admin subvault updates for cipher

src/Core/Models/Api/Request/CipherRequestModel.cs

@@ -84,18 +84,9 @@ namespace Bit.Core.Models.Api
         }
     }
 
-    public class CipherSubvaultsRequestModel : IValidatableObject
+    public class CipherSubvaultsRequestModel
     {
         [Required]
         public IEnumerable<string> SubvaultIds { get; set; }
-
-        public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
-        {
-            if(!SubvaultIds?.Any() ?? false)
-            {
-                yield return new ValidationResult("You must select at least one subvault.",
-                    new string[] { nameof(SubvaultIds) });
-            }
-        }
     }
 }

src/Core/Models/Data/SubvaultUserPermissions.cs

@@ -1,10 +0,0 @@
-using System;
-
-namespace Bit.Core.Models.Data
-{
-    public class SubvaultUserPermissions
-    {
-        public Guid SubvaultId { get; set; }
-        public bool ReadOnly { get; set; }
-    }
-}

src/Core/Repositories/ISubvaultCipherRepository.cs

@@ -11,5 +11,6 @@ namespace Bit.Core.Repositories
         Task<ICollection<SubvaultCipher>> GetManyByOrganizationIdAsync(Guid organizationId);
         Task<ICollection<SubvaultCipher>> GetManyByUserIdCipherIdAsync(Guid userId, Guid cipherId);
         Task UpdateSubvaultsAsync(Guid cipherId, Guid userId, IEnumerable<Guid> subvaultIds);
+        Task UpdateSubvaultsForAdminAsync(Guid cipherId, Guid organizationId, IEnumerable<Guid> subvaultIds);
     }
 }

src/Core/Repositories/ISubvaultUserRepository.cs

@@ -11,8 +11,6 @@ namespace Bit.Core.Repositories
         Task<ICollection<SubvaultUser>> GetManyByOrganizationUserIdAsync(Guid orgUserId);
         Task<ICollection<SubvaultUserSubvaultDetails>> GetManyDetailsByUserIdAsync(Guid userId);
         Task<ICollection<SubvaultUserUserDetails>> GetManyDetailsBySubvaultIdAsync(Guid subvaultId);
-        Task<ICollection<SubvaultUserPermissions>> GetPermissionsByUserIdAsync(Guid userId, IEnumerable<Guid> subvaultIds,
-            Guid organizationId);
         Task<bool> GetCanEditByUserIdCipherIdAsync(Guid userId, Guid cipherId);
     }
 }

src/Core/Repositories/SqlServer/SubvaultCipherRepository.cs

@@ -69,5 +69,16 @@ namespace Bit.Core.Repositories.SqlServer
                     commandType: CommandType.StoredProcedure);
             }
         }
+
+        public async Task UpdateSubvaultsForAdminAsync(Guid cipherId, Guid organizationId, IEnumerable<Guid> subvaultIds)
+        {
+            using(var connection = new SqlConnection(ConnectionString))
+            {
+                var results = await connection.ExecuteAsync(
+                    "[dbo].[SubvaultCipher_UpdateSubvaultsAdmin]",
+                    new { CipherId = cipherId, OrganizationId = organizationId, SubvaultIds = subvaultIds.ToGuidIdArrayTVP() },
+                    commandType: CommandType.StoredProcedure);
+            }
+        }
     }
 }

src/Core/Repositories/SqlServer/SubvaultUserRepository.cs

@@ -7,7 +7,6 @@ using System.Data.SqlClient;
 using Dapper;
 using System.Linq;
 using Bit.Core.Models.Data;
-using Bit.Core.Utilities;
 
 namespace Bit.Core.Repositories.SqlServer
 {
@@ -60,20 +59,6 @@ namespace Bit.Core.Repositories.SqlServer
             }
         }
 
-        public async Task<ICollection<SubvaultUserPermissions>> GetPermissionsByUserIdAsync(Guid userId,
-            IEnumerable<Guid> subvaultIds, Guid organizationId)
-        {
-            using(var connection = new SqlConnection(ConnectionString))
-            {
-                var results = await connection.QueryAsync<SubvaultUserPermissions>(
-                    $"[{Schema}].[SubvaultUser_ReadPermissionsBySubvaultUserId]",
-                    new { UserId = userId, SubvaultIds = subvaultIds.ToGuidIdArrayTVP(), OrganizationId = organizationId },
-                    commandType: CommandType.StoredProcedure);
-
-                return results.ToList();
-            }
-        }
-
         public async Task<bool> GetCanEditByUserIdCipherIdAsync(Guid userId, Guid cipherId)
         {
             using(var connection = new SqlConnection(ConnectionString))

src/Core/Services/ICipherService.cs

@@ -14,7 +14,7 @@ namespace Bit.Core.Services
         Task SaveFolderAsync(Folder folder);
         Task DeleteFolderAsync(Folder folder);
         Task ShareAsync(Cipher cipher, Guid organizationId, IEnumerable<Guid> subvaultIds, Guid userId);
-        Task SaveSubvaultsAsync(Cipher cipher, IEnumerable<Guid> subvaultIds, Guid savingUserId);
+        Task SaveSubvaultsAsync(Cipher cipher, IEnumerable<Guid> subvaultIds, Guid savingUserId, bool orgAdmin);
         Task ImportCiphersAsync(List<Folder> folders, List<CipherDetails> ciphers,
             IEnumerable<KeyValuePair<int, int>> folderRelationships);
     }

src/Core/Services/Implementations/CipherService.cs

@@ -132,27 +132,17 @@ namespace Bit.Core.Services
                 throw new NotFoundException();
             }
 
-            // We do not need to check if the user belongs to this organization since this call will return no subvaults
-            // and therefore be caught by the .Any() check below.
-            var subvaultUserDetails = await _subvaultUserRepository.GetPermissionsByUserIdAsync(sharingUserId, subvaultIds,
-                organizationId);
-
-            var writeableSubvaults = subvaultUserDetails.Where(s => !s.ReadOnly).Select(s => s.SubvaultId);
-            if(!writeableSubvaults.Any())
-            {
-                throw new BadRequestException("No subvaults.");
-            }
-
-            cipher.UserId = null;
+            // Sproc will not save this UserId on the cipher. It is used limit scope of the subvaultIds.
+            cipher.UserId = sharingUserId;
             cipher.OrganizationId = organizationId;
             cipher.RevisionDate = DateTime.UtcNow;
-            await _cipherRepository.ReplaceAsync(cipher, writeableSubvaults);
+            await _cipherRepository.ReplaceAsync(cipher, subvaultIds);
 
             // push
             //await _pushService.PushSyncCipherUpdateAsync(cipher);
         }
 
-        public async Task SaveSubvaultsAsync(Cipher cipher, IEnumerable<Guid> subvaultIds, Guid savingUserId)
+        public async Task SaveSubvaultsAsync(Cipher cipher, IEnumerable<Guid> subvaultIds, Guid savingUserId, bool orgAdmin)
         {
             if(cipher.Id == default(Guid))
             {
@@ -164,18 +154,16 @@ namespace Bit.Core.Services
                 throw new BadRequestException("Cipher must belong to an organization.");
             }
 
-            // We do not need to check if the user belongs to this organization since this call will return no subvaults
-            // and therefore be caught by the .Any() check below.
-            var subvaultUserDetails = await _subvaultUserRepository.GetPermissionsByUserIdAsync(savingUserId, subvaultIds,
-                cipher.OrganizationId.Value);
-
-            var writeableSubvaults = subvaultUserDetails.Where(s => !s.ReadOnly).Select(s => s.SubvaultId);
-            if(!writeableSubvaults.Any())
+            // The sprocs will validate that all subvaults belong to this org/user and that they have proper write permissions.
+            if(orgAdmin)
             {
-                throw new BadRequestException("No subvaults.");
+                await _subvaultCipherRepository.UpdateSubvaultsForAdminAsync(cipher.Id, cipher.OrganizationId.Value,
+                    subvaultIds);
+            }
+            else
+            {
+                await _subvaultCipherRepository.UpdateSubvaultsAsync(cipher.Id, savingUserId, subvaultIds);
             }
-
-            await _subvaultCipherRepository.UpdateSubvaultsAsync(cipher.Id, savingUserId, writeableSubvaults);
 
             // push
             //await _pushService.PushSyncCipherUpdateAsync(cipher);