* Add PersonalOwnershipPolicyRequirement for managing personal ownership policy
* Add tests for PersonalOwnershipPolicyRequirement
* Register PersonalOwnershipPolicyRequirement in policy requirement factory
* Update ImportCiphersCommand to check PersonalOwnershipPolicyRequirement if the PolicyRequirements flag is enabled
Update unit tests
* Update CipherService to support PersonalOwnershipPolicyRequirement with feature flag
- Add support for checking personal ownership policy using PolicyRequirementQuery when feature flag is enabled
- Update CipherService constructor to inject new dependencies
- Add tests for personal vault restrictions with and without feature flag
* Clean up redundant "Arrange", "Act", and "Assert" comments in test methods
* Refactor PersonalOwnershipPolicyRequirementTests method names for clarity
- Improve test method names to better describe their purpose and behavior
- Rename methods to follow a more descriptive naming convention
- No functional changes to the test logic
* Remove commented code explaining policy check
* Refactor PersonalOwnership Policy Requirement implementation
- Add PersonalOwnershipPolicyRequirementFactory to replace static Create method
- Simplify policy requirement creation logic
- Update PolicyServiceCollectionExtensions to register new factory
- Update ImportCiphersCommand to use correct user ID parameter
- Remove redundant PersonalOwnershipPolicyRequirementTests
* Remove redundant PersonalOwnershipPolicyRequirementTests
* Remove unnecessary tests from PersonalOwnershipPolicyRequirementFactoryTests
* Add ConfirmOrganizationUserCommand and IConfirmOrganizationUserCommand interface for managing organization user confirmations
* Add unit tests for ConfirmOrganizationUserCommand to validate user confirmation scenarios
* Register ConfirmOrganizationUserCommand for dependency injection
* Refactor OrganizationUsersController to utilize IConfirmOrganizationUserCommand for user confirmation processes
* Remove ConfirmUserAsync and ConfirmUsersAsync methods from IOrganizationService and OrganizationService
* Rename test methods in ConfirmOrganizationUserCommandTests for clarity and consistency
* Update test method name in ConfirmOrganizationUserCommandTests for improved clarity
* prevent view-only users from updating passwords
* revert change to licensing service
* add tests
* check if organizationId is there
* move logic to private method
* move logic to private method
* move logic into method
* revert change to licensing service
* throw exception when cipher key is created by hidden password users
* fix tests
* don't allow totp or passkeys changes from hidden password users
* add tests
* revert change to licensing service
* Example of how a partial success/failure command result would look.
* Fixed code.
* Added Validator and ValidationResult
* Moved errors into their own files.
* Fixing tests
* fixed import.
* Forgot mock error.
* Add comprehensive test coverage for CipherService restore, delete, and soft delete methods
* Add comprehensive admin cipher management tests for CiphersController
* Enhance CiphersController admin methods with comprehensive test coverage
- Add tests for provider user scenarios in admin cipher management methods
- Implement tests for custom user with edit any collection permissions
- Add test coverage for RestrictProviderAccess feature flag
- Improve test scenarios for delete, soft delete, and restore operations
* Refactor CiphersControllerTests to simplify and optimize test methods
* Optimize CiphersControllerTests with code cleanup and test method improvements
* Extend CiphersControllerTests to support Admin and Owner roles
* Add test cases for custom user cipher admin operations with EditAnyCollection permission checks
- Extend CiphersControllerTests with scenarios for custom users without EditAnyCollection permission
- Add test methods to verify NotFoundException is thrown when EditAnyCollection is false
- Cover delete, soft delete, and restore operations for single and bulk cipher admin actions
* Enhance CiphersControllerTests with granular access permission scenarios
- Add test methods for admin and owner roles with specific cipher access scenarios
- Implement tests for accessing specific and unassigned ciphers
- Extend test coverage for delete, soft delete, and restore operations
- Improve test method naming for clarity and precision
* Add bulk admin cipher delete and soft delete tests for specific and unassigned ciphers
- Implement test methods for DeleteManyAdmin and PutDeleteManyAdmin
- Cover scenarios for owner and admin roles with access to specific and unassigned ciphers
- Verify correct invocation of DeleteManyAsync and SoftDeleteManyAsync methods
- Enhance test coverage for bulk cipher admin operations
* Add Manage permission to UserCipherDetails and CipherDetails_ReadByIdUserId
* Add Manage property to CipherDetails and UserCipherDetailsQuery
* Add integration test for CipherRepository Manage permission rules
* Update CipherDetails_ReadWithoutOrganizationsByUserId to include Manage permission
* Refactor UserCipherDetailsQuery to include detailed permission and organization properties
* Refactor CipherRepositoryTests to improve test organization and readability
- Split large test method into smaller, focused methods
- Added helper methods for creating test data and performing assertions
- Improved test coverage for cipher permissions in different scenarios
- Maintained existing test logic while enhancing code structure
* Refactor CipherRepositoryTests to consolidate cipher permission tests
- Removed redundant helper methods for permission assertions
- Simplified test methods for GetCipherPermissionsForOrganizationAsync, GetManyByUserIdAsync, and GetByIdAsync
- Maintained existing test coverage for cipher manage permissions
- Improved code readability and reduced code duplication
* Add integration test for CipherRepository group collection manage permissions
- Added new test method GetCipherPermissionsForOrganizationAsync_ManageProperty_RespectsCollectionGroupRules
- Implemented helper method CreateCipherInOrganizationCollectionWithGroup to support group-based collection permission testing
- Verified manage permissions are correctly applied based on group collection access settings
* Add @Manage parameter to Cipher stored procedures
- Updated CipherDetails_Create, CipherDetails_CreateWithCollections, and CipherDetails_Update stored procedures
- Added @Manage parameter with comment "-- not used"
- Included new stored procedure implementations in migration script
- Consistent with previous work on adding Manage property to cipher details
* Update UserCipherDetails functions to reorder Manage and ViewPassword columns
* [PM-18086] Add CanRestore and CanDelete authorization methods.
* [PM-18086] Address code review feedback.
* [PM-18086] Add missing part.
* [PM-18087] Add CipherPermissionsResponseModel for cipher permissions
* Add GetManyOrganizationAbilityAsync method to application cache service
* Add organization ability context to cipher response models
This change introduces organization ability context to various cipher response models across multiple controllers. The modifications include:
- Updating CipherResponseModel to include permissions based on user and organization ability
- Modifying CiphersController methods to fetch and pass organization abilities
- Updating SyncController to include organization abilities in sync response
- Adding organization ability context to EmergencyAccessController response generation
* Remove organization ability context from EmergencyAccessController
This change simplifies the EmergencyAccessController by removing unnecessary organization ability fetching and passing. Since emergency access only retrieves personal ciphers, the organization ability context is no longer needed in the response generation.
* Remove unused IApplicationCacheService from EmergencyAccessController
* Refactor EmergencyAccessViewResponseModel constructor
Remove unnecessary JsonConstructor attribute and simplify constructor initialization for EmergencyAccessViewResponseModel
* Refactor organization ability retrieval in CiphersController
Extract methods to simplify organization ability fetching for ciphers, reducing code duplication and improving readability. Added two private helper methods:
- GetOrganizationAbilityAsync: Retrieves organization ability for a single cipher
- GetManyOrganizationAbilitiesAsync: Retrieves organization abilities for multiple ciphers
* Update CiphersControllerTests to use GetUserByPrincipalAsync
Modify test methods to:
- Replace GetProperUserId with GetUserByPrincipalAsync
- Use User object instead of separate userId
- Update mocking to return User object
- Ensure user ID is correctly set in test scenarios
* Refactor CipherPermissionsResponseModel to use constructor-based initialization
* Refactor CipherPermissionsResponseModel to use record type and init-only properties
* [PM-18086] Undo files
* [PM-18086] Undo files
* Refactor organization abilities retrieval in cipher-related controllers and models
- Update CiphersController to use GetOrganizationAbilitiesAsync instead of individual methods
- Modify CipherResponseModel and CipherDetailsResponseModel to accept organization abilities dictionary
- Update CipherPermissionsResponseModel to handle organization abilities lookup
- Remove deprecated organization ability retrieval methods
- Simplify sync and emergency access response model handling of organization abilities
* Remove GetManyOrganizationAbilityAsync method
- Delete unused method from IApplicationCacheService interface
- Remove corresponding implementation in InMemoryApplicationCacheService
- Continues cleanup of organization ability retrieval methods
* Update CiphersControllerTests to include organization abilities retrieval
- Add organization abilities retrieval in test setup for PutCollections_vNext method
- Ensure consistent mocking of IApplicationCacheService in test scenarios
* Update error message for missing organization ability
---------
Co-authored-by: Jimmy Vo <huynhmaivo82@gmail.com>
Pass in the current userId instead of trying to infer it from the folders or ciphers passed into the ImportCiphersCommand
Kudos go to @MJebran who pointed this out on https://github.com/bitwarden/server/pull/4896
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
