[AC-621] Added possibility of adding users through SCIM to an Organization without a confirmed Owner (#2846)

* [AC-621] Added possibility of adding users through SCIM to an Organization without a confirmed Owner * [AC-621] Passing EventSystemUser argument for HasConfirmedOwnersExceptAsync in user delete actions by SCIM * [AC-624] Removed EventSystemUser parameter from IOrganizationService.HasConfirmedOwnersExceptAsync * [AC-621] Added IProviderUserRepository.GetManyOrganizationDetailsByOrganizationAsync * [AC-621] Updated OrganizationService.HasConfirmedOwnersExceptAsync to use IProviderUserRepository.GetManyOrganizationDetailsByOrganizationAsync to check for any confirmed provider users * [AC-621] Removed unused EventSystemUser parameters * [AC-621] Refactored ProviderUserRepository.GetManyByOrganizationAsync to return ProviderUser objects * [AC-621] Removed default parameter value for Status
2024-11-21 12:05:42 +01:00 · 2023-05-17 16:39:08 +01:00 · 2023-05-17 16:39:08 +01:00 · 04e18ee8e7
commit 04e18ee8e7
parent db8e82ff03
7 changed files with 125 additions and 7 deletions
--- a/src/Core/Repositories/IProviderUserRepository.cs
+++ b/src/Core/Repositories/IProviderUserRepository.cs
@ -18,4 +18,5 @@ public interface IProviderUserRepository : IRepository<ProviderUser, Guid>
    Task DeleteManyAsync(IEnumerable<Guid> userIds);
    Task<IEnumerable<ProviderUserPublicKey>> GetManyPublicKeysByProviderUserAsync(Guid providerId, IEnumerable<Guid> Ids);
    Task<int> GetCountByOnlyOwnerAsync(Guid userId);
+    Task<ICollection<ProviderUser>> GetManyByOrganizationAsync(Guid organizationId, ProviderUserStatusType? status = null);
 }
--- a/src/Core/Services/Implementations/OrganizationService.cs
+++ b/src/Core/Services/Implementations/OrganizationService.cs
@ -993,7 +993,7 @@ public class OrganizationService : IOrganizationService
            }
        }

-        var (organizationUsers, events) = await SaveUsersSendInvitesAsync(organizationId, invites);
+        var (organizationUsers, events) = await SaveUsersSendInvitesAsync(organizationId, invites, systemUser: null);

        await _eventService.LogOrganizationUserEventsAsync(events);

@ -1003,7 +1003,7 @@ public class OrganizationService : IOrganizationService
    public async Task<List<OrganizationUser>> InviteUsersAsync(Guid organizationId, EventSystemUser systemUser,
        IEnumerable<(OrganizationUserInvite invite, string externalId)> invites)
    {
-        var (organizationUsers, events) = await SaveUsersSendInvitesAsync(organizationId, invites);
+        var (organizationUsers, events) = await SaveUsersSendInvitesAsync(organizationId, invites, systemUser);

        await _eventService.LogOrganizationUserEventsAsync(events.Select(e => (e.Item1, e.Item2, systemUser, e.Item3)));

@ -1011,7 +1011,7 @@ public class OrganizationService : IOrganizationService
    }

    private async Task<(List<OrganizationUser> organizationUsers, List<(OrganizationUser, EventType, DateTime?)> events)> SaveUsersSendInvitesAsync(Guid organizationId,
-        IEnumerable<(OrganizationUserInvite invite, string externalId)> invites)
+        IEnumerable<(OrganizationUserInvite invite, string externalId)> invites, EventSystemUser? systemUser)
    {
        var organization = await GetOrgById(organizationId);
        var initialSeatCount = organization.Seats;
@ -1040,7 +1040,7 @@ public class OrganizationService : IOrganizationService
        }

        var invitedAreAllOwners = invites.All(i => i.invite.Type == OrganizationUserType.Owner);
-        if (!invitedAreAllOwners && !await HasConfirmedOwnersExceptAsync(organizationId, new Guid[] { }))
+        if (!invitedAreAllOwners && !await HasConfirmedOwnersExceptAsync(organizationId, new Guid[] { }, includeProvider: true))
        {
            throw new BadRequestException("Organization must have at least one confirmed owner.");
        }
@ -1596,7 +1596,7 @@ public class OrganizationService : IOrganizationService
            throw new BadRequestException("Only owners can delete other owners.");
        }

-        if (!await HasConfirmedOwnersExceptAsync(organizationId, new[] { organizationUserId }))
+        if (!await HasConfirmedOwnersExceptAsync(organizationId, new[] { organizationUserId }, includeProvider: true))
        {
            throw new BadRequestException("Organization must have at least one confirmed owner.");
        }
@ -1700,7 +1700,7 @@ public class OrganizationService : IOrganizationService
        bool hasOtherOwner = confirmedOwnersIds.Except(organizationUsersId).Any();
        if (!hasOtherOwner && includeProvider)
        {
-            return (await _currentContext.ProviderIdForOrg(organizationId)).HasValue;
+            return (await _providerUserRepository.GetManyByOrganizationAsync(organizationId, ProviderUserStatusType.Confirmed)).Any();
        }
        return hasOtherOwner;
    }
@ -2272,7 +2272,7 @@ public class OrganizationService : IOrganizationService
            throw new BadRequestException("Already revoked.");
        }

-        if (!await HasConfirmedOwnersExceptAsync(organizationUser.OrganizationId, new[] { organizationUser.Id }))
+        if (!await HasConfirmedOwnersExceptAsync(organizationUser.OrganizationId, new[] { organizationUser.Id }, includeProvider: true))
        {
            throw new BadRequestException("Organization must have at least one confirmed owner.");
        }
--- a/src/Infrastructure.Dapper/Repositories/ProviderUserRepository.cs
+++ b/src/Infrastructure.Dapper/Repositories/ProviderUserRepository.cs
@ -160,4 +160,17 @@ public class ProviderUserRepository : Repository<ProviderUser, Guid>, IProviderU
            return results;
        }
    }
+
+    public async Task<ICollection<ProviderUser>> GetManyByOrganizationAsync(Guid organizationId, ProviderUserStatusType? status = null)
+    {
+        using (var connection = new SqlConnection(ConnectionString))
+        {
+            var results = await connection.QueryAsync<ProviderUser>(
+                "[dbo].[ProviderUser_ReadByOrganizationIdStatus]",
+                new { OrganizationId = organizationId, Status = status },
+                commandType: CommandType.StoredProcedure);
+
+            return results.ToList();
+        }
+    }
 }
--- a/src/Infrastructure.EntityFramework/Repositories/ProviderUserRepository.cs
+++ b/src/Infrastructure.EntityFramework/Repositories/ProviderUserRepository.cs
@ -180,4 +180,19 @@ public class ProviderUserRepository :
                .CountAsync();
        }
    }
+
+    public async Task<ICollection<ProviderUser>> GetManyByOrganizationAsync(Guid organizationId, ProviderUserStatusType? status = null)
+    {
+        using (var scope = ServiceScopeFactory.CreateScope())
+        {
+            var dbContext = GetDatabaseContext(scope);
+            var query = from pu in dbContext.ProviderUsers
+                        join po in dbContext.ProviderOrganizations
+                            on pu.ProviderId equals po.ProviderId
+                        where po.OrganizationId == organizationId &&
+                              (status == null || pu.Status == status)
+                        select pu;
+            return await query.ToArrayAsync();
+        }
+    }
 }
--- a/Procedures/ProviderUser_ReadByOrganizationIdStatus.sql
+++ b/Procedures/ProviderUser_ReadByOrganizationIdStatus.sql
@ -0,0 +1,17 @@
+CREATE PROCEDURE [dbo].[ProviderUser_ReadByOrganizationIdStatus]
+    @OrganizationId UNIQUEIDENTIFIER,
+    @Status TINYINT
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        PU.*
+    FROM
+        [dbo].[ProviderUserView] PU
+    INNER JOIN [dbo].[ProviderOrganizationView] as PO
+        ON PU.[ProviderId] = PO.[ProviderId]
+    WHERE
+        PO.[OrganizationId] = @OrganizationId
+        AND (@Status IS NULL OR PU.[Status] = @Status)
+END
--- a/test/Core.Test/Services/OrganizationServiceTests.cs
+++ b/test/Core.Test/Services/OrganizationServiceTests.cs
@ -6,7 +6,9 @@ using Bit.Core.Auth.Models.Data;
 using Bit.Core.Auth.Repositories;
 using Bit.Core.Context;
 using Bit.Core.Entities;
+using Bit.Core.Entities.Provider;
 using Bit.Core.Enums;
+using Bit.Core.Enums.Provider;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Business;
 using Bit.Core.Models.Data;
@ -1415,4 +1417,56 @@ public class OrganizationServiceTests
        await eventService.Received()
            .LogOrganizationUserEventAsync(organizationUser, EventType.OrganizationUser_Restored, eventSystemUser);
    }
+
+    [Theory, BitAutoData]
+    public async Task HasConfirmedOwnersExcept_WithConfirmedOwner_ReturnsTrue(Organization organization, [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.Owner)] OrganizationUser owner, SutProvider<OrganizationService> sutProvider)
+    {
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByOrganizationAsync(organization.Id, OrganizationUserType.Owner)
+            .Returns(new List<OrganizationUser> { owner });
+
+        var result = await sutProvider.Sut.HasConfirmedOwnersExceptAsync(organization.Id, new List<Guid>(), true);
+
+        Assert.True(result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task HasConfirmedOwnersExcept_ExcludingConfirmedOwner_ReturnsFalse(Organization organization, [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.Owner)] OrganizationUser owner, SutProvider<OrganizationService> sutProvider)
+    {
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByOrganizationAsync(organization.Id, OrganizationUserType.Owner)
+            .Returns(new List<OrganizationUser> { owner });
+
+        var result = await sutProvider.Sut.HasConfirmedOwnersExceptAsync(organization.Id, new List<Guid> { owner.Id }, true);
+
+        Assert.False(result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task HasConfirmedOwnersExcept_WithInvitedOwner_ReturnsFalse(Organization organization, [OrganizationUser(OrganizationUserStatusType.Invited, OrganizationUserType.Owner)] OrganizationUser owner, SutProvider<OrganizationService> sutProvider)
+    {
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByOrganizationAsync(organization.Id, OrganizationUserType.Owner)
+            .Returns(new List<OrganizationUser> { owner });
+
+        var result = await sutProvider.Sut.HasConfirmedOwnersExceptAsync(organization.Id, new List<Guid>(), true);
+
+        Assert.False(result);
+    }
+
+    [Theory]
+    [BitAutoData(true)]
+    [BitAutoData(false)]
+    public async Task HasConfirmedOwnersExcept_WithConfirmedProviderUser_IncludeProviderTrue_ReturnsTrue(bool includeProvider, Organization organization, ProviderUser providerUser, SutProvider<OrganizationService> sutProvider)
+    {
+        providerUser.Status = ProviderUserStatusType.Confirmed;
+
+        sutProvider.GetDependency<IProviderUserRepository>()
+            .GetManyByOrganizationAsync(organization.Id, ProviderUserStatusType.Confirmed)
+            .Returns(new List<ProviderUser> { providerUser });
+
+        var result = await sutProvider.Sut.HasConfirmedOwnersExceptAsync(organization.Id, new List<Guid>(), includeProvider);
+
+        Assert.Equal(includeProvider, result);
+    }
 }
--- a/util/Migrator/DbScripts/2023-05-03_00_ProviderUserReadByOrganizationIdStatus.sql
+++ b/util/Migrator/DbScripts/2023-05-03_00_ProviderUserReadByOrganizationIdStatus.sql
@ -0,0 +1,18 @@
+CREATE OR ALTER PROCEDURE [dbo].[ProviderUser_ReadByOrganizationIdStatus]
+    @OrganizationId UNIQUEIDENTIFIER,
+    @Status TINYINT
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        PU.*
+    FROM
+        [dbo].[ProviderUserView] PU
+    INNER JOIN [dbo].[ProviderOrganizationView] as PO
+        ON PU.[ProviderId] = PO.[ProviderId]
+    WHERE
+        PO.[OrganizationId] = @OrganizationId
+        AND (@Status IS NULL OR PU.[Status] = @Status)
+END
+GO