Move policy checks inside PolicyService (#1533)

* Move policy checks inside PolicyService

* Remove leftover code

* Remove duplicate code

* Reorder code for consistency

src/Android/Autofill/AutofillService.cs

@@ -94,23 +94,11 @@ namespace Bit.Droid.Autofill
 
             _policyService ??= ServiceContainer.Resolve<IPolicyService>("policyService");
 
-            var personalOwnershipPolicies = await _policyService.GetAll(PolicyType.PersonalOwnership);
+            var personalOwnershipPolicyApplies = await _policyService.PolicyAppliesToUser(PolicyType.PersonalOwnership);
-            if (personalOwnershipPolicies != null)
+            if (personalOwnershipPolicyApplies)
-            {
-                _userService ??= ServiceContainer.Resolve<IUserService>("userService");
-                foreach (var policy in personalOwnershipPolicies)
-                {
-                    if (policy.Enabled)
-                    {
-                        var org = await _userService.GetOrganizationAsync(policy.OrganizationId);
-                        if (org != null && org.Enabled && org.UsePolicies && !org.canManagePolicies
-                           && org.Status == OrganizationUserStatusType.Confirmed)
             {
                 return;
             }
-                    }
-                }
-            }
 
             var parser = new Parser(structure, ApplicationContext);
             parser.Parse();

src/App/Pages/Vault/AddEditPageViewModel.cs

@@ -309,7 +309,6 @@ namespace Bit.App.Pages
 
         public async Task<bool> LoadAsync(AppOptions appOptions = null)
         {
-            var policies = (await _policyService.GetAll(PolicyType.PersonalOwnership))?.ToList();
             var myEmail = await _userService.GetEmailAsync();
             OwnershipOptions.Add(new KeyValuePair<string, string>(myEmail, null));
             var orgs = await _userService.GetAllOrganizationAsync();
@@ -318,26 +317,15 @@ namespace Bit.App.Pages
                 if (org.Enabled && org.Status == OrganizationUserStatusType.Confirmed)
                 {
                     OwnershipOptions.Add(new KeyValuePair<string, string>(org.Name, org.Id));
-                    if ((!EditMode || CloneMode) && policies != null && org.UsePolicies && !org.canManagePolicies &&
+                }
-                        AllowPersonal)
+            }
-                    {
+
-                        foreach (var policy in policies)
+            var personalOwnershipPolicyApplies = await _policyService.PolicyAppliesToUser(PolicyType.PersonalOwnership);
-                        {
+            if (personalOwnershipPolicyApplies && (!EditMode || CloneMode))
-                            if (policy.OrganizationId == org.Id && policy.Enabled)
             {
                 AllowPersonal = false;
                 // Remove personal ownership
                 OwnershipOptions.RemoveAt(0);
-                                // Default to the organization who owns this policy for now (if necessary)
-                                if (string.IsNullOrWhiteSpace(OrganizationId))
-                                {
-                                    OrganizationId = org.Id;
-                                }
-                                break;
-                            }
-                        }
-                    }
-                }
             }
 
             var allCollections = await _collectionService.GetAllDecryptedAsync();

src/App/Utilities/AppHelpers.cs

@@ -315,38 +315,15 @@ namespace Bit.App.Utilities
         public static async Task<bool> IsSendDisabledByPolicyAsync()
         {
             var policyService = ServiceContainer.Resolve<IPolicyService>("policyService");
-            var userService = ServiceContainer.Resolve<IUserService>("userService");
+            return await policyService.PolicyAppliesToUser(PolicyType.DisableSend);
-            
-            var policies = await policyService.GetAll(PolicyType.DisableSend);
-            var organizations = await userService.GetAllOrganizationAsync();
-            return organizations.Any(o =>
-            {
-                return o.Enabled &&
-                       o.Status == OrganizationUserStatusType.Confirmed &&
-                       o.UsePolicies &&
-                       !o.canManagePolicies &&
-                       policies.Any(p => p.OrganizationId == o.Id && p.Enabled);
-            });
         }
 
         public static async Task<bool> IsHideEmailDisabledByPolicyAsync()
         {
             var policyService = ServiceContainer.Resolve<IPolicyService>("policyService");
-            var userService = ServiceContainer.Resolve<IUserService>("userService");
 
-            var policies = await policyService.GetAll(PolicyType.SendOptions);
+            return await policyService.PolicyAppliesToUser(PolicyType.SendOptions,
-            var organizations = await userService.GetAllOrganizationAsync();
+                policy => policy.Data.ContainsKey("disableHideEmail") && (bool)policy.Data["disableHideEmail"]);
-            return organizations.Any(o =>
-            {
-                return o.Enabled &&
-                       o.Status == OrganizationUserStatusType.Confirmed &&
-                       o.UsePolicies &&
-                       !o.canManagePolicies &&
-                       policies.Any(p => p.OrganizationId == o.Id &&
-                            p.Enabled &&
-                            p.Data.ContainsKey("disableHideEmail") &&
-                            (bool)p.Data["disableHideEmail"]);
-            });
         }
 
         public static async Task<bool> PerformUpdateTasksAsync(ISyncService syncService,

src/Core/Models/Domain/Organization.cs

@@ -91,6 +91,6 @@ namespace Bit.Core.Models.Domain
         public bool canManageGroups => IsAdmin || Permissions.ManageGroups;
         public bool canManagePolicies => IsAdmin || Permissions.ManagePolicies;
         public bool canManageUser => IsAdmin || Permissions.ManageUsers;
-        public bool IsExemptFromPolicies =>  canManagePolicies;
+        public bool isExemptFromPolicies => canManagePolicies;
     }
 }

src/Core/Services/PolicyService.cs

@@ -198,29 +198,30 @@ namespace Bit.Core.Services
             return new Tuple<ResetPasswordPolicyOptions, bool>(resetPasswordPolicyOptions, policy != null);
         }
 
-        public async Task<bool> PolicyAppliesToUser(PolicyType policyType, Func<Policy, bool> policyFilter = null)
+        public async Task<bool> PolicyAppliesToUser(PolicyType policyType, Func<Policy, bool> policyFilter)
         {
-            if (policyFilter == null) {
-                policyFilter = _ => true;
-            }
-
             var policies = await GetAll(policyType);
             var organizations = await _userService.GetAllOrganizationAsync();
 
-            var filteredPolicies = policies.Where(p =>
+            IEnumerable<Policy> filteredPolicies;
-                    p.Enabled &&
-                    p.Type == policyType &&
-                    policyFilter(p))
-                .Select(p => p.OrganizationId);
 
-            var policySet = filteredPolicies.Distinct();
+            if (policyFilter != null)
+            {
+                filteredPolicies = policies.Where(p => p.Enabled && policyFilter(p));
+            }
+            else
+            {
+                filteredPolicies = policies.Where(p => p.Enabled);
+            }
+
+            var policySet = new HashSet<string>(filteredPolicies.Select(p => p.OrganizationId));
 
             return organizations.Any(o =>
                 o.Enabled &&
                 o.Status >= OrganizationUserStatusType.Accepted &&
                 o.UsePolicies &&
-                !o.IsExemptFromPolicies &&
+                !o.isExemptFromPolicies &&
-                policySet.Distinct().Contains(o.Id));
+                policySet.Contains(o.Id));
         }
 
         public int? GetPolicyInt(Policy policy, string key)