Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-29 13:25:17 +01:00
Code Issues Projects Releases Wiki Activity
01d67dce48
bitwarden-server/test/Api.Test/AdminConsole/Controllers/GroupsControllerTests.cs

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

444 lines
23 KiB
C#
Raw Normal View History

[AC-2169] Group modal - limit admin access - members tab (#3975) * Prevent Admins from adding themselves to groups if they cannot manage all collections and items
2024-04-16 03:39:51 +02:00
using System.Security.Claims;
using Bit.Api.AdminConsole.Controllers;
AC Team code ownership moves - Api project (#3351)
2023-10-18 17:27:56 +02:00
using Bit.Api.AdminConsole.Models.Request;
[AC-2170] Group modal - limit admin access - collections tab (#3998) * Update GroupsController POST and PUT to respect collection management settings
2024-05-02 01:55:16 +02:00
using Bit.Api.Models.Request;
using Bit.Api.Vault.AuthorizationHandlers.Collections;
[AC-2169] Group modal - limit admin access - members tab (#3975) * Prevent Admins from adding themselves to groups if they cannot manage all collections and items
2024-04-16 03:39:51 +02:00
using Bit.Core;
[AC-1750] AC Team code ownership moves - Groups (#3358)
2023-10-19 22:37:46 +02:00
using Bit.Core.AdminConsole.Entities;
using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces;
using Bit.Core.AdminConsole.Repositories;
[EC-654] Create commands for Group Create and Group Update (#2442) * [EC-654] Add CreateGroupCommand and UpdateGroupCommand Added new CQRS commands CreateGroupCommand and UpdateGroupCommand
Updated GroupService to use new commands Edited existing GroupServiceTests and added new tests for the new commands * [EC-654] dotnet format * [EC-654] Replace GroupService.SaveAsync with CreateGroup and UpdateGroup commands * [EC-654] Add assertions to check calls on IReferenceEventService * [EC-654] Use AssertHelper.AssertRecent for DateTime properties * [EC-654] Extracted database reads from CreateGroupCommand and UpdateGroupCommand. Added unit tests. * [EC-654] Changed CreateGroupCommand and UpdateGroupCommand Validate method to private
2022-12-12 10:59:48 +01:00
using Bit.Core.Context;
[AC-2169] Group modal - limit admin access - members tab (#3975) * Prevent Admins from adding themselves to groups if they cannot manage all collections and items
2024-04-16 03:39:51 +02:00
using Bit.Core.Entities;
using Bit.Core.Exceptions;
[EC-654] Create commands for Group Create and Group Update (#2442) * [EC-654] Add CreateGroupCommand and UpdateGroupCommand Added new CQRS commands CreateGroupCommand and UpdateGroupCommand
Updated GroupService to use new commands Edited existing GroupServiceTests and added new tests for the new commands * [EC-654] dotnet format * [EC-654] Replace GroupService.SaveAsync with CreateGroup and UpdateGroup commands * [EC-654] Add assertions to check calls on IReferenceEventService * [EC-654] Use AssertHelper.AssertRecent for DateTime properties * [EC-654] Extracted database reads from CreateGroupCommand and UpdateGroupCommand. Added unit tests. * [EC-654] Changed CreateGroupCommand and UpdateGroupCommand Validate method to private
2022-12-12 10:59:48 +01:00
using Bit.Core.Models.Data;
[AC-2169] Group modal - limit admin access - members tab (#3975) * Prevent Admins from adding themselves to groups if they cannot manage all collections and items
2024-04-16 03:39:51 +02:00
using Bit.Core.Models.Data.Organizations;
[EC-654] Create commands for Group Create and Group Update (#2442) * [EC-654] Add CreateGroupCommand and UpdateGroupCommand Added new CQRS commands CreateGroupCommand and UpdateGroupCommand
Updated GroupService to use new commands Edited existing GroupServiceTests and added new tests for the new commands * [EC-654] dotnet format * [EC-654] Replace GroupService.SaveAsync with CreateGroup and UpdateGroup commands * [EC-654] Add assertions to check calls on IReferenceEventService * [EC-654] Use AssertHelper.AssertRecent for DateTime properties * [EC-654] Extracted database reads from CreateGroupCommand and UpdateGroupCommand. Added unit tests. * [EC-654] Changed CreateGroupCommand and UpdateGroupCommand Validate method to private
2022-12-12 10:59:48 +01:00
using Bit.Core.Repositories;
[AC-2169] Group modal - limit admin access - members tab (#3975) * Prevent Admins from adding themselves to groups if they cannot manage all collections and items
2024-04-16 03:39:51 +02:00
using Bit.Core.Services;
[AC-2170] Group modal - limit admin access - collections tab (#3998) * Update GroupsController POST and PUT to respect collection management settings
2024-05-02 01:55:16 +02:00
using Bit.Core.Utilities;
[EC-654] Create commands for Group Create and Group Update (#2442) * [EC-654] Add CreateGroupCommand and UpdateGroupCommand Added new CQRS commands CreateGroupCommand and UpdateGroupCommand
Updated GroupService to use new commands Edited existing GroupServiceTests and added new tests for the new commands * [EC-654] dotnet format * [EC-654] Replace GroupService.SaveAsync with CreateGroup and UpdateGroup commands * [EC-654] Add assertions to check calls on IReferenceEventService * [EC-654] Use AssertHelper.AssertRecent for DateTime properties * [EC-654] Extracted database reads from CreateGroupCommand and UpdateGroupCommand. Added unit tests. * [EC-654] Changed CreateGroupCommand and UpdateGroupCommand Validate method to private
2022-12-12 10:59:48 +01:00
using Bit.Test.Common.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
[AC-2170] Group modal - limit admin access - collections tab (#3998) * Update GroupsController POST and PUT to respect collection management settings
2024-05-02 01:55:16 +02:00
using Microsoft.AspNetCore.Authorization;
[EC-654] Create commands for Group Create and Group Update (#2442) * [EC-654] Add CreateGroupCommand and UpdateGroupCommand Added new CQRS commands CreateGroupCommand and UpdateGroupCommand
Updated GroupService to use new commands Edited existing GroupServiceTests and added new tests for the new commands * [EC-654] dotnet format * [EC-654] Replace GroupService.SaveAsync with CreateGroup and UpdateGroup commands * [EC-654] Add assertions to check calls on IReferenceEventService * [EC-654] Use AssertHelper.AssertRecent for DateTime properties * [EC-654] Extracted database reads from CreateGroupCommand and UpdateGroupCommand. Added unit tests. * [EC-654] Changed CreateGroupCommand and UpdateGroupCommand Validate method to private
2022-12-12 10:59:48 +01:00
using NSubstitute;
using Xunit;
AC Team code ownership moves - Api project (#3351)
2023-10-18 17:27:56 +02:00
namespace Bit.Api.Test.AdminConsole.Controllers;
[EC-654] Create commands for Group Create and Group Update (#2442) * [EC-654] Add CreateGroupCommand and UpdateGroupCommand Added new CQRS commands CreateGroupCommand and UpdateGroupCommand
Updated GroupService to use new commands Edited existing GroupServiceTests and added new tests for the new commands * [EC-654] dotnet format * [EC-654] Replace GroupService.SaveAsync with CreateGroup and UpdateGroup commands * [EC-654] Add assertions to check calls on IReferenceEventService * [EC-654] Use AssertHelper.AssertRecent for DateTime properties * [EC-654] Extracted database reads from CreateGroupCommand and UpdateGroupCommand. Added unit tests. * [EC-654] Changed CreateGroupCommand and UpdateGroupCommand Validate method to private
2022-12-12 10:59:48 +01:00
[ControllerCustomize(typeof(GroupsController))]
[SutProviderCustomize]
public class GroupsControllerTests
{
[Theory]
[BitAutoData]
[AC-2170] Group modal - limit admin access - collections tab (#3998) * Update GroupsController POST and PUT to respect collection management settings
2024-05-02 01:55:16 +02:00
public async Task Post_PreFCv1_Success(Organization organization, GroupRequestModel groupRequestModel, SutProvider<GroupsController> sutProvider)
[EC-654] Create commands for Group Create and Group Update (#2442) * [EC-654] Add CreateGroupCommand and UpdateGroupCommand Added new CQRS commands CreateGroupCommand and UpdateGroupCommand
Updated GroupService to use new commands Edited existing GroupServiceTests and added new tests for the new commands * [EC-654] dotnet format * [EC-654] Replace GroupService.SaveAsync with CreateGroup and UpdateGroup commands * [EC-654] Add assertions to check calls on IReferenceEventService * [EC-654] Use AssertHelper.AssertRecent for DateTime properties * [EC-654] Extracted database reads from CreateGroupCommand and UpdateGroupCommand. Added unit tests. * [EC-654] Changed CreateGroupCommand and UpdateGroupCommand Validate method to private
2022-12-12 10:59:48 +01:00
{
sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
sutProvider.GetDependency<ICurrentContext>().ManageGroups(organization.Id).Returns(true);
[AC-2170] Group modal - limit admin access - collections tab (#3998) * Update GroupsController POST and PUT to respect collection management settings
2024-05-02 01:55:16 +02:00
var response = await sutProvider.Sut.Post(organization.Id, groupRequestModel);
[EC-654] Create commands for Group Create and Group Update (#2442) * [EC-654] Add CreateGroupCommand and UpdateGroupCommand Added new CQRS commands CreateGroupCommand and UpdateGroupCommand
Updated GroupService to use new commands Edited existing GroupServiceTests and added new tests for the new commands * [EC-654] dotnet format * [EC-654] Replace GroupService.SaveAsync with CreateGroup and UpdateGroup commands * [EC-654] Add assertions to check calls on IReferenceEventService * [EC-654] Use AssertHelper.AssertRecent for DateTime properties * [EC-654] Extracted database reads from CreateGroupCommand and UpdateGroupCommand. Added unit tests. * [EC-654] Changed CreateGroupCommand and UpdateGroupCommand Validate method to private
2022-12-12 10:59:48 +01:00
await sutProvider.GetDependency<ICurrentContext>().Received(1).ManageGroups(organization.Id);
await sutProvider.GetDependency<ICreateGroupCommand>().Received(1).CreateGroupAsync(
Arg.Is<Group>(g =>
g.OrganizationId == organization.Id && g.Name == groupRequestModel.Name &&
[EC-1003] feat: remove `externalId` from PUT/POST (#2589)
2023-02-06 10:27:40 +01:00
g.AccessAll == groupRequestModel.AccessAll),
[EC-654] Create commands for Group Create and Group Update (#2442) * [EC-654] Add CreateGroupCommand and UpdateGroupCommand Added new CQRS commands CreateGroupCommand and UpdateGroupCommand
Updated GroupService to use new commands Edited existing GroupServiceTests and added new tests for the new commands * [EC-654] dotnet format * [EC-654] Replace GroupService.SaveAsync with CreateGroup and UpdateGroup commands * [EC-654] Add assertions to check calls on IReferenceEventService * [EC-654] Use AssertHelper.AssertRecent for DateTime properties * [EC-654] Extracted database reads from CreateGroupCommand and UpdateGroupCommand. Added unit tests. * [EC-654] Changed CreateGroupCommand and UpdateGroupCommand Validate method to private
2022-12-12 10:59:48 +01:00
organization,
[AC-1880] Public API - Deprecated properties (#3706) * feat: remove required for AccessAll and add xmldoc for usage restrictions, refs AC-1880 * feat: add validation for create group workflow wrt manage property, refs AC-1880 * feat: add validation for update group workflow wrt manage property, refs AC-1880 * feat: add validation for create and update member workflow wrt manage property, refs AC-1880 * feat: add validation for update collection workflow wrt manage property, refs AC-1880 * fix: flaky Public/GroupsControllerTests + more test coverage, refs AC-1880
2024-02-08 14:44:36 +01:00
Arg.Any<ICollection<CollectionAccessSelection>>(),
[EC-647] OAVR v2 Feature Branch Merge (#2588) * [EC-19] Move SSO Identifier to Org SSO endpoint (#2184) * [EC-19] Move SSO identifier to Org SSO config endpoint * [EC-19] Add Jira tech debt issue reference * [EC-542] Update email communications (#2348) * [EC-73] Add users alongside groups for collection details (#2358) * [EC-73] feat: add new stored procedures * [EC-73] feat: add migration * [EC-73] chore: rename collection group details * [EC-73] fix: migration * [EC-73] feat: return users from dapper repo * [EC-73] feat: EF support for collection users * [EC-73] feat: implement updating users in EF * [EC-73] feat: new collections with users in EF * [EC-73] feat: create with users in dapper * [EC-73] feat: update with users in dapper * [EC-73] fix: collection service tests * [EC-73] fix: lint * [EC-73] feat: add new data model and rename for clarity * [EC-73] chore: add future migrations * [EC-16 / EC-86] Implement Groups Table Endpoints (#2280) * [EC-16] Update Group endpoints/repositories to include necessary collection info * [EC-16] Add delete many groups endpoint and command * [EC-16] Add DeleteGroupCommand unit tests * [EC-16] Update migration script * [EC-16] Formatting * [EC-16] Support modifying users via Post Group endpoint - Add optional Users property to GroupRequestModel - Add users parameter to the GroupService.SaveAsync() method - Use the users argument to update the Group via the GroupRepository if present. * [EC-16] Add/update Sprocs for bulk group deletion - Add a new bump account revision date by multiple org ids sproc to be used by the delete many group sproc. - Update the delete many group sproc to no longer require the organization Id as authorization is a business concern. * [EC-16] No longer require org Id in delete many GroupRepository The group repository should not care about which organization a group belongs to when being deleted. That is a business logic concern and is not necessary at the repository level. * [EC-16] Remove org Id from delete many group command - Remove the organization Id from the delete many method. - Require Group entities instead of just group Ids so that group retrieval is completed outside the command. - No longer return deleted groups as they are now being passed into the command. - Update unit tests * [EC-16] Remove org id from bulk delete group endpoint - Remove the Org Id from the endpoint and make use of the updated delete many command * [EC-16] Rename delete many groups sproc * [EC-16] Update migration script * [EC-16] Fix typo in migration script * [EC-16] Fix order of operations in Group_DeleteByIds sproc * [EC-16] Formatting * [EC-86] Fix DeleteManyAsync parameter name Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> * [EC-16] Add missing sproc to sqlproj file * [EC-16] Improve GroupRepository method performance Use GroupBy before marrying Groups and Collections to avoid iterating over all collections for every group) * [EC-16] Use ToListAsync() to be consistent in the repository * [EC-16] Fix collection grouping in the EF repository * [EC-16] Adjust DeleteGroup command namespace to be less verbose * [EC-16] Cleanup DeleteGroupCommandTests * [EC-16] Formatting * [EC-16] Ensure a non-null group collection list is provided * [EC-16] Add bulk GroupEvents method to EventService - Use the new method in the DeleteGroups command * [EC-16] Remove bulk delete group Api response The response is unnecessary and not used by the client * [EC-16] Log OrganizationUser_UpdateGroups event in GroupService Events are logged for users during both Group creation (all added users) and modification (only changed users). * [EC-16] Fix failing unit test * [EC-16] Rename newUsers variable per feedback * [EC-16] Assert delete many group log events Explicitly check for the event type and groups that are logged to the event service. * [EC-16] Update DeleteManyAsync signature Use ICollection<> instead of IEnumerable<> to avoid ambiguity of possible multiple enumeration * [EC-16] Increment migration script name Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> * Add missing GO command to EC-73 migration script (#2433) * [EC-15] Members Grid Api Support (#2485) * [EC-15] Update OrganizationUser models to support list of collections and groups * [EC-15] Add sprocs to query GroupUser and CollectionUser entities * [EC-15] Update the OrganizationUserRepository to optionally fetch groups/collections * [EC-15] Formatting * [EC-15] Remove leftover repository method * [EC-15] Fix table identifier inconsistency in sproc/migration * Formatting * [EC-14]: Server changes for Collection rows in Vault (#2360) * [EC-14] add collection management methods to repo - delete many, get many by ids, and get many with groups by org * [EC-14] connection command tests had wrong folder name * [EC-14] add collection repo methods to interface * [EC-14] create DeleteCollectionCommand * [EC-14] add getManyWithDetails collections endpoint * [EC-14] add GetManyWithGroupsByUserId * [EC-14] add call to interface * [EC-14] add GetOrganizationCollectionsWIthGroups - gets groups with collections - add tests as well * [EC-14] add call to interface * [EC-14] add new coll call to controller - gets collections with groups * [EC-14] use new delete collection command * [EC-14] add CollectionBulkDeleteRequestModel * [EC-14] remove org from delete collection cmd - move all permission checks to controller - add tests to controller - remove org check from repository method * [EC-14] add migration and sprocs * [EC-14] formatting * [EC-14] revert delete permission check changes * [EC-14] rename SelectionReadOnly to CollectionAccessSelection * [EC-14] move GetOrganizationCollectionsWithGroups to controller - there's no reason to have this logic in the service layer - we can still test the permission check in the controller - also renamed repo methods and changed return types * [EC-14] include users in collection access details * [EC-14] fix migration names * [EC-14] bumpAccountRevisionDate when deleting collections * [EC-14] new line in collection service * [EC-14] formatting and add .sql to proc file * [EC-14] more formatting * [EC-14] formatting * [EC-14] fix whitespace * [EC-14] add datetime to event log of single delete * [EC-14] remove ToList() from enumerables not returned * [EC-14] fix permissions on "Create new collection" - a custom user with "Create new collections" should see all collections * [EC-14] add bulk events for collections * [EC-14] group collections from db before iterating * [EC-14] sql formatting and missing GO * [EC-14] fix tests * [EC-14] add null handling to repo methods * [EC-14] fix account revision call * [EC-14] formatting * [EC-548] Member Details Group Tab (#2508) * [EC-548] Update models to support groups * [EC-548] Include groups in invite and save organization user methods * [EC-548] Pass groups to service methods in member/user controllers * [EC-548] Fix failing tests * [EC-548] Add option to include groups for GET org user query * Formatting * [EC-887] Server fix for managers seeing options to edit/delete Collections they aren't assigned to (#2542) * [EC-887] Add Assigned property to CollectionResponseModel A new property to determine if a collection is assigned to the acting user; as some users, have the view all collections permission, but cannot see every collection's items * [EC-887] Update logic for retrieving GET all collection details - Only need to check the ViewAllCollections permission - Calculate new Assigned response property based on the assignedOrgCollections list * Formatting * [EC-887] Update unit tests Co-authored-by: Shane Melton <smelton@bitwarden.com> Co-authored-by: Jacob Fink <jfink@bitwarden.com> Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2023-01-19 17:00:54 +01:00
Arg.Any<IEnumerable<Guid>>());
[EC-654] Create commands for Group Create and Group Update (#2442) * [EC-654] Add CreateGroupCommand and UpdateGroupCommand Added new CQRS commands CreateGroupCommand and UpdateGroupCommand
Updated GroupService to use new commands Edited existing GroupServiceTests and added new tests for the new commands * [EC-654] dotnet format * [EC-654] Replace GroupService.SaveAsync with CreateGroup and UpdateGroup commands * [EC-654] Add assertions to check calls on IReferenceEventService * [EC-654] Use AssertHelper.AssertRecent for DateTime properties * [EC-654] Extracted database reads from CreateGroupCommand and UpdateGroupCommand. Added unit tests. * [EC-654] Changed CreateGroupCommand and UpdateGroupCommand Validate method to private
2022-12-12 10:59:48 +01:00
Assert.Equal(groupRequestModel.Name, response.Name);
[PM-2196] Improvements to the Swagger generator (#2914) * Swagger fixes Co-Authored-By: Oscar Hinton <Hinton@users.noreply.github.com> * Make Response Models return Guids instead of strings * Change strings into guids in ScimApplicationFactory --------- Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
2023-07-14 17:18:26 +02:00
Assert.Equal(organization.Id, response.OrganizationId);
[EC-654] Create commands for Group Create and Group Update (#2442) * [EC-654] Add CreateGroupCommand and UpdateGroupCommand Added new CQRS commands CreateGroupCommand and UpdateGroupCommand
Updated GroupService to use new commands Edited existing GroupServiceTests and added new tests for the new commands * [EC-654] dotnet format * [EC-654] Replace GroupService.SaveAsync with CreateGroup and UpdateGroup commands * [EC-654] Add assertions to check calls on IReferenceEventService * [EC-654] Use AssertHelper.AssertRecent for DateTime properties * [EC-654] Extracted database reads from CreateGroupCommand and UpdateGroupCommand. Added unit tests. * [EC-654] Changed CreateGroupCommand and UpdateGroupCommand Validate method to private
2022-12-12 10:59:48 +01:00
Assert.Equal(groupRequestModel.AccessAll, response.AccessAll);
}
[Theory]
[BitAutoData]
[AC-2170] Group modal - limit admin access - collections tab (#3998) * Update GroupsController POST and PUT to respect collection management settings
2024-05-02 01:55:16 +02:00
public async Task Post_AuthorizedToGiveAccessToCollections_Success(Organization organization,
GroupRequestModel groupRequestModel, SutProvider<GroupsController> sutProvider)
[EC-654] Create commands for Group Create and Group Update (#2442) * [EC-654] Add CreateGroupCommand and UpdateGroupCommand Added new CQRS commands CreateGroupCommand and UpdateGroupCommand
Updated GroupService to use new commands Edited existing GroupServiceTests and added new tests for the new commands * [EC-654] dotnet format * [EC-654] Replace GroupService.SaveAsync with CreateGroup and UpdateGroup commands * [EC-654] Add assertions to check calls on IReferenceEventService * [EC-654] Use AssertHelper.AssertRecent for DateTime properties * [EC-654] Extracted database reads from CreateGroupCommand and UpdateGroupCommand. Added unit tests. * [EC-654] Changed CreateGroupCommand and UpdateGroupCommand Validate method to private
2022-12-12 10:59:48 +01:00
{
[AC-2170] Group modal - limit admin access - collections tab (#3998) * Update GroupsController POST and PUT to respect collection management settings
2024-05-02 01:55:16 +02:00
// Enable FC and v1
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organization.Id).Returns(
[AC-2653] Remove old permissions code from GroupsController (#4148)
2024-06-04 00:46:48 +02:00
new OrganizationAbility { Id = organization.Id, AllowAdminAccessToAllCollectionItems = false });
[AC-2170] Group modal - limit admin access - collections tab (#3998) * Update GroupsController POST and PUT to respect collection management settings
2024-05-02 01:55:16 +02:00
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
sutProvider.GetDependency<IAuthorizationService>()
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(),
Arg.Any<IEnumerable<Collection>>(),
Arg.Is<IEnumerable<IAuthorizationRequirement>>(reqs => reqs.Contains(BulkCollectionOperations.ModifyGroupAccess)))
.Returns(AuthorizationResult.Success());
[EC-654] Create commands for Group Create and Group Update (#2442) * [EC-654] Add CreateGroupCommand and UpdateGroupCommand Added new CQRS commands CreateGroupCommand and UpdateGroupCommand
Updated GroupService to use new commands Edited existing GroupServiceTests and added new tests for the new commands * [EC-654] dotnet format * [EC-654] Replace GroupService.SaveAsync with CreateGroup and UpdateGroup commands * [EC-654] Add assertions to check calls on IReferenceEventService * [EC-654] Use AssertHelper.AssertRecent for DateTime properties * [EC-654] Extracted database reads from CreateGroupCommand and UpdateGroupCommand. Added unit tests. * [EC-654] Changed CreateGroupCommand and UpdateGroupCommand Validate method to private
2022-12-12 10:59:48 +01:00
sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
sutProvider.GetDependency<ICurrentContext>().ManageGroups(organization.Id).Returns(true);
[AC-2170] Group modal - limit admin access - collections tab (#3998) * Update GroupsController POST and PUT to respect collection management settings
2024-05-02 01:55:16 +02:00
var response = await sutProvider.Sut.Post(organization.Id, groupRequestModel);
var requestModelCollectionIds = groupRequestModel.Collections.Select(c => c.Id).ToHashSet();
// Assert that it checked permissions
await sutProvider.GetDependency<ICurrentContext>().Received(1).ManageGroups(organization.Id);
await sutProvider.GetDependency<IAuthorizationService>()
.Received(1)
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(),
Arg.Is<IEnumerable<Collection>>(collections =>
collections.All(c => requestModelCollectionIds.Contains(c.Id))),
Arg.Is<IEnumerable<IAuthorizationRequirement>>(reqs =>
reqs.Single() == BulkCollectionOperations.ModifyGroupAccess));
// Assert that it saved the data
await sutProvider.GetDependency<ICreateGroupCommand>().Received(1).CreateGroupAsync(
Arg.Is<Group>(g =>
g.OrganizationId == organization.Id && g.Name == groupRequestModel.Name &&
g.AccessAll == groupRequestModel.AccessAll),
organization,
Arg.Is<ICollection<CollectionAccessSelection>>(access =>
access.All(c => requestModelCollectionIds.Contains(c.Id))),
Arg.Any<IEnumerable<Guid>>());
Assert.Equal(groupRequestModel.Name, response.Name);
Assert.Equal(organization.Id, response.OrganizationId);
Assert.Equal(groupRequestModel.AccessAll, response.AccessAll);
}
[Theory]
[BitAutoData]
public async Task Post_NotAuthorizedToGiveAccessToCollections_Throws(Organization organization, GroupRequestModel groupRequestModel, SutProvider<GroupsController> sutProvider)
{
// Enable FC and v1
[AC-2169] Group modal - limit admin access - members tab (#3975) * Prevent Admins from adding themselves to groups if they cannot manage all collections and items
2024-04-16 03:39:51 +02:00
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organization.Id).Returns(
[AC-2653] Remove old permissions code from GroupsController (#4148)
2024-06-04 00:46:48 +02:00
new OrganizationAbility { Id = organization.Id, AllowAdminAccessToAllCollectionItems = false });
[AC-2170] Group modal - limit admin access - collections tab (#3998) * Update GroupsController POST and PUT to respect collection management settings
2024-05-02 01:55:16 +02:00
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
sutProvider.GetDependency<ICurrentContext>().ManageGroups(organization.Id).Returns(true);
var requestModelCollectionIds = groupRequestModel.Collections.Select(c => c.Id).ToHashSet();
sutProvider.GetDependency<IAuthorizationService>()
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(),
Arg.Is<IEnumerable<Collection>>(collections => collections.All(c => requestModelCollectionIds.Contains(c.Id))),
Arg.Is<IEnumerable<IAuthorizationRequirement>>(reqs => reqs.Contains(BulkCollectionOperations.ModifyGroupAccess)))
.Returns(AuthorizationResult.Failed());
var exception = await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.Post(organization.Id, groupRequestModel));
Assert.Contains("You are not authorized to grant access to these collections.", exception.Message);
await sutProvider.GetDependency<ICreateGroupCommand>().DidNotReceiveWithAnyArgs()
.CreateGroupAsync(default, default, default, default);
}
[Theory]
[BitAutoData]
public async Task Put_AdminsCanAccessAllCollections_Success(Organization organization, Group group,
GroupRequestModel groupRequestModel, List<CollectionAccessSelection> existingCollectionAccess,
SutProvider<GroupsController> sutProvider)
{
group.OrganizationId = organization.Id;
// Enable FC and v1, set Collection Management Setting
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organization.Id).Returns(
[AC-2653] Remove old permissions code from GroupsController (#4148)
2024-06-04 00:46:48 +02:00
new OrganizationAbility { Id = organization.Id, AllowAdminAccessToAllCollectionItems = true });
[AC-2170] Group modal - limit admin access - collections tab (#3998) * Update GroupsController POST and PUT to respect collection management settings
2024-05-02 01:55:16 +02:00
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
sutProvider.GetDependency<IGroupRepository>().GetByIdWithCollectionsAsync(group.Id)
.Returns(new Tuple<Group, ICollection<CollectionAccessSelection>>(group, existingCollectionAccess));
sutProvider.GetDependency<ICollectionRepository>()
.GetManyByManyIdsAsync(existingCollectionAccess.Select(c => c.Id))
.Returns(existingCollectionAccess.Select(c => new Collection { Id = c.Id }).ToList());
sutProvider.GetDependency<ICurrentContext>().ManageGroups(organization.Id).Returns(true);
var requestModelCollectionIds = groupRequestModel.Collections.Select(c => c.Id).ToHashSet();
[EC-654] Create commands for Group Create and Group Update (#2442) * [EC-654] Add CreateGroupCommand and UpdateGroupCommand Added new CQRS commands CreateGroupCommand and UpdateGroupCommand
Updated GroupService to use new commands Edited existing GroupServiceTests and added new tests for the new commands * [EC-654] dotnet format * [EC-654] Replace GroupService.SaveAsync with CreateGroup and UpdateGroup commands * [EC-654] Add assertions to check calls on IReferenceEventService * [EC-654] Use AssertHelper.AssertRecent for DateTime properties * [EC-654] Extracted database reads from CreateGroupCommand and UpdateGroupCommand. Added unit tests. * [EC-654] Changed CreateGroupCommand and UpdateGroupCommand Validate method to private
2022-12-12 10:59:48 +01:00
[AC-2169] Group modal - limit admin access - members tab (#3975) * Prevent Admins from adding themselves to groups if they cannot manage all collections and items
2024-04-16 03:39:51 +02:00
var response = await sutProvider.Sut.Put(organization.Id, group.Id, groupRequestModel);
await sutProvider.GetDependency<ICurrentContext>().Received(1).ManageGroups(organization.Id);
await sutProvider.GetDependency<IUpdateGroupCommand>().Received(1).UpdateGroupAsync(
Arg.Is<Group>(g =>
g.OrganizationId == organization.Id && g.Name == groupRequestModel.Name &&
g.AccessAll == groupRequestModel.AccessAll),
Arg.Is<Organization>(o => o.Id == organization.Id),
[AC-2170] Group modal - limit admin access - collections tab (#3998) * Update GroupsController POST and PUT to respect collection management settings
2024-05-02 01:55:16 +02:00
// Should overwrite any existing collections
Arg.Is<ICollection<CollectionAccessSelection>>(access =>
access.All(c => requestModelCollectionIds.Contains(c.Id))),
[AC-2169] Group modal - limit admin access - members tab (#3975) * Prevent Admins from adding themselves to groups if they cannot manage all collections and items
2024-04-16 03:39:51 +02:00
Arg.Any<IEnumerable<Guid>>());
Assert.Equal(groupRequestModel.Name, response.Name);
Assert.Equal(organization.Id, response.OrganizationId);
Assert.Equal(groupRequestModel.AccessAll, response.AccessAll);
}
[Theory]
[BitAutoData]
[AC-2170] Group modal - limit admin access - collections tab (#3998) * Update GroupsController POST and PUT to respect collection management settings
2024-05-02 01:55:16 +02:00
public async Task Put_UpdateMembers_AdminsCannotAccessAllCollections_CannotAddSelfToGroup(Organization organization, Group group,
[AC-2169] Group modal - limit admin access - members tab (#3975) * Prevent Admins from adding themselves to groups if they cannot manage all collections and items
2024-04-16 03:39:51 +02:00
GroupRequestModel groupRequestModel, OrganizationUser savingOrganizationUser, List<Guid> currentGroupUsers,
SutProvider<GroupsController> sutProvider)
{
group.OrganizationId = organization.Id;
[AC-2170] Group modal - limit admin access - collections tab (#3998) * Update GroupsController POST and PUT to respect collection management settings
2024-05-02 01:55:16 +02:00
// Enable FC and v1
[AC-2169] Group modal - limit admin access - members tab (#3975) * Prevent Admins from adding themselves to groups if they cannot manage all collections and items
2024-04-16 03:39:51 +02:00
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organization.Id).Returns(
new OrganizationAbility
{
Id = organization.Id,
AllowAdminAccessToAllCollectionItems = false,
});
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
[AC-2170] Group modal - limit admin access - collections tab (#3998) * Update GroupsController POST and PUT to respect collection management settings
2024-05-02 01:55:16 +02:00
// Saving user is trying to add themselves to the group
var updatedUsers = groupRequestModel.Users.ToList();
updatedUsers.Add(savingOrganizationUser.Id);
groupRequestModel.Users = updatedUsers;
sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
sutProvider.GetDependency<IGroupRepository>().GetByIdWithCollectionsAsync(group.Id)
.Returns(new Tuple<Group, ICollection<CollectionAccessSelection>>(group, new List<CollectionAccessSelection>()));
sutProvider.GetDependency<ICurrentContext>().ManageGroups(organization.Id).Returns(true);
[AC-2169] Group modal - limit admin access - members tab (#3975) * Prevent Admins from adding themselves to groups if they cannot manage all collections and items
2024-04-16 03:39:51 +02:00
sutProvider.GetDependency<IOrganizationUserRepository>()
.GetByOrganizationAsync(organization.Id, Arg.Any<Guid>())
.Returns(savingOrganizationUser);
sutProvider.GetDependency<IUserService>().GetProperUserId(Arg.Any<ClaimsPrincipal>())
.Returns(savingOrganizationUser.UserId);
sutProvider.GetDependency<IGroupRepository>().GetManyUserIdsByIdAsync(group.Id)
.Returns(currentGroupUsers);
var exception = await
Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.Put(organization.Id, group.Id, groupRequestModel));
Assert.Contains("You cannot add yourself to groups", exception.Message);
}
[Theory]
[BitAutoData]
[AC-2170] Group modal - limit admin access - collections tab (#3998) * Update GroupsController POST and PUT to respect collection management settings
2024-05-02 01:55:16 +02:00
public async Task Put_UpdateMembers_AdminsCannotAccessAllCollections_AlreadyInGroup_Success(Organization organization, Group group,
[AC-2169] Group modal - limit admin access - members tab (#3975) * Prevent Admins from adding themselves to groups if they cannot manage all collections and items
2024-04-16 03:39:51 +02:00
GroupRequestModel groupRequestModel, OrganizationUser savingOrganizationUser, List<Guid> currentGroupUsers,
SutProvider<GroupsController> sutProvider)
{
group.OrganizationId = organization.Id;
[AC-2170] Group modal - limit admin access - collections tab (#3998) * Update GroupsController POST and PUT to respect collection management settings
2024-05-02 01:55:16 +02:00
// Enable FC and v1
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organization.Id).Returns(
new OrganizationAbility
{
Id = organization.Id,
AllowAdminAccessToAllCollectionItems = false,
});
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
[AC-2169] Group modal - limit admin access - members tab (#3975) * Prevent Admins from adding themselves to groups if they cannot manage all collections and items
2024-04-16 03:39:51 +02:00
// Saving user is trying to add themselves to the group
var updatedUsers = groupRequestModel.Users.ToList();
updatedUsers.Add(savingOrganizationUser.Id);
groupRequestModel.Users = updatedUsers;
// But! they are already a member of the group
currentGroupUsers.Add(savingOrganizationUser.Id);
sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
[AC-2170] Group modal - limit admin access - collections tab (#3998) * Update GroupsController POST and PUT to respect collection management settings
2024-05-02 01:55:16 +02:00
sutProvider.GetDependency<IGroupRepository>().GetByIdWithCollectionsAsync(group.Id)
.Returns(new Tuple<Group, ICollection<CollectionAccessSelection>>(group, new List<CollectionAccessSelection>()));
[AC-2169] Group modal - limit admin access - members tab (#3975) * Prevent Admins from adding themselves to groups if they cannot manage all collections and items
2024-04-16 03:39:51 +02:00
sutProvider.GetDependency<ICurrentContext>().ManageGroups(organization.Id).Returns(true);
sutProvider.GetDependency<IOrganizationUserRepository>()
.GetByOrganizationAsync(organization.Id, Arg.Any<Guid>())
.Returns(savingOrganizationUser);
sutProvider.GetDependency<IUserService>().GetProperUserId(Arg.Any<ClaimsPrincipal>())
.Returns(savingOrganizationUser.UserId);
sutProvider.GetDependency<IGroupRepository>().GetManyUserIdsByIdAsync(group.Id)
[AC-2602] Fix error when provider edits existing group (#4086) * Add null check to groups endpoint - providers may not be OrgUsers
2024-05-15 16:17:15 +02:00
.Returns(currentGroupUsers);
// Make collection authorization pass, it's not being tested here
groupRequestModel.Collections = Array.Empty<SelectionReadOnlyRequestModel>();
var response = await sutProvider.Sut.Put(organization.Id, group.Id, groupRequestModel);
await sutProvider.GetDependency<ICurrentContext>().Received(1).ManageGroups(organization.Id);
await sutProvider.GetDependency<IUpdateGroupCommand>().Received(1).UpdateGroupAsync(
Arg.Is<Group>(g =>
g.OrganizationId == organization.Id && g.Name == groupRequestModel.Name &&
g.AccessAll == groupRequestModel.AccessAll),
Arg.Is<Organization>(o => o.Id == organization.Id),
Arg.Any<ICollection<CollectionAccessSelection>>(),
Arg.Any<IEnumerable<Guid>>());
Assert.Equal(groupRequestModel.Name, response.Name);
Assert.Equal(organization.Id, response.OrganizationId);
Assert.Equal(groupRequestModel.AccessAll, response.AccessAll);
}
[Theory]
[BitAutoData]
public async Task Put_UpdateMembers_AdminsCannotAccessAllCollections_ProviderUser_Success(Organization organization, Group group,
GroupRequestModel groupRequestModel, List<Guid> currentGroupUsers, Guid savingUserId,
SutProvider<GroupsController> sutProvider)
{
group.OrganizationId = organization.Id;
// Enable FC and v1
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organization.Id).Returns(
new OrganizationAbility
{
Id = organization.Id,
AllowAdminAccessToAllCollectionItems = false,
});
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
sutProvider.GetDependency<IGroupRepository>().GetByIdWithCollectionsAsync(group.Id)
.Returns(new Tuple<Group, ICollection<CollectionAccessSelection>>(group, new List<CollectionAccessSelection>()));
sutProvider.GetDependency<ICurrentContext>().ManageGroups(organization.Id).Returns(true);
sutProvider.GetDependency<IOrganizationUserRepository>()
.GetByOrganizationAsync(organization.Id, Arg.Any<Guid>())
.Returns((OrganizationUser)null); // Provider is not an OrganizationUser, so it will always return null
sutProvider.GetDependency<IUserService>().GetProperUserId(Arg.Any<ClaimsPrincipal>())
.Returns(savingUserId);
sutProvider.GetDependency<IGroupRepository>().GetManyUserIdsByIdAsync(group.Id)
[AC-2169] Group modal - limit admin access - members tab (#3975) * Prevent Admins from adding themselves to groups if they cannot manage all collections and items
2024-04-16 03:39:51 +02:00
.Returns(currentGroupUsers);
[AC-2170] Group modal - limit admin access - collections tab (#3998) * Update GroupsController POST and PUT to respect collection management settings
2024-05-02 01:55:16 +02:00
// Make collection authorization pass, it's not being tested here
groupRequestModel.Collections = Array.Empty<SelectionReadOnlyRequestModel>();
[AC-2169] Group modal - limit admin access - members tab (#3975) * Prevent Admins from adding themselves to groups if they cannot manage all collections and items
2024-04-16 03:39:51 +02:00
var response = await sutProvider.Sut.Put(organization.Id, group.Id, groupRequestModel);
[EC-654] Create commands for Group Create and Group Update (#2442) * [EC-654] Add CreateGroupCommand and UpdateGroupCommand Added new CQRS commands CreateGroupCommand and UpdateGroupCommand
Updated GroupService to use new commands Edited existing GroupServiceTests and added new tests for the new commands * [EC-654] dotnet format * [EC-654] Replace GroupService.SaveAsync with CreateGroup and UpdateGroup commands * [EC-654] Add assertions to check calls on IReferenceEventService * [EC-654] Use AssertHelper.AssertRecent for DateTime properties * [EC-654] Extracted database reads from CreateGroupCommand and UpdateGroupCommand. Added unit tests. * [EC-654] Changed CreateGroupCommand and UpdateGroupCommand Validate method to private
2022-12-12 10:59:48 +01:00
await sutProvider.GetDependency<ICurrentContext>().Received(1).ManageGroups(organization.Id);
await sutProvider.GetDependency<IUpdateGroupCommand>().Received(1).UpdateGroupAsync(
Arg.Is<Group>(g =>
g.OrganizationId == organization.Id && g.Name == groupRequestModel.Name &&
[EC-1003] feat: remove `externalId` from PUT/POST (#2589)
2023-02-06 10:27:40 +01:00
g.AccessAll == groupRequestModel.AccessAll),
[EC-654] Create commands for Group Create and Group Update (#2442) * [EC-654] Add CreateGroupCommand and UpdateGroupCommand Added new CQRS commands CreateGroupCommand and UpdateGroupCommand
Updated GroupService to use new commands Edited existing GroupServiceTests and added new tests for the new commands * [EC-654] dotnet format * [EC-654] Replace GroupService.SaveAsync with CreateGroup and UpdateGroup commands * [EC-654] Add assertions to check calls on IReferenceEventService * [EC-654] Use AssertHelper.AssertRecent for DateTime properties * [EC-654] Extracted database reads from CreateGroupCommand and UpdateGroupCommand. Added unit tests. * [EC-654] Changed CreateGroupCommand and UpdateGroupCommand Validate method to private
2022-12-12 10:59:48 +01:00
Arg.Is<Organization>(o => o.Id == organization.Id),
[AC-1880] Public API - Deprecated properties (#3706) * feat: remove required for AccessAll and add xmldoc for usage restrictions, refs AC-1880 * feat: add validation for create group workflow wrt manage property, refs AC-1880 * feat: add validation for update group workflow wrt manage property, refs AC-1880 * feat: add validation for create and update member workflow wrt manage property, refs AC-1880 * feat: add validation for update collection workflow wrt manage property, refs AC-1880 * fix: flaky Public/GroupsControllerTests + more test coverage, refs AC-1880
2024-02-08 14:44:36 +01:00
Arg.Any<ICollection<CollectionAccessSelection>>(),
[EC-647] OAVR v2 Feature Branch Merge (#2588) * [EC-19] Move SSO Identifier to Org SSO endpoint (#2184) * [EC-19] Move SSO identifier to Org SSO config endpoint * [EC-19] Add Jira tech debt issue reference * [EC-542] Update email communications (#2348) * [EC-73] Add users alongside groups for collection details (#2358) * [EC-73] feat: add new stored procedures * [EC-73] feat: add migration * [EC-73] chore: rename collection group details * [EC-73] fix: migration * [EC-73] feat: return users from dapper repo * [EC-73] feat: EF support for collection users * [EC-73] feat: implement updating users in EF * [EC-73] feat: new collections with users in EF * [EC-73] feat: create with users in dapper * [EC-73] feat: update with users in dapper * [EC-73] fix: collection service tests * [EC-73] fix: lint * [EC-73] feat: add new data model and rename for clarity * [EC-73] chore: add future migrations * [EC-16 / EC-86] Implement Groups Table Endpoints (#2280) * [EC-16] Update Group endpoints/repositories to include necessary collection info * [EC-16] Add delete many groups endpoint and command * [EC-16] Add DeleteGroupCommand unit tests * [EC-16] Update migration script * [EC-16] Formatting * [EC-16] Support modifying users via Post Group endpoint - Add optional Users property to GroupRequestModel - Add users parameter to the GroupService.SaveAsync() method - Use the users argument to update the Group via the GroupRepository if present. * [EC-16] Add/update Sprocs for bulk group deletion - Add a new bump account revision date by multiple org ids sproc to be used by the delete many group sproc. - Update the delete many group sproc to no longer require the organization Id as authorization is a business concern. * [EC-16] No longer require org Id in delete many GroupRepository The group repository should not care about which organization a group belongs to when being deleted. That is a business logic concern and is not necessary at the repository level. * [EC-16] Remove org Id from delete many group command - Remove the organization Id from the delete many method. - Require Group entities instead of just group Ids so that group retrieval is completed outside the command. - No longer return deleted groups as they are now being passed into the command. - Update unit tests * [EC-16] Remove org id from bulk delete group endpoint - Remove the Org Id from the endpoint and make use of the updated delete many command * [EC-16] Rename delete many groups sproc * [EC-16] Update migration script * [EC-16] Fix typo in migration script * [EC-16] Fix order of operations in Group_DeleteByIds sproc * [EC-16] Formatting * [EC-86] Fix DeleteManyAsync parameter name Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> * [EC-16] Add missing sproc to sqlproj file * [EC-16] Improve GroupRepository method performance Use GroupBy before marrying Groups and Collections to avoid iterating over all collections for every group) * [EC-16] Use ToListAsync() to be consistent in the repository * [EC-16] Fix collection grouping in the EF repository * [EC-16] Adjust DeleteGroup command namespace to be less verbose * [EC-16] Cleanup DeleteGroupCommandTests * [EC-16] Formatting * [EC-16] Ensure a non-null group collection list is provided * [EC-16] Add bulk GroupEvents method to EventService - Use the new method in the DeleteGroups command * [EC-16] Remove bulk delete group Api response The response is unnecessary and not used by the client * [EC-16] Log OrganizationUser_UpdateGroups event in GroupService Events are logged for users during both Group creation (all added users) and modification (only changed users). * [EC-16] Fix failing unit test * [EC-16] Rename newUsers variable per feedback * [EC-16] Assert delete many group log events Explicitly check for the event type and groups that are logged to the event service. * [EC-16] Update DeleteManyAsync signature Use ICollection<> instead of IEnumerable<> to avoid ambiguity of possible multiple enumeration * [EC-16] Increment migration script name Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> * Add missing GO command to EC-73 migration script (#2433) * [EC-15] Members Grid Api Support (#2485) * [EC-15] Update OrganizationUser models to support list of collections and groups * [EC-15] Add sprocs to query GroupUser and CollectionUser entities * [EC-15] Update the OrganizationUserRepository to optionally fetch groups/collections * [EC-15] Formatting * [EC-15] Remove leftover repository method * [EC-15] Fix table identifier inconsistency in sproc/migration * Formatting * [EC-14]: Server changes for Collection rows in Vault (#2360) * [EC-14] add collection management methods to repo - delete many, get many by ids, and get many with groups by org * [EC-14] connection command tests had wrong folder name * [EC-14] add collection repo methods to interface * [EC-14] create DeleteCollectionCommand * [EC-14] add getManyWithDetails collections endpoint * [EC-14] add GetManyWithGroupsByUserId * [EC-14] add call to interface * [EC-14] add GetOrganizationCollectionsWIthGroups - gets groups with collections - add tests as well * [EC-14] add call to interface * [EC-14] add new coll call to controller - gets collections with groups * [EC-14] use new delete collection command * [EC-14] add CollectionBulkDeleteRequestModel * [EC-14] remove org from delete collection cmd - move all permission checks to controller - add tests to controller - remove org check from repository method * [EC-14] add migration and sprocs * [EC-14] formatting * [EC-14] revert delete permission check changes * [EC-14] rename SelectionReadOnly to CollectionAccessSelection * [EC-14] move GetOrganizationCollectionsWithGroups to controller - there's no reason to have this logic in the service layer - we can still test the permission check in the controller - also renamed repo methods and changed return types * [EC-14] include users in collection access details * [EC-14] fix migration names * [EC-14] bumpAccountRevisionDate when deleting collections * [EC-14] new line in collection service * [EC-14] formatting and add .sql to proc file * [EC-14] more formatting * [EC-14] formatting * [EC-14] fix whitespace * [EC-14] add datetime to event log of single delete * [EC-14] remove ToList() from enumerables not returned * [EC-14] fix permissions on "Create new collection" - a custom user with "Create new collections" should see all collections * [EC-14] add bulk events for collections * [EC-14] group collections from db before iterating * [EC-14] sql formatting and missing GO * [EC-14] fix tests * [EC-14] add null handling to repo methods * [EC-14] fix account revision call * [EC-14] formatting * [EC-548] Member Details Group Tab (#2508) * [EC-548] Update models to support groups * [EC-548] Include groups in invite and save organization user methods * [EC-548] Pass groups to service methods in member/user controllers * [EC-548] Fix failing tests * [EC-548] Add option to include groups for GET org user query * Formatting * [EC-887] Server fix for managers seeing options to edit/delete Collections they aren't assigned to (#2542) * [EC-887] Add Assigned property to CollectionResponseModel A new property to determine if a collection is assigned to the acting user; as some users, have the view all collections permission, but cannot see every collection's items * [EC-887] Update logic for retrieving GET all collection details - Only need to check the ViewAllCollections permission - Calculate new Assigned response property based on the assignedOrgCollections list * Formatting * [EC-887] Update unit tests Co-authored-by: Shane Melton <smelton@bitwarden.com> Co-authored-by: Jacob Fink <jfink@bitwarden.com> Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2023-01-19 17:00:54 +01:00
Arg.Any<IEnumerable<Guid>>());
[EC-654] Create commands for Group Create and Group Update (#2442) * [EC-654] Add CreateGroupCommand and UpdateGroupCommand Added new CQRS commands CreateGroupCommand and UpdateGroupCommand
Updated GroupService to use new commands Edited existing GroupServiceTests and added new tests for the new commands * [EC-654] dotnet format * [EC-654] Replace GroupService.SaveAsync with CreateGroup and UpdateGroup commands * [EC-654] Add assertions to check calls on IReferenceEventService * [EC-654] Use AssertHelper.AssertRecent for DateTime properties * [EC-654] Extracted database reads from CreateGroupCommand and UpdateGroupCommand. Added unit tests. * [EC-654] Changed CreateGroupCommand and UpdateGroupCommand Validate method to private
2022-12-12 10:59:48 +01:00
Assert.Equal(groupRequestModel.Name, response.Name);
[PM-2196] Improvements to the Swagger generator (#2914) * Swagger fixes Co-Authored-By: Oscar Hinton <Hinton@users.noreply.github.com> * Make Response Models return Guids instead of strings * Change strings into guids in ScimApplicationFactory --------- Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
2023-07-14 17:18:26 +02:00
Assert.Equal(organization.Id, response.OrganizationId);
[EC-654] Create commands for Group Create and Group Update (#2442) * [EC-654] Add CreateGroupCommand and UpdateGroupCommand Added new CQRS commands CreateGroupCommand and UpdateGroupCommand
Updated GroupService to use new commands Edited existing GroupServiceTests and added new tests for the new commands * [EC-654] dotnet format * [EC-654] Replace GroupService.SaveAsync with CreateGroup and UpdateGroup commands * [EC-654] Add assertions to check calls on IReferenceEventService * [EC-654] Use AssertHelper.AssertRecent for DateTime properties * [EC-654] Extracted database reads from CreateGroupCommand and UpdateGroupCommand. Added unit tests. * [EC-654] Changed CreateGroupCommand and UpdateGroupCommand Validate method to private
2022-12-12 10:59:48 +01:00
Assert.Equal(groupRequestModel.AccessAll, response.AccessAll);
}
[AC-2170] Group modal - limit admin access - collections tab (#3998) * Update GroupsController POST and PUT to respect collection management settings
2024-05-02 01:55:16 +02:00
[Theory]
[BitAutoData]
public async Task Put_UpdateCollections_OnlyUpdatesCollectionsTheSavingUserCanUpdate(GroupRequestModel groupRequestModel,
Group group, Organization organization,
SutProvider<GroupsController> sutProvider, Guid savingUserId)
{
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
Put_Setup(sutProvider, organization, group, savingUserId);
var editedCollectionId = CoreHelpers.GenerateComb();
var readonlyCollectionId1 = CoreHelpers.GenerateComb();
var readonlyCollectionId2 = CoreHelpers.GenerateComb();
var currentCollectionAccess = new List<CollectionAccessSelection>
{
new()
{
Id = editedCollectionId,
HidePasswords = true,
Manage = false,
ReadOnly = true
},
new()
{
Id = readonlyCollectionId1,
HidePasswords = false,
Manage = true,
ReadOnly = false
},
new()
{
Id = readonlyCollectionId2,
HidePasswords = false,
Manage = false,
ReadOnly = false
},
};
// User is upgrading editedCollectionId to manage
groupRequestModel.Collections = new List<SelectionReadOnlyRequestModel>
{
new() { Id = editedCollectionId, HidePasswords = false, Manage = true, ReadOnly = false }
};
sutProvider.GetDependency<IGroupRepository>()
.GetByIdWithCollectionsAsync(group.Id)
.Returns(new Tuple<Group, ICollection<CollectionAccessSelection>>(group,
currentCollectionAccess));
var currentCollections = currentCollectionAccess
.Select(cas => new Collection { Id = cas.Id }).ToList();
sutProvider.GetDependency<ICollectionRepository>()
.GetManyByManyIdsAsync(Arg.Any<IEnumerable<Guid>>())
.Returns(currentCollections);
// Authorize the editedCollection
sutProvider.GetDependency<IAuthorizationService>()
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), Arg.Is<Collection>(c => c.Id == editedCollectionId),
Arg.Is<IEnumerable<IAuthorizationRequirement>>(reqs => reqs.Contains(BulkCollectionOperations.ModifyGroupAccess)))
.Returns(AuthorizationResult.Success());
// Do not authorize the readonly collections
sutProvider.GetDependency<IAuthorizationService>()
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), Arg.Is<Collection>(c => c.Id == readonlyCollectionId1 || c.Id == readonlyCollectionId2),
Arg.Is<IEnumerable<IAuthorizationRequirement>>(reqs => reqs.Contains(BulkCollectionOperations.ModifyGroupAccess)))
.Returns(AuthorizationResult.Failed());
var response = await sutProvider.Sut.Put(organization.Id, group.Id, groupRequestModel);
// Expect all collection access (modified and unmodified) to be saved
await sutProvider.GetDependency<ICurrentContext>().Received(1).ManageGroups(organization.Id);
await sutProvider.GetDependency<IUpdateGroupCommand>().Received(1).UpdateGroupAsync(
Arg.Is<Group>(g =>
g.OrganizationId == organization.Id && g.Name == groupRequestModel.Name &&
g.AccessAll == groupRequestModel.AccessAll),
Arg.Is<Organization>(o => o.Id == organization.Id),
Arg.Is<List<CollectionAccessSelection>>(cas =>
cas.Select(c => c.Id).SequenceEqual(currentCollectionAccess.Select(c => c.Id)) &&
cas.First(c => c.Id == editedCollectionId).Manage == true &&
cas.First(c => c.Id == editedCollectionId).ReadOnly == false &&
cas.First(c => c.Id == editedCollectionId).HidePasswords == false),
Arg.Any<IEnumerable<Guid>>());
Assert.Equal(groupRequestModel.Name, response.Name);
Assert.Equal(organization.Id, response.OrganizationId);
Assert.Equal(groupRequestModel.AccessAll, response.AccessAll);
}
[Theory]
[BitAutoData]
public async Task Put_UpdateCollections_ThrowsIfSavingUserCannotUpdateCollections(GroupRequestModel groupRequestModel,
Group group, Organization organization,
SutProvider<GroupsController> sutProvider, Guid savingUserId)
{
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
Put_Setup(sutProvider, organization, group, savingUserId);
sutProvider.GetDependency<IGroupRepository>()
.GetByIdWithCollectionsAsync(group.Id)
.Returns(new Tuple<Group, ICollection<CollectionAccessSelection>>(group,
groupRequestModel.Collections.Select(cas => cas.ToSelectionReadOnly()).ToList()));
var collections = groupRequestModel.Collections.Select(cas => new Collection { Id = cas.Id }).ToList();
sutProvider.GetDependency<ICollectionRepository>()
.GetManyByManyIdsAsync(Arg.Is<IEnumerable<Guid>>(guids => guids.SequenceEqual(collections.Select(c => c.Id))))
.Returns(collections);
sutProvider.GetDependency<IAuthorizationService>()
.AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), Arg.Is<Collection>(c => collections.Contains(c)),
Arg.Is<IEnumerable<IAuthorizationRequirement>>(reqs => reqs.Contains(BulkCollectionOperations.ModifyGroupAccess)))
.Returns(AuthorizationResult.Failed());
var exception = await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.Put(organization.Id, group.Id, groupRequestModel));
Assert.Contains("You must have Can Manage permission", exception.Message);
}
private void Put_Setup(SutProvider<GroupsController> sutProvider, Organization organization,
Group group, Guid savingUserId)
{
var orgId = organization.Id = group.OrganizationId;
sutProvider.GetDependency<ICurrentContext>().ManageGroups(orgId).Returns(true);
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(orgId)
.Returns(new OrganizationAbility
{
Id = organization.Id,
AllowAdminAccessToAllCollectionItems = false
});
sutProvider.GetDependency<IGroupRepository>().GetManyUserIdsByIdAsync(group.Id).Returns(new List<Guid>());
sutProvider.GetDependency<IUserService>().GetProperUserId(Arg.Any<ClaimsPrincipal>()).Returns(savingUserId);
sutProvider.GetDependency<IOrganizationUserRepository>().GetByOrganizationAsync(orgId, savingUserId).Returns(new OrganizationUser
{
Id = savingUserId
});
sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
}
[EC-654] Create commands for Group Create and Group Update (#2442) * [EC-654] Add CreateGroupCommand and UpdateGroupCommand Added new CQRS commands CreateGroupCommand and UpdateGroupCommand
Updated GroupService to use new commands Edited existing GroupServiceTests and added new tests for the new commands * [EC-654] dotnet format * [EC-654] Replace GroupService.SaveAsync with CreateGroup and UpdateGroup commands * [EC-654] Add assertions to check calls on IReferenceEventService * [EC-654] Use AssertHelper.AssertRecent for DateTime properties * [EC-654] Extracted database reads from CreateGroupCommand and UpdateGroupCommand. Added unit tests. * [EC-654] Changed CreateGroupCommand and UpdateGroupCommand Validate method to private
2022-12-12 10:59:48 +01:00
}
Reference in New Issue Copy Permalink