mirror of
https://github.com/bitwarden/server.git
synced 2025-04-29 08:42:19 -05:00
354caa3063
* [EC-19] Move SSO Identifier to Org SSO endpoint (#2184) * [EC-19] Move SSO identifier to Org SSO config endpoint * [EC-19] Add Jira tech debt issue reference * [EC-542] Update email communications (#2348) * [EC-73] Add users alongside groups for collection details (#2358) * [EC-73] feat: add new stored procedures * [EC-73] feat: add migration * [EC-73] chore: rename collection group details * [EC-73] fix: migration * [EC-73] feat: return users from dapper repo * [EC-73] feat: EF support for collection users * [EC-73] feat: implement updating users in EF * [EC-73] feat: new collections with users in EF * [EC-73] feat: create with users in dapper * [EC-73] feat: update with users in dapper * [EC-73] fix: collection service tests * [EC-73] fix: lint * [EC-73] feat: add new data model and rename for clarity * [EC-73] chore: add future migrations * [EC-16 / EC-86] Implement Groups Table Endpoints (#2280) * [EC-16] Update Group endpoints/repositories to include necessary collection info * [EC-16] Add delete many groups endpoint and command * [EC-16] Add DeleteGroupCommand unit tests * [EC-16] Update migration script * [EC-16] Formatting * [EC-16] Support modifying users via Post Group endpoint - Add optional Users property to GroupRequestModel - Add users parameter to the GroupService.SaveAsync() method - Use the users argument to update the Group via the GroupRepository if present. * [EC-16] Add/update Sprocs for bulk group deletion - Add a new bump account revision date by multiple org ids sproc to be used by the delete many group sproc. - Update the delete many group sproc to no longer require the organization Id as authorization is a business concern. * [EC-16] No longer require org Id in delete many GroupRepository The group repository should not care about which organization a group belongs to when being deleted. That is a business logic concern and is not necessary at the repository level. * [EC-16] Remove org Id from delete many group command - Remove the organization Id from the delete many method. - Require Group entities instead of just group Ids so that group retrieval is completed outside the command. - No longer return deleted groups as they are now being passed into the command. - Update unit tests * [EC-16] Remove org id from bulk delete group endpoint - Remove the Org Id from the endpoint and make use of the updated delete many command * [EC-16] Rename delete many groups sproc * [EC-16] Update migration script * [EC-16] Fix typo in migration script * [EC-16] Fix order of operations in Group_DeleteByIds sproc * [EC-16] Formatting * [EC-86] Fix DeleteManyAsync parameter name Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> * [EC-16] Add missing sproc to sqlproj file * [EC-16] Improve GroupRepository method performance Use GroupBy before marrying Groups and Collections to avoid iterating over all collections for every group) * [EC-16] Use ToListAsync() to be consistent in the repository * [EC-16] Fix collection grouping in the EF repository * [EC-16] Adjust DeleteGroup command namespace to be less verbose * [EC-16] Cleanup DeleteGroupCommandTests * [EC-16] Formatting * [EC-16] Ensure a non-null group collection list is provided * [EC-16] Add bulk GroupEvents method to EventService - Use the new method in the DeleteGroups command * [EC-16] Remove bulk delete group Api response The response is unnecessary and not used by the client * [EC-16] Log OrganizationUser_UpdateGroups event in GroupService Events are logged for users during both Group creation (all added users) and modification (only changed users). * [EC-16] Fix failing unit test * [EC-16] Rename newUsers variable per feedback * [EC-16] Assert delete many group log events Explicitly check for the event type and groups that are logged to the event service. * [EC-16] Update DeleteManyAsync signature Use ICollection<> instead of IEnumerable<> to avoid ambiguity of possible multiple enumeration * [EC-16] Increment migration script name Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> * Add missing GO command to EC-73 migration script (#2433) * [EC-15] Members Grid Api Support (#2485) * [EC-15] Update OrganizationUser models to support list of collections and groups * [EC-15] Add sprocs to query GroupUser and CollectionUser entities * [EC-15] Update the OrganizationUserRepository to optionally fetch groups/collections * [EC-15] Formatting * [EC-15] Remove leftover repository method * [EC-15] Fix table identifier inconsistency in sproc/migration * Formatting * [EC-14]: Server changes for Collection rows in Vault (#2360) * [EC-14] add collection management methods to repo - delete many, get many by ids, and get many with groups by org * [EC-14] connection command tests had wrong folder name * [EC-14] add collection repo methods to interface * [EC-14] create DeleteCollectionCommand * [EC-14] add getManyWithDetails collections endpoint * [EC-14] add GetManyWithGroupsByUserId * [EC-14] add call to interface * [EC-14] add GetOrganizationCollectionsWIthGroups - gets groups with collections - add tests as well * [EC-14] add call to interface * [EC-14] add new coll call to controller - gets collections with groups * [EC-14] use new delete collection command * [EC-14] add CollectionBulkDeleteRequestModel * [EC-14] remove org from delete collection cmd - move all permission checks to controller - add tests to controller - remove org check from repository method * [EC-14] add migration and sprocs * [EC-14] formatting * [EC-14] revert delete permission check changes * [EC-14] rename SelectionReadOnly to CollectionAccessSelection * [EC-14] move GetOrganizationCollectionsWithGroups to controller - there's no reason to have this logic in the service layer - we can still test the permission check in the controller - also renamed repo methods and changed return types * [EC-14] include users in collection access details * [EC-14] fix migration names * [EC-14] bumpAccountRevisionDate when deleting collections * [EC-14] new line in collection service * [EC-14] formatting and add .sql to proc file * [EC-14] more formatting * [EC-14] formatting * [EC-14] fix whitespace * [EC-14] add datetime to event log of single delete * [EC-14] remove ToList() from enumerables not returned * [EC-14] fix permissions on "Create new collection" - a custom user with "Create new collections" should see all collections * [EC-14] add bulk events for collections * [EC-14] group collections from db before iterating * [EC-14] sql formatting and missing GO * [EC-14] fix tests * [EC-14] add null handling to repo methods * [EC-14] fix account revision call * [EC-14] formatting * [EC-548] Member Details Group Tab (#2508) * [EC-548] Update models to support groups * [EC-548] Include groups in invite and save organization user methods * [EC-548] Pass groups to service methods in member/user controllers * [EC-548] Fix failing tests * [EC-548] Add option to include groups for GET org user query * Formatting * [EC-887] Server fix for managers seeing options to edit/delete Collections they aren't assigned to (#2542) * [EC-887] Add Assigned property to CollectionResponseModel A new property to determine if a collection is assigned to the acting user; as some users, have the view all collections permission, but cannot see every collection's items * [EC-887] Update logic for retrieving GET all collection details - Only need to check the ViewAllCollections permission - Calculate new Assigned response property based on the assignedOrgCollections list * Formatting * [EC-887] Update unit tests Co-authored-by: Shane Melton <smelton@bitwarden.com> Co-authored-by: Jacob Fink <jfink@bitwarden.com> Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
234 lines
9.7 KiB
C#
234 lines
9.7 KiB
C#
using System.Net;
|
|
using Bit.Api.Models.Public.Request;
|
|
using Bit.Api.Models.Public.Response;
|
|
using Bit.Core.Context;
|
|
using Bit.Core.Models.Business;
|
|
using Bit.Core.Repositories;
|
|
using Bit.Core.Services;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
namespace Bit.Api.Public.Controllers;
|
|
|
|
[Route("public/members")]
|
|
[Authorize("Organization")]
|
|
public class MembersController : Controller
|
|
{
|
|
private readonly IOrganizationUserRepository _organizationUserRepository;
|
|
private readonly IGroupRepository _groupRepository;
|
|
private readonly IOrganizationService _organizationService;
|
|
private readonly IUserService _userService;
|
|
private readonly ICurrentContext _currentContext;
|
|
|
|
public MembersController(
|
|
IOrganizationUserRepository organizationUserRepository,
|
|
IGroupRepository groupRepository,
|
|
IOrganizationService organizationService,
|
|
IUserService userService,
|
|
ICurrentContext currentContext)
|
|
{
|
|
_organizationUserRepository = organizationUserRepository;
|
|
_groupRepository = groupRepository;
|
|
_organizationService = organizationService;
|
|
_userService = userService;
|
|
_currentContext = currentContext;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Retrieve a member.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// Retrieves the details of an existing member of the organization. You need only supply the
|
|
/// unique member identifier that was returned upon member creation.
|
|
/// </remarks>
|
|
/// <param name="id">The identifier of the member to be retrieved.</param>
|
|
[HttpGet("{id}")]
|
|
[ProducesResponseType(typeof(MemberResponseModel), (int)HttpStatusCode.OK)]
|
|
[ProducesResponseType((int)HttpStatusCode.NotFound)]
|
|
public async Task<IActionResult> Get(Guid id)
|
|
{
|
|
var userDetails = await _organizationUserRepository.GetDetailsByIdWithCollectionsAsync(id);
|
|
var orgUser = userDetails?.Item1;
|
|
if (orgUser == null || orgUser.OrganizationId != _currentContext.OrganizationId)
|
|
{
|
|
return new NotFoundResult();
|
|
}
|
|
var response = new MemberResponseModel(orgUser, await _userService.TwoFactorIsEnabledAsync(orgUser),
|
|
userDetails.Item2);
|
|
return new JsonResult(response);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Retrieve a member's group ids
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// Retrieves the unique identifiers for all groups that are associated with this member. You need only
|
|
/// supply the unique member identifier that was returned upon member creation.
|
|
/// </remarks>
|
|
/// <param name="id">The identifier of the member to be retrieved.</param>
|
|
[HttpGet("{id}/group-ids")]
|
|
[ProducesResponseType(typeof(HashSet<Guid>), (int)HttpStatusCode.OK)]
|
|
[ProducesResponseType((int)HttpStatusCode.NotFound)]
|
|
public async Task<IActionResult> GetGroupIds(Guid id)
|
|
{
|
|
var orgUser = await _organizationUserRepository.GetByIdAsync(id);
|
|
if (orgUser == null || orgUser.OrganizationId != _currentContext.OrganizationId)
|
|
{
|
|
return new NotFoundResult();
|
|
}
|
|
var groupIds = await _groupRepository.GetManyIdsByUserIdAsync(id);
|
|
return new JsonResult(groupIds);
|
|
}
|
|
|
|
/// <summary>
|
|
/// List all members.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// Returns a list of your organization's members.
|
|
/// Member objects listed in this call do not include information about their associated collections.
|
|
/// </remarks>
|
|
[HttpGet]
|
|
[ProducesResponseType(typeof(ListResponseModel<MemberResponseModel>), (int)HttpStatusCode.OK)]
|
|
public async Task<IActionResult> List()
|
|
{
|
|
var users = await _organizationUserRepository.GetManyDetailsByOrganizationAsync(
|
|
_currentContext.OrganizationId.Value);
|
|
// TODO: Get all CollectionUser associations for the organization and marry them up here for the response.
|
|
var memberResponsesTasks = users.Select(async u => new MemberResponseModel(u,
|
|
await _userService.TwoFactorIsEnabledAsync(u), null));
|
|
var memberResponses = await Task.WhenAll(memberResponsesTasks);
|
|
var response = new ListResponseModel<MemberResponseModel>(memberResponses);
|
|
return new JsonResult(response);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Create a member.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// Creates a new member object by inviting a user to the organization.
|
|
/// </remarks>
|
|
/// <param name="model">The request model.</param>
|
|
[HttpPost]
|
|
[ProducesResponseType(typeof(MemberResponseModel), (int)HttpStatusCode.OK)]
|
|
[ProducesResponseType(typeof(ErrorResponseModel), (int)HttpStatusCode.BadRequest)]
|
|
public async Task<IActionResult> Post([FromBody] MemberCreateRequestModel model)
|
|
{
|
|
var associations = model.Collections?.Select(c => c.ToSelectionReadOnly());
|
|
var invite = new OrganizationUserInvite
|
|
{
|
|
Emails = new List<string> { model.Email },
|
|
Type = model.Type.Value,
|
|
AccessAll = model.AccessAll.Value,
|
|
Collections = associations
|
|
};
|
|
var user = await _organizationService.InviteUserAsync(_currentContext.OrganizationId.Value, null,
|
|
model.Email, model.Type.Value, model.AccessAll.Value, model.ExternalId, associations, model.Groups);
|
|
var response = new MemberResponseModel(user, associations);
|
|
return new JsonResult(response);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Update a member.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// Updates the specified member object. If a property is not provided,
|
|
/// the value of the existing property will be reset.
|
|
/// </remarks>
|
|
/// <param name="id">The identifier of the member to be updated.</param>
|
|
/// <param name="model">The request model.</param>
|
|
[HttpPut("{id}")]
|
|
[ProducesResponseType(typeof(MemberResponseModel), (int)HttpStatusCode.OK)]
|
|
[ProducesResponseType(typeof(ErrorResponseModel), (int)HttpStatusCode.BadRequest)]
|
|
[ProducesResponseType((int)HttpStatusCode.NotFound)]
|
|
public async Task<IActionResult> Put(Guid id, [FromBody] MemberUpdateRequestModel model)
|
|
{
|
|
var existingUser = await _organizationUserRepository.GetByIdAsync(id);
|
|
if (existingUser == null || existingUser.OrganizationId != _currentContext.OrganizationId)
|
|
{
|
|
return new NotFoundResult();
|
|
}
|
|
var updatedUser = model.ToOrganizationUser(existingUser);
|
|
var associations = model.Collections?.Select(c => c.ToSelectionReadOnly());
|
|
await _organizationService.SaveUserAsync(updatedUser, null, associations, model.Groups);
|
|
MemberResponseModel response = null;
|
|
if (existingUser.UserId.HasValue)
|
|
{
|
|
var existingUserDetails = await _organizationUserRepository.GetDetailsByIdAsync(id);
|
|
response = new MemberResponseModel(existingUserDetails,
|
|
await _userService.TwoFactorIsEnabledAsync(existingUserDetails), associations);
|
|
}
|
|
else
|
|
{
|
|
response = new MemberResponseModel(updatedUser, associations);
|
|
}
|
|
return new JsonResult(response);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Update a member's groups.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// Updates the specified member's group associations.
|
|
/// </remarks>
|
|
/// <param name="id">The identifier of the member to be updated.</param>
|
|
/// <param name="model">The request model.</param>
|
|
[HttpPut("{id}/group-ids")]
|
|
[ProducesResponseType((int)HttpStatusCode.OK)]
|
|
[ProducesResponseType(typeof(ErrorResponseModel), (int)HttpStatusCode.BadRequest)]
|
|
[ProducesResponseType((int)HttpStatusCode.NotFound)]
|
|
public async Task<IActionResult> PutGroupIds(Guid id, [FromBody] UpdateGroupIdsRequestModel model)
|
|
{
|
|
var existingUser = await _organizationUserRepository.GetByIdAsync(id);
|
|
if (existingUser == null || existingUser.OrganizationId != _currentContext.OrganizationId)
|
|
{
|
|
return new NotFoundResult();
|
|
}
|
|
await _organizationService.UpdateUserGroupsAsync(existingUser, model.GroupIds, null);
|
|
return new OkResult();
|
|
}
|
|
|
|
/// <summary>
|
|
/// Delete a member.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// Permanently deletes a member from the organization. This cannot be undone.
|
|
/// The user account will still remain. The user is only removed from the organization.
|
|
/// </remarks>
|
|
/// <param name="id">The identifier of the member to be deleted.</param>
|
|
[HttpDelete("{id}")]
|
|
[ProducesResponseType((int)HttpStatusCode.OK)]
|
|
[ProducesResponseType((int)HttpStatusCode.NotFound)]
|
|
public async Task<IActionResult> Delete(Guid id)
|
|
{
|
|
var user = await _organizationUserRepository.GetByIdAsync(id);
|
|
if (user == null || user.OrganizationId != _currentContext.OrganizationId)
|
|
{
|
|
return new NotFoundResult();
|
|
}
|
|
await _organizationService.DeleteUserAsync(_currentContext.OrganizationId.Value, id, null);
|
|
return new OkResult();
|
|
}
|
|
|
|
/// <summary>
|
|
/// Re-invite a member.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// Re-sends the invitation email to an organization member.
|
|
/// </remarks>
|
|
/// <param name="id">The identifier of the member to re-invite.</param>
|
|
[HttpPost("{id}/reinvite")]
|
|
[ProducesResponseType((int)HttpStatusCode.OK)]
|
|
[ProducesResponseType(typeof(ErrorResponseModel), (int)HttpStatusCode.BadRequest)]
|
|
[ProducesResponseType((int)HttpStatusCode.NotFound)]
|
|
public async Task<IActionResult> PostReinvite(Guid id)
|
|
{
|
|
var existingUser = await _organizationUserRepository.GetByIdAsync(id);
|
|
if (existingUser == null || existingUser.OrganizationId != _currentContext.OrganizationId)
|
|
{
|
|
return new NotFoundResult();
|
|
}
|
|
await _organizationService.ResendInviteAsync(_currentContext.OrganizationId.Value, null, id);
|
|
return new OkResult();
|
|
}
|
|
}
|