[PM-2730] Add missing hide-passwords permission to api models (#3125)

* Add missing hide-passwords permission to api models * Update src/Api/Auth/Models/Public/AssociationWithPermissionsBaseModel.cs Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> * Rename ToSelectionReadOnly to ToCollectionAccessSelection * Remove Required attribute which would break backwards compatability * Update src/Api/Auth/Models/Public/Request/AssociationWithPermissionsRequestModel.cs Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> --------- Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com> Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2024-11-22 12:15:36 +01:00 · 2024-01-09 22:32:14 +01:00 · 2024-01-09 22:32:14 +01:00 · 03cbc7983b
commit 03cbc7983b
parent a480bd16e4
6 changed files with 14 additions and 7 deletions
--- a/src/Api/AdminConsole/Public/Controllers/GroupsController.cs
+++ b/src/Api/AdminConsole/Public/Controllers/GroupsController.cs
@ -110,7 +110,7 @@ public class GroupsController : Controller
    public async Task<IActionResult> Post([FromBody] GroupCreateUpdateRequestModel model)
    {
        var group = model.ToGroup(_currentContext.OrganizationId.Value);
-        var associations = model.Collections?.Select(c => c.ToSelectionReadOnly());
+        var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection());
        var organization = await _organizationRepository.GetByIdAsync(_currentContext.OrganizationId.Value);
        await _createGroupCommand.CreateGroupAsync(group, organization, associations);
        var response = new GroupResponseModel(group, associations);
@ -139,7 +139,7 @@ public class GroupsController : Controller
        }

        var updatedGroup = model.ToGroup(existingGroup);
-        var associations = model.Collections?.Select(c => c.ToSelectionReadOnly());
+        var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection());
        var organization = await _organizationRepository.GetByIdAsync(_currentContext.OrganizationId.Value);
        await _updateGroupCommand.UpdateGroupAsync(updatedGroup, organization, associations);
        var response = new GroupResponseModel(updatedGroup, associations);
--- a/src/Api/AdminConsole/Public/Controllers/MembersController.cs
+++ b/src/Api/AdminConsole/Public/Controllers/MembersController.cs
@ -119,7 +119,7 @@ public class MembersController : Controller
    [ProducesResponseType(typeof(ErrorResponseModel), (int)HttpStatusCode.BadRequest)]
    public async Task<IActionResult> Post([FromBody] MemberCreateRequestModel model)
    {
-        var associations = model.Collections?.Select(c => c.ToSelectionReadOnly());
+        var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection());
        var invite = new OrganizationUserInvite
        {
            Emails = new List<string> { model.Email },
@ -154,7 +154,7 @@ public class MembersController : Controller
            return new NotFoundResult();
        }
        var updatedUser = model.ToOrganizationUser(existingUser);
-        var associations = model.Collections?.Select(c => c.ToSelectionReadOnly());
+        var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection());
        await _organizationService.SaveUserAsync(updatedUser, null, associations, model.Groups);
        MemberResponseModel response = null;
        if (existingUser.UserId.HasValue)
--- a/src/Api/AdminConsole/Public/Models/AssociationWithPermissionsBaseModel.cs
+++ b/src/Api/AdminConsole/Public/Models/AssociationWithPermissionsBaseModel.cs
@ -15,4 +15,9 @@ public abstract class AssociationWithPermissionsBaseModel
    /// </summary>
    [Required]
    public bool? ReadOnly { get; set; }
+    /// <summary>
+    /// When true, the hide passwords permission will not allow the user or group to view passwords.
+    /// This prevents easy copy-and-paste of hidden items, however it may not completely prevent user access.
+    /// </summary>
+    public bool? HidePasswords { get; set; }
 }
--- a/src/Api/AdminConsole/Public/Models/Request/AssociationWithPermissionsRequestModel.cs
+++ b/src/Api/AdminConsole/Public/Models/Request/AssociationWithPermissionsRequestModel.cs
@ -4,12 +4,13 @@ namespace Bit.Api.AdminConsole.Public.Models.Request;

 public class AssociationWithPermissionsRequestModel : AssociationWithPermissionsBaseModel
 {
-    public CollectionAccessSelection ToSelectionReadOnly()
+    public CollectionAccessSelection ToCollectionAccessSelection()
    {
        return new CollectionAccessSelection
        {
            Id = Id.Value,
-            ReadOnly = ReadOnly.Value
+            ReadOnly = ReadOnly.Value,
+            HidePasswords = HidePasswords.GetValueOrDefault()
        };
    }
 }
--- a/src/Api/AdminConsole/Public/Models/Response/AssociationWithPermissionsResponseModel.cs
+++ b/src/Api/AdminConsole/Public/Models/Response/AssociationWithPermissionsResponseModel.cs
@ -12,5 +12,6 @@ public class AssociationWithPermissionsResponseModel : AssociationWithPermission
        }
        Id = selection.Id;
        ReadOnly = selection.ReadOnly;
+        HidePasswords = selection.HidePasswords;
    }
 }
--- a/src/Api/Public/Controllers/CollectionsController.cs
+++ b/src/Api/Public/Controllers/CollectionsController.cs
@ -89,7 +89,7 @@ public class CollectionsController : Controller
            return new NotFoundResult();
        }
        var updatedCollection = model.ToCollection(existingCollection);
-        var associations = model.Groups?.Select(c => c.ToSelectionReadOnly());
+        var associations = model.Groups?.Select(c => c.ToCollectionAccessSelection());
        await _collectionService.SaveAsync(updatedCollection, associations);
        var response = new CollectionResponseModel(updatedCollection, associations);
        return new JsonResult(response);