Extract single-org policy check to OrganizationService (#1410)

2024-11-21 12:05:42 +01:00 · 2021-06-30 09:21:41 +02:00 · 2021-06-30 09:21:41 +02:00 · 08f508f536
commit 08f508f536
parent 59c2dcf218
2 changed files with 22 additions and 27 deletions
--- a/src/Api/Controllers/OrganizationsController.cs
+++ b/src/Api/Controllers/OrganizationsController.cs
@ -28,7 +28,6 @@ namespace Bit.Api.Controllers
        private readonly IPaymentService _paymentService;
        private readonly ICurrentContext _currentContext;
        private readonly GlobalSettings _globalSettings;
-        private readonly IPolicyRepository _policyRepository;

        public OrganizationsController(
            IOrganizationRepository organizationRepository,
@ -37,8 +36,7 @@ namespace Bit.Api.Controllers
            IUserService userService,
            IPaymentService paymentService,
            ICurrentContext currentContext,
-            GlobalSettings globalSettings,
-            IPolicyRepository policyRepository)
+            GlobalSettings globalSettings)
        {
            _organizationRepository = organizationRepository;
            _organizationUserRepository = organizationUserRepository;
@ -47,7 +45,6 @@ namespace Bit.Api.Controllers
            _paymentService = paymentService;
            _currentContext = currentContext;
            _globalSettings = globalSettings;
-            _policyRepository = policyRepository;
        }

        [HttpGet("{id}")]
@ -163,22 +160,6 @@ namespace Bit.Api.Controllers
                throw new Exception("Invalid plan selected.");
            }

-            var policies = await _policyRepository.GetManyByUserIdAsync(user.Id);
-            var orgUsers = await _organizationUserRepository.GetManyByUserAsync(user.Id);
-
-            var orgsWithSingleOrgPolicy = policies.Where(p => p.Enabled && p.Type == PolicyType.SingleOrg)
-                .Select(p => p.OrganizationId);
-            var blockedBySingleOrgPolicy = orgUsers.Any(ou => ou.Type != OrganizationUserType.Owner &&
-                                                        ou.Type != OrganizationUserType.Admin &&
-                                                        ou.Status != OrganizationUserStatusType.Invited &&
-                                                        orgsWithSingleOrgPolicy.Contains(ou.OrganizationId));
-
-            if (blockedBySingleOrgPolicy)
-            {
-                throw new Exception("You may not create an organization. You belong to an organization " +
-                    "which has a policy that prohibits you from being a member of any other organization.");
-            }
-
            var organizationSignup = model.ToOrganizationSignup(user);
            var result = await _organizationService.SignUpAsync(organizationSignup);
            return new OrganizationResponseModel(result.Item1);
@ -200,13 +181,6 @@ namespace Bit.Api.Controllers
                throw new BadRequestException("Invalid license");
            }

-            var policies = await _policyRepository.GetManyByUserIdAsync(user.Id);
-            if (policies.Any(policy => policy.Enabled && policy.Type == PolicyType.SingleOrg))
-            {
-                throw new Exception("You may not create an organization. You belong to an organization " +
-                     "which has a policy that prohibits you from being a member of any other organization.");
-            }
-
            var result = await _organizationService.SignUpAsync(license, user, model.Key,
                model.CollectionName, model.Keys?.PublicKey, model.Keys?.EncryptedPrivateKey);
            return new OrganizationResponseModel(result.Item1);
--- a/src/Core/Services/Implementations/OrganizationService.cs
+++ b/src/Core/Services/Implementations/OrganizationService.cs
@ -557,6 +557,7 @@ namespace Bit.Core.Services
                throw new BadRequestException("Plan not found.");
            }

+            await ValidateSignUpPoliciesAsync(signup.Owner.Id);
            ValidateOrganizationUpgradeParameters(plan, signup);

            var organization = new Organization
@ -622,6 +623,24 @@ namespace Bit.Core.Services
            return returnValue;
        }

+        private async Task ValidateSignUpPoliciesAsync(Guid ownerId)
+        {
+            var policies = await _policyRepository.GetManyByUserIdAsync(ownerId);
+            var orgUsers = await _organizationUserRepository.GetManyByUserAsync(ownerId);
+
+            var orgsWithSingleOrgPolicy = policies.Where(p => p.Enabled && p.Type == PolicyType.SingleOrg)
+                .Select(p => p.OrganizationId);
+            var blockedBySingleOrgPolicy = orgUsers.Any(ou => ou is {Type: OrganizationUserType.Owner} &&
+                                                              ou.Type != OrganizationUserType.Admin &&
+                                                              ou.Status != OrganizationUserStatusType.Invited &&
+                                                              orgsWithSingleOrgPolicy.Contains(ou.OrganizationId));
+            if (blockedBySingleOrgPolicy)
+            {
+                throw new BadRequestException("You may not create an organization. You belong to an organization " +
+                    "which has a policy that prohibits you from being a member of any other organization.");
+            }
+        }
+
        public async Task<Tuple<Organization, OrganizationUser>> SignUpAsync(
            OrganizationLicense license, User owner, string ownerKey, string collectionName, string publicKey,
            string privateKey)
@ -649,6 +668,8 @@ namespace Bit.Core.Services
                throw new BadRequestException("License is already in use by another organization.");
            }

+            await ValidateSignUpPoliciesAsync(owner.Id);
+
            var organization = new Organization
            {
                Name = license.Name,