId)
{ {
if (!FlexibleCollectionsV1Enabled)
{
// Flexible collections is OFF, should not be using this query
throw new FeatureUnavailableException("Flexible collections is OFF when it should be ON.");
}
var orgCiphers = await _cipherRepository.GetManyOrganizationDetailsByOrganizationIdAsync(organizationId); var orgCiphers = await _cipherRepository.GetManyOrganizationDetailsByOrganizationIdAsync(organizationId);
var collectionCiphers = await _collectionCipherRepository.GetManyByOrganizationIdAsync(organizationId); var collectionCiphers = await _collectionCipherRepository.GetManyByOrganizationIdAsync(organizationId);
var collectionCiphersGroupDict = collectionCiphers.GroupBy(c => c.CipherId).ToDictionary(s => s.Key); var collectionCiphersGroupDict = collectionCiphers.GroupBy(c => c.CipherId).ToDictionary(s => s.Key);
@ -68,12 +50,6 @@ public class OrganizationCiphersQuery : IOrganizationCiphersQuery
/// </summary> /// </summary>
public async Task<IEnumerable<CipherOrganizationDetails>> GetUnassignedOrganizationCiphers(Guid organizationId) public async Task<IEnumerable<CipherOrganizationDetails>> GetUnassignedOrganizationCiphers(Guid organizationId)
{ {
if (!FlexibleCollectionsV1Enabled)
{
// Flexible collections is OFF, should not be using this query
throw new FeatureUnavailableException("Flexible collections is OFF when it should be ON.");
}
return await _cipherRepository.GetManyUnassignedOrganizationDetailsByOrganizationIdAsync(organizationId); return await _cipherRepository.GetManyUnassignedOrganizationDetailsByOrganizationIdAsync(organizationId);
} }
} }

3
test/Core.Test/Services/CollectionServiceTests.cs
View File

@ -113,9 +113,6 @@ public class CollectionServiceTest
{ {
collection.Id = default; collection.Id = default;
sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization); sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
sutProvider.GetDependency<IFeatureService>()
.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1, Arg.Any<bool>())
.Returns(true);
organization.AllowAdminAccessToAllCollectionItems = false; organization.AllowAdminAccessToAllCollectionItems = false;
var ex = await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.SaveAsync(collection, null, users)); var ex = await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.SaveAsync(collection, null, users));