mirror of
https://github.com/bitwarden/server.git
synced 2025-04-18 19:48:12 -05:00
1cf9ff34c1
* PM-17921 change the GenerateAccessData method to process lists in parallel. * PM-17921 removing old method
207 lines
9.9 KiB
C#
207 lines
9.9 KiB
C#
using System.Collections.Concurrent;
|
|
using Bit.Core.AdminConsole.Entities;
|
|
using Bit.Core.AdminConsole.Repositories;
|
|
using Bit.Core.Auth.UserFeatures.TwoFactorAuth.Interfaces;
|
|
using Bit.Core.Entities;
|
|
using Bit.Core.Models.Data;
|
|
using Bit.Core.Models.Data.Organizations;
|
|
using Bit.Core.Models.Data.Organizations.OrganizationUsers;
|
|
using Bit.Core.Repositories;
|
|
using Bit.Core.Services;
|
|
using Bit.Core.Tools.Models.Data;
|
|
using Bit.Core.Tools.ReportFeatures.OrganizationReportMembers.Interfaces;
|
|
using Bit.Core.Tools.ReportFeatures.Requests;
|
|
using Bit.Core.Vault.Models.Data;
|
|
using Bit.Core.Vault.Queries;
|
|
using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
|
|
using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Requests;
|
|
|
|
namespace Bit.Core.Tools.ReportFeatures;
|
|
|
|
public class MemberAccessCipherDetailsQuery : IMemberAccessCipherDetailsQuery
|
|
{
|
|
private readonly IOrganizationUserUserDetailsQuery _organizationUserUserDetailsQuery;
|
|
private readonly IGroupRepository _groupRepository;
|
|
private readonly ICollectionRepository _collectionRepository;
|
|
private readonly IOrganizationCiphersQuery _organizationCiphersQuery;
|
|
private readonly IApplicationCacheService _applicationCacheService;
|
|
private readonly ITwoFactorIsEnabledQuery _twoFactorIsEnabledQuery;
|
|
|
|
public MemberAccessCipherDetailsQuery(
|
|
IOrganizationUserUserDetailsQuery organizationUserUserDetailsQuery,
|
|
IGroupRepository groupRepository,
|
|
ICollectionRepository collectionRepository,
|
|
IOrganizationCiphersQuery organizationCiphersQuery,
|
|
IApplicationCacheService applicationCacheService,
|
|
ITwoFactorIsEnabledQuery twoFactorIsEnabledQuery
|
|
)
|
|
{
|
|
_organizationUserUserDetailsQuery = organizationUserUserDetailsQuery;
|
|
_groupRepository = groupRepository;
|
|
_collectionRepository = collectionRepository;
|
|
_organizationCiphersQuery = organizationCiphersQuery;
|
|
_applicationCacheService = applicationCacheService;
|
|
_twoFactorIsEnabledQuery = twoFactorIsEnabledQuery;
|
|
}
|
|
|
|
public async Task<IEnumerable<MemberAccessCipherDetails>> GetMemberAccessCipherDetails(MemberAccessCipherDetailsRequest request)
|
|
{
|
|
var orgUsers = await _organizationUserUserDetailsQuery.GetOrganizationUserUserDetails(
|
|
new OrganizationUserUserDetailsQueryRequest
|
|
{
|
|
OrganizationId = request.OrganizationId,
|
|
IncludeCollections = true,
|
|
IncludeGroups = true
|
|
});
|
|
|
|
var orgGroups = await _groupRepository.GetManyByOrganizationIdAsync(request.OrganizationId);
|
|
var orgAbility = await _applicationCacheService.GetOrganizationAbilityAsync(request.OrganizationId);
|
|
var orgCollectionsWithAccess = await _collectionRepository.GetManyByOrganizationIdWithAccessAsync(request.OrganizationId);
|
|
var orgItems = await _organizationCiphersQuery.GetAllOrganizationCiphers(request.OrganizationId);
|
|
var organizationUsersTwoFactorEnabled = await _twoFactorIsEnabledQuery.TwoFactorIsEnabledAsync(orgUsers);
|
|
|
|
var memberAccessCipherDetails = GenerateAccessDataParallel(
|
|
orgGroups,
|
|
orgCollectionsWithAccess,
|
|
orgItems,
|
|
organizationUsersTwoFactorEnabled,
|
|
orgAbility);
|
|
|
|
return memberAccessCipherDetails;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Generates a report for all members of an organization. Containing summary information
|
|
/// such as item, collection, and group counts. Including the cipherIds a member is assigned.
|
|
/// Child collection includes detailed information on the user and group collections along
|
|
/// with their permissions.
|
|
/// </summary>
|
|
/// <param name="orgGroups">Organization groups collection</param>
|
|
/// <param name="orgCollectionsWithAccess">Collections for the organization and the groups/users and permissions</param>
|
|
/// <param name="orgItems">Cipher items for the organization with the collections associated with them</param>
|
|
/// <param name="organizationUsersTwoFactorEnabled">Organization users and two factor status</param>
|
|
/// <param name="orgAbility">Organization ability for account recovery status</param>
|
|
/// <returns>List of the MemberAccessCipherDetailsModel</returns>;
|
|
private IEnumerable<MemberAccessCipherDetails> GenerateAccessDataParallel(
|
|
ICollection<Group> orgGroups,
|
|
ICollection<Tuple<Collection, CollectionAccessDetails>> orgCollectionsWithAccess,
|
|
IEnumerable<CipherOrganizationDetailsWithCollections> orgItems,
|
|
IEnumerable<(OrganizationUserUserDetails user, bool twoFactorIsEnabled)> organizationUsersTwoFactorEnabled,
|
|
OrganizationAbility orgAbility)
|
|
{
|
|
var orgUsers = organizationUsersTwoFactorEnabled.Select(x => x.user).ToList();
|
|
var groupNameDictionary = orgGroups.ToDictionary(x => x.Id, x => x.Name);
|
|
var collectionItems = orgItems
|
|
.SelectMany(x => x.CollectionIds,
|
|
(cipher, collectionId) => new { Cipher = cipher, CollectionId = collectionId })
|
|
.GroupBy(y => y.CollectionId,
|
|
(key, ciphers) => new { CollectionId = key, Ciphers = ciphers });
|
|
var itemLookup = collectionItems.ToDictionary(x => x.CollectionId.ToString(), x => x.Ciphers.Select(c => c.Cipher.Id.ToString()).ToList());
|
|
|
|
var memberAccessCipherDetails = new ConcurrentBag<MemberAccessCipherDetails>();
|
|
|
|
Parallel.ForEach(orgUsers, user =>
|
|
{
|
|
var groupAccessDetails = new List<MemberAccessDetails>();
|
|
var userCollectionAccessDetails = new List<MemberAccessDetails>();
|
|
|
|
foreach (var tCollect in orgCollectionsWithAccess)
|
|
{
|
|
if (itemLookup.TryGetValue(tCollect.Item1.Id.ToString(), out var items))
|
|
{
|
|
var itemCounts = items.Count;
|
|
|
|
if (tCollect.Item2.Groups.Any())
|
|
{
|
|
var groupDetails = tCollect.Item2.Groups
|
|
.Where(tCollectGroups => user.Groups.Contains(tCollectGroups.Id))
|
|
.Select(x => new MemberAccessDetails
|
|
{
|
|
CollectionId = tCollect.Item1.Id,
|
|
CollectionName = tCollect.Item1.Name,
|
|
GroupId = x.Id,
|
|
GroupName = groupNameDictionary[x.Id],
|
|
ReadOnly = x.ReadOnly,
|
|
HidePasswords = x.HidePasswords,
|
|
Manage = x.Manage,
|
|
ItemCount = itemCounts,
|
|
CollectionCipherIds = items
|
|
});
|
|
|
|
groupAccessDetails.AddRange(groupDetails);
|
|
}
|
|
|
|
if (tCollect.Item2.Users.Any())
|
|
{
|
|
var userCollectionDetails = tCollect.Item2.Users
|
|
.Where(tCollectUser => tCollectUser.Id == user.Id)
|
|
.Select(x => new MemberAccessDetails
|
|
{
|
|
CollectionId = tCollect.Item1.Id,
|
|
CollectionName = tCollect.Item1.Name,
|
|
ReadOnly = x.ReadOnly,
|
|
HidePasswords = x.HidePasswords,
|
|
Manage = x.Manage,
|
|
ItemCount = itemCounts,
|
|
CollectionCipherIds = items
|
|
});
|
|
|
|
userCollectionAccessDetails.AddRange(userCollectionDetails);
|
|
}
|
|
}
|
|
}
|
|
|
|
var report = new MemberAccessCipherDetails
|
|
{
|
|
UserName = user.Name,
|
|
Email = user.Email,
|
|
TwoFactorEnabled = organizationUsersTwoFactorEnabled.FirstOrDefault(u => u.user.Id == user.Id).twoFactorIsEnabled,
|
|
AccountRecoveryEnabled = !string.IsNullOrEmpty(user.ResetPasswordKey) && orgAbility.UseResetPassword,
|
|
UserGuid = user.Id,
|
|
UsesKeyConnector = user.UsesKeyConnector
|
|
};
|
|
|
|
var userAccessDetails = new List<MemberAccessDetails>();
|
|
if (user.Groups.Any())
|
|
{
|
|
var userGroups = groupAccessDetails.Where(x => user.Groups.Contains(x.GroupId.GetValueOrDefault()));
|
|
userAccessDetails.AddRange(userGroups);
|
|
}
|
|
|
|
var groupsWithoutCollections = user.Groups.Where(x => !userAccessDetails.Any(y => x == y.GroupId));
|
|
if (groupsWithoutCollections.Any())
|
|
{
|
|
var emptyGroups = groupsWithoutCollections.Select(x => new MemberAccessDetails
|
|
{
|
|
GroupId = x,
|
|
GroupName = groupNameDictionary[x],
|
|
ItemCount = 0
|
|
});
|
|
userAccessDetails.AddRange(emptyGroups);
|
|
}
|
|
|
|
if (user.Collections.Any())
|
|
{
|
|
var userCollections = userCollectionAccessDetails.Where(x => user.Collections.Any(y => x.CollectionId == y.Id));
|
|
userAccessDetails.AddRange(userCollections);
|
|
}
|
|
report.AccessDetails = userAccessDetails;
|
|
|
|
var userCiphers = report.AccessDetails
|
|
.Where(x => x.ItemCount > 0)
|
|
.SelectMany(y => y.CollectionCipherIds)
|
|
.Distinct();
|
|
report.CipherIds = userCiphers;
|
|
report.TotalItemCount = userCiphers.Count();
|
|
|
|
var distinctItems = report.AccessDetails.Where(x => x.CollectionId.HasValue).Select(x => x.CollectionId).Distinct();
|
|
report.CollectionsCount = distinctItems.Count();
|
|
report.GroupsCount = report.AccessDetails.Select(x => x.GroupId).Where(y => y.HasValue).Distinct().Count();
|
|
|
|
memberAccessCipherDetails.Add(report);
|
|
});
|
|
|
|
return memberAccessCipherDetails;
|
|
}
|
|
}
|