mirror of
https://github.com/bitwarden/server.git
synced 2024-11-28 13:15:12 +01:00
[SM-572] Modify project endpoint to return current user's permission (#2752)
* Add endpoints to check current user's permission * Swap to adding current user permission onto GET * Cleanup DI * Add ProjectPermissionDetails DTO and query * code review updates * Remove assert recent for longer running creates
This commit is contained in:
parent
26c30f8854
commit
05f5d79938
@ -1,6 +1,7 @@
|
||||
using System.Linq.Expressions;
|
||||
using AutoMapper;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.SecretsManager.Models.Data;
|
||||
using Bit.Core.SecretsManager.Repositories;
|
||||
using Bit.Infrastructure.EntityFramework.Repositories;
|
||||
using Bit.Infrastructure.EntityFramework.SecretsManager.Models;
|
||||
@ -27,6 +28,31 @@ public class ProjectRepository : Repository<Core.SecretsManager.Entities.Project
|
||||
}
|
||||
}
|
||||
|
||||
public async Task<ProjectPermissionDetails> GetPermissionDetailsByIdAsync(Guid id, Guid userId)
|
||||
{
|
||||
using var scope = ServiceScopeFactory.CreateScope();
|
||||
var dbContext = GetDatabaseContext(scope);
|
||||
|
||||
var project = await dbContext.Project
|
||||
.Where(c => c.Id == id && c.DeletedDate == null)
|
||||
.Select(p => new ProjectPermissionDetails
|
||||
{
|
||||
Id = p.Id,
|
||||
OrganizationId = p.OrganizationId,
|
||||
Name = p.Name,
|
||||
CreationDate = p.CreationDate,
|
||||
RevisionDate = p.RevisionDate,
|
||||
DeletedDate = p.DeletedDate,
|
||||
Read = p.UserAccessPolicies.Any(ap => ap.OrganizationUser.User.Id == userId && ap.Read)
|
||||
|| p.GroupAccessPolicies.Any(ap =>
|
||||
ap.Group.GroupUsers.Any(gu => gu.OrganizationUser.User.Id == userId && ap.Read)),
|
||||
Write = p.UserAccessPolicies.Any(ap => ap.OrganizationUser.User.Id == userId && ap.Write) ||
|
||||
p.GroupAccessPolicies.Any(ap =>
|
||||
ap.Group.GroupUsers.Any(gu => gu.OrganizationUser.User.Id == userId && ap.Write)),
|
||||
}).FirstOrDefaultAsync();
|
||||
return project;
|
||||
}
|
||||
|
||||
public async Task<IEnumerable<Core.SecretsManager.Entities.Project>> GetManyByOrganizationIdAsync(Guid organizationId, Guid userId, AccessClientType accessType)
|
||||
{
|
||||
using var scope = ServiceScopeFactory.CreateScope();
|
||||
|
@ -80,9 +80,10 @@ public class ProjectsController : Controller
|
||||
}
|
||||
|
||||
[HttpGet("projects/{id}")]
|
||||
public async Task<ProjectResponseModel> GetAsync([FromRoute] Guid id)
|
||||
public async Task<ProjectPermissionDetailsResponseModel> GetAsync([FromRoute] Guid id)
|
||||
{
|
||||
var project = await _projectRepository.GetByIdAsync(id);
|
||||
var userId = _userService.GetProperUserId(User).Value;
|
||||
var project = await _projectRepository.GetPermissionDetailsByIdAsync(id, userId);
|
||||
if (project == null)
|
||||
{
|
||||
throw new NotFoundException();
|
||||
@ -93,23 +94,34 @@ public class ProjectsController : Controller
|
||||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
var userId = _userService.GetProperUserId(User).Value;
|
||||
var orgAdmin = await _currentContext.OrganizationAdmin(project.OrganizationId);
|
||||
var accessClient = AccessClientHelper.ToAccessClient(_currentContext.ClientType, orgAdmin);
|
||||
|
||||
var hasAccess = accessClient switch
|
||||
bool hasAccess;
|
||||
var read = project.Read;
|
||||
var write = project.Write;
|
||||
|
||||
switch (accessClient)
|
||||
{
|
||||
AccessClientType.NoAccessCheck => true,
|
||||
AccessClientType.User => await _projectRepository.UserHasReadAccessToProject(id, userId),
|
||||
_ => false,
|
||||
};
|
||||
case AccessClientType.NoAccessCheck:
|
||||
hasAccess = true;
|
||||
write = true;
|
||||
read = true;
|
||||
break;
|
||||
case AccessClientType.User:
|
||||
hasAccess = project.Read;
|
||||
break;
|
||||
default:
|
||||
hasAccess = false;
|
||||
break;
|
||||
}
|
||||
|
||||
if (!hasAccess)
|
||||
{
|
||||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
return new ProjectResponseModel(project);
|
||||
return new ProjectPermissionDetailsResponseModel(project, read, write);
|
||||
}
|
||||
|
||||
[HttpPost("projects/delete")]
|
||||
|
@ -0,0 +1,22 @@
|
||||
using Bit.Core.SecretsManager.Entities;
|
||||
|
||||
namespace Bit.Api.SecretsManager.Models.Response;
|
||||
|
||||
public class ProjectPermissionDetailsResponseModel : ProjectResponseModel
|
||||
{
|
||||
private const string _objectName = "projectPermissionDetails";
|
||||
|
||||
public ProjectPermissionDetailsResponseModel(Project project, bool read, bool write, string obj = _objectName) : base(project, obj)
|
||||
{
|
||||
Read = read;
|
||||
Write = write;
|
||||
}
|
||||
|
||||
public ProjectPermissionDetailsResponseModel()
|
||||
{
|
||||
}
|
||||
|
||||
public bool Read { get; set; }
|
||||
|
||||
public bool Write { get; set; }
|
||||
}
|
@ -7,8 +7,8 @@ public class ProjectResponseModel : ResponseModel
|
||||
{
|
||||
private const string _objectName = "project";
|
||||
|
||||
public ProjectResponseModel(Project project)
|
||||
: base(_objectName)
|
||||
public ProjectResponseModel(Project project, string obj = _objectName)
|
||||
: base(obj)
|
||||
{
|
||||
if (project == null)
|
||||
{
|
||||
|
@ -0,0 +1,9 @@
|
||||
using Bit.Core.SecretsManager.Entities;
|
||||
|
||||
namespace Bit.Core.SecretsManager.Models.Data;
|
||||
|
||||
public class ProjectPermissionDetails : Project
|
||||
{
|
||||
public bool Read { get; set; }
|
||||
public bool Write { get; set; }
|
||||
}
|
@ -1,5 +1,6 @@
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.SecretsManager.Entities;
|
||||
using Bit.Core.SecretsManager.Models.Data;
|
||||
|
||||
namespace Bit.Core.SecretsManager.Repositories;
|
||||
|
||||
@ -8,6 +9,7 @@ public interface IProjectRepository
|
||||
Task<IEnumerable<Project>> GetManyByOrganizationIdAsync(Guid organizationId, Guid userId, AccessClientType accessType);
|
||||
Task<IEnumerable<Project>> GetManyByOrganizationIdWriteAccessAsync(Guid organizationId, Guid userId, AccessClientType accessType);
|
||||
Task<IEnumerable<Project>> GetManyByIds(IEnumerable<Guid> ids);
|
||||
Task<ProjectPermissionDetails> GetPermissionDetailsByIdAsync(Guid id, Guid userId);
|
||||
Task<Project> GetByIdAsync(Guid id);
|
||||
Task<Project> CreateAsync(Project project);
|
||||
Task ReplaceAsync(Project project);
|
||||
|
@ -703,7 +703,6 @@ public class AccessPoliciesControllerTest : IClassFixture<ApiApplicationFactory>
|
||||
Assert.True(result.UserAccessPolicies.First().Read);
|
||||
Assert.True(result.UserAccessPolicies.First().Write);
|
||||
AssertHelper.AssertRecent(result.UserAccessPolicies.First().RevisionDate);
|
||||
AssertHelper.AssertRecent(result.UserAccessPolicies.First().CreationDate);
|
||||
|
||||
var createdAccessPolicy =
|
||||
await _accessPolicyRepository.GetByIdAsync(result.UserAccessPolicies.First().Id);
|
||||
@ -711,7 +710,6 @@ public class AccessPoliciesControllerTest : IClassFixture<ApiApplicationFactory>
|
||||
Assert.Equal(result.UserAccessPolicies.First().Read, createdAccessPolicy!.Read);
|
||||
Assert.Equal(result.UserAccessPolicies.First().Write, createdAccessPolicy.Write);
|
||||
Assert.Equal(result.UserAccessPolicies.First().Id, createdAccessPolicy.Id);
|
||||
AssertHelper.AssertRecent(createdAccessPolicy.CreationDate);
|
||||
AssertHelper.AssertRecent(createdAccessPolicy.RevisionDate);
|
||||
}
|
||||
|
||||
|
@ -302,10 +302,12 @@ public class ProjectsControllerTest : IClassFixture<ApiApplicationFactory>, IAsy
|
||||
|
||||
var response = await _client.GetAsync($"/projects/{project.Id}");
|
||||
response.EnsureSuccessStatusCode();
|
||||
var result = await response.Content.ReadFromJsonAsync<ProjectResponseModel>();
|
||||
var result = await response.Content.ReadFromJsonAsync<ProjectPermissionDetailsResponseModel>();
|
||||
Assert.Equal(project.Name, result!.Name);
|
||||
Assert.Equal(project.RevisionDate, result.RevisionDate);
|
||||
Assert.Equal(project.CreationDate, result.CreationDate);
|
||||
Assert.True(result.Read);
|
||||
Assert.True(result.Write);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
|
@ -6,6 +6,7 @@ using Bit.Core.Enums;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.SecretsManager.Commands.Projects.Interfaces;
|
||||
using Bit.Core.SecretsManager.Entities;
|
||||
using Bit.Core.SecretsManager.Models.Data;
|
||||
using Bit.Core.SecretsManager.Repositories;
|
||||
using Bit.Core.Services;
|
||||
using Bit.Core.Test.SecretsManager.AutoFixture.ProjectsFixture;
|
||||
@ -165,19 +166,18 @@ public class ProjectsControllerTests
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async void Get_SmNotEnabled_Throws(SutProvider<ProjectsController> sutProvider, Guid data)
|
||||
public async void Get_SmNotEnabled_Throws(SutProvider<ProjectsController> sutProvider, Guid data, Guid orgId)
|
||||
{
|
||||
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(data).Returns(false);
|
||||
|
||||
SetupAdmin(sutProvider, orgId);
|
||||
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(orgId).Returns(false);
|
||||
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.GetAsync(data));
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData]
|
||||
public async void Get_ThrowsNotFound(SutProvider<ProjectsController> sutProvider, Guid data)
|
||||
public async void Get_ThrowsNotFound(SutProvider<ProjectsController> sutProvider, Guid data, Guid orgId)
|
||||
{
|
||||
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(data).Returns(true);
|
||||
|
||||
SetupAdmin(sutProvider, orgId);
|
||||
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.GetAsync(data));
|
||||
}
|
||||
|
||||
@ -199,13 +199,13 @@ public class ProjectsControllerTests
|
||||
break;
|
||||
}
|
||||
|
||||
sutProvider.GetDependency<IProjectRepository>().GetByIdAsync(Arg.Is(data))
|
||||
.ReturnsForAnyArgs(new Project { Id = data, OrganizationId = orgId });
|
||||
sutProvider.GetDependency<IProjectRepository>().GetPermissionDetailsByIdAsync(Arg.Is(data), Arg.Any<Guid>())
|
||||
.ReturnsForAnyArgs(new ProjectPermissionDetails() { Id = data, OrganizationId = orgId, Read = true, Write = true });
|
||||
|
||||
await sutProvider.Sut.GetAsync(data);
|
||||
|
||||
await sutProvider.GetDependency<IProjectRepository>().Received(1)
|
||||
.GetByIdAsync(Arg.Is(data));
|
||||
.GetPermissionDetailsByIdAsync(Arg.Is(data), Arg.Any<Guid>());
|
||||
}
|
||||
|
||||
[Theory]
|
||||
|
Loading…
Reference in New Issue
Block a user