Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-02-27 03:41:30 +01:00
Code Issues Projects Releases Wiki Activity

Add RBAC to Bitwarden Portal (#2853)

Browse Source 
* Auth/pm-48 (#2680)

* PM-48 - add user's role as a claim and establish access control service

* PM-48 - remove function unrelated to the role claim

* PM-48 - fix whitespace issues

* PM-48 - move registration of CustomClaimsPrincipalFactory, replace role claim type string with constant, streamline code that retrieves the user's role

* Auth/pm-47 (#2699)

* PM-48 - add user's role as a claim and establish access control service

* PM-48 - remove function unrelated to the role claim

* PM-48 - fix whitespace issues

* PM-47 - add list of permission enums, role:permissions mapping, and function that determines if the logged in user has the given permission

* PM-47 - remove unneeded service registration, set role to lowercase

* PM-47 - fix code style issues

* PM-46 - create permission filter attribute (#2753)

* Auth/pm-54 add rbac for users (#2758)

* PM-54 - add permission gates to User elements

* PM-54 - fix formatting

* PM-54 - remove unused function

* PM-54 - fix variable reference, add permission to billing role

* PM-54 - handle Upgrade Premium button functionality and fix spelling

* PM-54 - change permission name to be more accurate

* PM-49 - update role retrieval (#2779)

* Auth/[PM-50] add rbac for logs (#2782)

* PM-50 - add rbac for logs

* PM-50 - remove unnecessary action filter

* PM-51 - add RBAC for tools (#2799)

* Auth/[pm-52] add rbac providers (#2818)

* PM-52 add rbac for providers

* PM-52 - update redirect action

* PM-52 - add back edit functionality and permission

* PM-52 - reverse changes around removing edit functionality

* PM-52 - moved permission check to variable assignement

* PM-53 - add rbac for organizations (#2798)

* PM-52 - add missed permission to billing role (#2836)

* Fixed merge conflicts.

* [PM-1846] Updates to add RBAC back after merge conflicts (#2870)

* Updates to add RBAC to changes from reseller.

* Added back checks for delete and initiating a trial.

* Removed extraneous Razor tag.

---------

Co-authored-by: dgoodman-bw <109169446+dgoodman-bw@users.noreply.github.com>
Co-authored-by: Danielle Goodman <dgoodman@bitwarden.com>
Co-authored-by: Jacob Fink <jfink@bitwarden.com>
This commit is contained in:
Todd Martin 2023-05-04 15:18:49 -04:00 committed by GitHub
parent 2ac513e15a
commit 0bd0910c39
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
24 changed files with 1101 additions and 410 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Admin/Controllers/LogsController.cs
View File

@ -1,4 +1,5 @@
using Bit.Admin.Models;
using Bit.Admin.Utilities;
using Bit.Core.Settings;
using Bit.Core.Utilities;
using Microsoft.AspNetCore.Authorization;
@ -11,6 +12,7 @@ namespace Bit.Admin.Controllers;
[Authorize]
[SelfHosted(NotSelfHostedOnly = true)]
[RequirePermission(Enums.Permission.Logs_View)]
public class LogsController : Controller
{
private const string Database = "Diagnostics";

69
src/Admin/Controllers/OrganizationsController.cs
View File

@ -1,4 +1,7 @@
using Bit.Admin.Models;
using Bit.Admin.Enums;
using Bit.Admin.Models;
using Bit.Admin.Services;
using Bit.Admin.Utilities;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Models.OrganizationConnectionConfigs;
@ -36,6 +39,7 @@ public class OrganizationsController : Controller
private readonly IUserService _userService;
private readonly IProviderRepository _providerRepository;
private readonly ILogger<OrganizationsController> _logger;
private readonly IAccessControlService _accessControlService;
public OrganizationsController(
IOrganizationService organizationService,
@ -54,7 +58,8 @@ public class OrganizationsController : Controller
IReferenceEventService referenceEventService,
IUserService userService,
IProviderRepository providerRepository,
ILogger<OrganizationsController> logger)
ILogger<OrganizationsController> logger,
IAccessControlService accessControlService)
{
_organizationService = organizationService;
_organizationRepository = organizationRepository;
@ -73,8 +78,10 @@ public class OrganizationsController : Controller
_userService = userService;
_providerRepository = providerRepository;
_logger = logger;
_accessControlService = accessControlService;
}
[RequirePermission(Permission.Org_List_View)]
public async Task<IActionResult> Index(string name = null, string userEmail = null, bool? paid = null,
int page = 1, int count = 25)
{
@ -163,8 +170,8 @@ public class OrganizationsController : Controller
[SelfHosted(NotSelfHostedOnly = true)]
public async Task<IActionResult> Edit(Guid id, OrganizationEditModel model)
{
var organization = await _organizationRepository.GetByIdAsync(id);
model.ToOrganization(organization);
var organization = await GetOrganization(id, model);
await _organizationRepository.ReplaceAsync(organization);
await _applicationCacheService.UpsertOrganizationAbilityAsync(organization);
await _referenceEventService.RaiseEventAsync(new ReferenceEvent(ReferenceEventType.OrganizationEditedByAdmin, organization)
@ -177,6 +184,7 @@ public class OrganizationsController : Controller
[HttpPost]
[ValidateAntiForgeryToken]
[RequirePermission(Permission.Org_Delete)]
public async Task<IActionResult> Delete(Guid id)
{
var organization = await _organizationRepository.GetByIdAsync(id);
@ -241,4 +249,57 @@ public class OrganizationsController : Controller
return Json(null);
}
private async Task<Organization> GetOrganization(Guid id, OrganizationEditModel model)
{
var organization = await _organizationRepository.GetByIdAsync(id);
if (_accessControlService.UserHasPermission(Permission.Org_CheckEnabledBox))
{
organization.Enabled = model.Enabled;
}
if (_accessControlService.UserHasPermission(Permission.Org_Plan_Edit))
{
organization.PlanType = model.PlanType.Value;
organization.Plan = model.Plan;
organization.Seats = model.Seats;
organization.MaxAutoscaleSeats = model.MaxAutoscaleSeats;
organization.MaxCollections = model.MaxCollections;
organization.MaxStorageGb = model.MaxStorageGb;
//features
organization.SelfHost = model.SelfHost;
organization.Use2fa = model.Use2fa;
organization.UseApi = model.UseApi;
organization.UseGroups = model.UseGroups;
organization.UsePolicies = model.UsePolicies;
organization.UseSso = model.UseSso;
organization.UseKeyConnector = model.UseKeyConnector;
organization.UseScim = model.UseScim;
organization.UseDirectory = model.UseDirectory;
organization.UseEvents = model.UseEvents;
organization.UseResetPassword = model.UseResetPassword;
organization.UseCustomPermissions = model.UseCustomPermissions;
organization.UseTotp = model.UseTotp;
organization.UsersGetPremium = model.UsersGetPremium;
organization.UseSecretsManager = model.UseSecretsManager;
}
if (_accessControlService.UserHasPermission(Permission.Org_Licensing_Edit))
{
organization.LicenseKey = model.LicenseKey;
organization.ExpirationDate = model.ExpirationDate;
}
if (_accessControlService.UserHasPermission(Permission.Org_Billing_Edit))
{
organization.BillingEmail = model.BillingEmail?.ToLowerInvariant()?.Trim();
organization.Gateway = model.Gateway;
organization.GatewayCustomerId = model.GatewayCustomerId;
organization.GatewaySubscriptionId = model.GatewaySubscriptionId;
}
return organization;
}
}

9
src/Admin/Controllers/ProvidersController.cs
View File

@ -1,4 +1,6 @@
using Bit.Admin.Models;
using Bit.Admin.Enums;
using Bit.Admin.Models;
using Bit.Admin.Utilities;
using Bit.Core.Entities.Provider;
using Bit.Core.Enums.Provider;
using Bit.Core.Providers.Interfaces;
@ -54,6 +56,7 @@ public class ProvidersController : Controller
_createProviderCommand = createProviderCommand;
}
[RequirePermission(Permission.Provider_List_View)]
public async Task<IActionResult> Index(string name = null, string userEmail = null, int page = 1, int count = 25)
{
if (page < 1)
@ -90,6 +93,7 @@ public class ProvidersController : Controller
[HttpPost]
[ValidateAntiForgeryToken]
[RequirePermission(Permission.Provider_Create)]
public async Task<IActionResult> Create(CreateProviderModel model)
{
if (!ModelState.IsValid)
@ -111,6 +115,7 @@ public class ProvidersController : Controller
return RedirectToAction("Edit", new { id = provider.Id });
}
[RequirePermission(Permission.Provider_View)]
public async Task<IActionResult> View(Guid id)
{
var provider = await _providerRepository.GetByIdAsync(id);
@ -141,6 +146,7 @@ public class ProvidersController : Controller
[HttpPost]
[ValidateAntiForgeryToken]
[SelfHosted(NotSelfHostedOnly = true)]
[RequirePermission(Permission.Provider_Edit)]
public async Task<IActionResult> Edit(Guid id, ProviderEditModel model)
{
var provider = await _providerRepository.GetByIdAsync(id);
@ -155,6 +161,7 @@ public class ProvidersController : Controller
return RedirectToAction("Edit", new { id });
}
[RequirePermission(Permission.Provider_ResendEmailInvite)]
public async Task<IActionResult> ResendInvite(Guid ownerId, Guid providerId)
{
await _providerService.ResendProviderSetupInviteEmailAsync(providerId, ownerId);

19
src/Admin/Controllers/ToolsController.cs
View File

@ -1,6 +1,8 @@
using System.Text;
using System.Text.Json;
using Bit.Admin.Enums;
using Bit.Admin.Models;
using Bit.Admin.Utilities;
using Bit.Core.Entities;
using Bit.Core.Models.BitStripe;
using Bit.Core.OrganizationFeatures.OrganizationLicenses.Interfaces;
@ -55,6 +57,7 @@ public class ToolsController : Controller
_environment = environment;
}
[RequirePermission(Permission.Tools_ChargeBrainTreeCustomer)]
public IActionResult ChargeBraintree()
{
return View(new ChargeBraintreeModel());
@ -62,6 +65,7 @@ public class ToolsController : Controller
[HttpPost]
[ValidateAntiForgeryToken]
[RequirePermission(Permission.Tools_ChargeBrainTreeCustomer)]
public async Task<IActionResult> ChargeBraintree(ChargeBraintreeModel model)
{
if (!ModelState.IsValid)
@ -113,6 +117,7 @@ public class ToolsController : Controller
return View(model);
}
[RequirePermission(Permission.Tools_CreateEditTransaction)]
public IActionResult CreateTransaction(Guid? organizationId = null, Guid? userId = null)
{
return View("CreateUpdateTransaction", new CreateUpdateTransactionModel
@ -124,6 +129,7 @@ public class ToolsController : Controller
[HttpPost]
[ValidateAntiForgeryToken]
[RequirePermission(Permission.Tools_CreateEditTransaction)]
public async Task<IActionResult> CreateTransaction(CreateUpdateTransactionModel model)
{
if (!ModelState.IsValid)
@ -142,6 +148,7 @@ public class ToolsController : Controller
}
}
[RequirePermission(Permission.Tools_CreateEditTransaction)]
public async Task<IActionResult> EditTransaction(Guid id)
{
var transaction = await _transactionRepository.GetByIdAsync(id);
@ -154,6 +161,7 @@ public class ToolsController : Controller
[HttpPost]
[ValidateAntiForgeryToken]
[RequirePermission(Permission.Tools_CreateEditTransaction)]
public async Task<IActionResult> EditTransaction(Guid id, CreateUpdateTransactionModel model)
{
if (!ModelState.IsValid)
@ -171,6 +179,7 @@ public class ToolsController : Controller
}
}
[RequirePermission(Permission.Tools_PromoteAdmin)]
public IActionResult PromoteAdmin()
{
return View();
@ -178,6 +187,7 @@ public class ToolsController : Controller
[HttpPost]
[ValidateAntiForgeryToken]
[RequirePermission(Permission.Tools_PromoteAdmin)]
public async Task<IActionResult> PromoteAdmin(PromoteAdminModel model)
{
if (!ModelState.IsValid)
@ -207,6 +217,7 @@ public class ToolsController : Controller
return RedirectToAction("Edit", "Organizations", new { id = model.OrganizationId.Value });
}
[RequirePermission(Permission.Tools_GenerateLicenseFile)]
public IActionResult GenerateLicense()
{
return View();
@ -214,6 +225,7 @@ public class ToolsController : Controller
[HttpPost]
[ValidateAntiForgeryToken]
[RequirePermission(Permission.Tools_GenerateLicenseFile)]
public async Task<IActionResult> GenerateLicense(LicenseModel model)
{
if (!ModelState.IsValid)
@ -285,6 +297,7 @@ public class ToolsController : Controller
}
}
[RequirePermission(Permission.Tools_ManageTaxRates)]
public async Task<IActionResult> TaxRate(int page = 1, int count = 25)
{
if (page < 1)
@ -307,6 +320,7 @@ public class ToolsController : Controller
});
}
[RequirePermission(Permission.Tools_ManageTaxRates)]
public async Task<IActionResult> TaxRateAddEdit(string stripeTaxRateId = null)
{
if (string.IsNullOrWhiteSpace(stripeTaxRateId))
@ -328,6 +342,7 @@ public class ToolsController : Controller
}
[ValidateAntiForgeryToken]
[RequirePermission(Permission.Tools_ManageTaxRates)]
public async Task<IActionResult> TaxRateUpload(IFormFile file)
{
if (file == null || file.Length == 0)
@ -395,6 +410,7 @@ public class ToolsController : Controller
[HttpPost]
[ValidateAntiForgeryToken]
[RequirePermission(Permission.Tools_ManageTaxRates)]
public async Task<IActionResult> TaxRateAddEdit(TaxRateAddEditModel model)
{
var existingRateCheck = await _taxRateRepository.GetByLocationAsync(new TaxRate() { Country = model.Country, PostalCode = model.PostalCode });
@ -429,6 +445,7 @@ public class ToolsController : Controller
return RedirectToAction("TaxRate");
}
[RequirePermission(Permission.Tools_ManageTaxRates)]
public async Task<IActionResult> TaxRateArchive(string stripeTaxRateId)
{
if (!string.IsNullOrWhiteSpace(stripeTaxRateId))
@ -439,6 +456,7 @@ public class ToolsController : Controller
return RedirectToAction("TaxRate");
}
[RequirePermission(Permission.Tools_ManageStripeSubscriptions)]
public async Task<IActionResult> StripeSubscriptions(StripeSubscriptionListOptions options)
{
options = options ?? new StripeSubscriptionListOptions();
@ -465,6 +483,7 @@ public class ToolsController : Controller
}
[HttpPost]
[RequirePermission(Permission.Tools_ManageStripeSubscriptions)]
public async Task<IActionResult> StripeSubscriptions([FromForm] StripeSubscriptionsModel model)
{
if (!ModelState.IsValid)

36
src/Admin/Controllers/UsersController.cs
View File

@ -1,4 +1,7 @@
using Bit.Admin.Models;
using Bit.Admin.Enums;
using Bit.Admin.Models;
using Bit.Admin.Services;
using Bit.Admin.Utilities;
using Bit.Core.Entities;
using Bit.Core.Repositories;
using Bit.Core.Services;
@ -17,19 +20,23 @@ public class UsersController : Controller
private readonly ICipherRepository _cipherRepository;
private readonly IPaymentService _paymentService;
private readonly GlobalSettings _globalSettings;
private readonly IAccessControlService _accessControlService;
public UsersController(
IUserRepository userRepository,
ICipherRepository cipherRepository,
IPaymentService paymentService,
GlobalSettings globalSettings)
GlobalSettings globalSettings,
IAccessControlService accessControlService)
{
_userRepository = userRepository;
_cipherRepository = cipherRepository;
_paymentService = paymentService;
_globalSettings = globalSettings;
_accessControlService = accessControlService;
}
[RequirePermission(Permission.User_List_View)]
public async Task<IActionResult> Index(string email, int page = 1, int count = 25)
{
if (page < 1)
@ -91,13 +98,36 @@ public class UsersController : Controller
return RedirectToAction("Index");
}
model.ToUser(user);
var canUpgradePremium = _accessControlService.UserHasPermission(Permission.User_UpgradePremium);
if (_accessControlService.UserHasPermission(Permission.User_Premium_Edit) ||
canUpgradePremium)
{
user.MaxStorageGb = model.MaxStorageGb;
user.Premium = model.Premium;
}
if (_accessControlService.UserHasPermission(Permission.User_Billing_Edit))
{
user.Gateway = model.Gateway;
user.GatewayCustomerId = model.GatewayCustomerId;
user.GatewaySubscriptionId = model.GatewaySubscriptionId;
}
if (_accessControlService.UserHasPermission(Permission.User_Licensing_Edit) ||
canUpgradePremium)
{
user.LicenseKey = model.LicenseKey;
user.PremiumExpirationDate = model.PremiumExpirationDate;
}
await _userRepository.ReplaceAsync(user);
return RedirectToAction("Edit", new { id });
}
[HttpPost]
[ValidateAntiForgeryToken]
[RequirePermission(Permission.User_Delete)]
public async Task<IActionResult> Delete(Guid id)
{
var user = await _userRepository.GetByIdAsync(id);

53
src/Admin/Enums/Permissions.cs Normal file
View File

@ -0,0 +1,53 @@
namespace Bit.Admin.Enums;
public enum Permission
{
User_List_View,
User_UserInformation_View,
User_GeneralDetails_View,
User_Delete,
User_UpgradePremium,
User_BillingInformation_View,
User_BillingInformation_DownloadInvoice,
User_BillingInformation_CreateEditTransaction,
User_Premium_View,
User_Premium_Edit,
User_Licensing_View,
User_Licensing_Edit,
User_Billing_View,
User_Billing_Edit,
User_Billing_LaunchGateway,
Org_List_View,
Org_OrgInformation_View,
Org_GeneralDetails_View,
Org_CheckEnabledBox,
Org_BusinessInformation_View,
Org_InitiateTrial,
Org_Delete,
Org_BillingInformation_View,
Org_BillingInformation_DownloadInvoice,
Org_BillingInformation_CreateEditTransaction,
Org_Plan_View,
Org_Plan_Edit,
Org_Licensing_View,
Org_Licensing_Edit,
Org_Billing_View,
Org_Billing_Edit,
Org_Billing_LaunchGateway,
Provider_List_View,
Provider_Create,
Provider_Edit,
Provider_View,
Provider_ResendEmailInvite,
Tools_ChargeBrainTreeCustomer,
Tools_PromoteAdmin,
Tools_GenerateLicenseFile,
Tools_ManageTaxRates,
Tools_ManageStripeSubscriptions,
Tools_CreateEditTransaction,
Logs_View
}

42
src/Admin/IdentityServer/CustomClaimsPrincipalFactory.cs Normal file
View File

@ -0,0 +1,42 @@
using System.Security.Claims;
using Bit.Admin.Services;
using Bit.Core.Settings;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Options;
public class CustomClaimsPrincipalFactory : UserClaimsPrincipalFactory<IdentityUser>
{
private IAccessControlService _accessControlService;
private readonly IGlobalSettings _globalSettings;
public CustomClaimsPrincipalFactory(
UserManager<IdentityUser> userManager,
IOptions<IdentityOptions> optionsAccessor,
IAccessControlService accessControlService,
IGlobalSettings globalSettings)
: base(userManager, optionsAccessor)
{
_accessControlService = accessControlService;
_globalSettings = globalSettings;
}
public async override Task<ClaimsPrincipal> CreateAsync(IdentityUser user)
{
var principal = await base.CreateAsync(user);
if (!_globalSettings.SelfHosted &&
!string.IsNullOrEmpty(user.Email) &&
principal.Identity != null)
{
var role = _accessControlService.GetUserRole(user.Email);
if (!string.IsNullOrEmpty(role))
{
((ClaimsIdentity)principal.Identity).AddClaims(
new[] { new Claim(ClaimTypes.Role, role) });
}
}
return principal;
}
}

3
src/Admin/IdentityServer/ServiceCollectionExtensions.cs
View File

@ -21,7 +21,8 @@ public static class ServiceCollectionExtensions
var passwordlessIdentityBuilder = services.AddIdentity<IdentityUser, Role>()
.AddUserStore<TUserStore>()
.AddRoleStore<RoleStore>()
.AddDefaultTokenProviders();
.AddDefaultTokenProviders()
.AddClaimsPrincipalFactory<CustomClaimsPrincipalFactory>();
var regularIdentityBuilder = services.AddIdentityCore<User>()
.AddUserStore<UserStore>();

1
src/Admin/Models/BillingInformationModel.cs
View File

@ -7,4 +7,5 @@ public class BillingInformationModel
public BillingInfo BillingInfo { get; set; }
public Guid? UserId { get; set; }
public Guid? OrganizationId { get; set; }
public string Entity { get; set; }
}

2
src/Admin/Models/ProviderEditModel.cs
View File

@ -28,8 +28,6 @@ public class ProviderEditModel : ProviderViewModel
public Provider ToProvider(Provider existingProvider)
{
existingProvider.Name = Name;
existingProvider.BusinessName = BusinessName;
existingProvider.BillingEmail = BillingEmail?.ToLowerInvariant()?.Trim();
existingProvider.BillingPhone = BillingPhone?.ToLowerInvariant()?.Trim();
return existingProvider;

14
src/Admin/Models/UserEditModel.cs
View File

@ -57,18 +57,4 @@ public class UserEditModel : UserViewModel
[Display(Name = "Premium Expiration Date")]
public DateTime? PremiumExpirationDate { get; set; }
public User ToUser(User existingUser)
{
existingUser.Name = Name;
existingUser.Email = Email;
existingUser.EmailVerified = EmailVerified;
existingUser.Premium = Premium;
existingUser.MaxStorageGb = MaxStorageGb;
existingUser.Gateway = Gateway;
existingUser.GatewayCustomerId = GatewayCustomerId;
existingUser.GatewaySubscriptionId = GatewaySubscriptionId;
existingUser.LicenseKey = LicenseKey;
existingUser.PremiumExpirationDate = PremiumExpirationDate;
return existingUser;
}
}

66
src/Admin/Services/AccessControlService.cs Normal file
View File

@ -0,0 +1,66 @@
using System.Security.Claims;
using Bit.Admin.Enums;
using Bit.Admin.Utilities;
using Bit.Core.Settings;
namespace Bit.Admin.Services;
public class AccessControlService : IAccessControlService
{
private readonly IHttpContextAccessor _httpContextAccessor;
private readonly IConfiguration _configuration;
private readonly IGlobalSettings _globalSettings;
public AccessControlService(
IHttpContextAccessor httpContextAccessor,
IConfiguration configuration,
IGlobalSettings globalSettings)
{
_httpContextAccessor = httpContextAccessor;
_configuration = configuration;
_globalSettings = globalSettings;
}
public bool UserHasPermission(Permission permission)
{
if (_globalSettings.SelfHosted)
{
return true;
}
var userRole = GetUserRoleFromClaim();
if (string.IsNullOrEmpty(userRole) || !RolePermissionMapping.RolePermissions.ContainsKey(userRole))
{
return false;
}
return RolePermissionMapping.RolePermissions[userRole].Contains(permission);
}
public string GetUserRole(string userEmail)
{
var roles = _configuration.GetSection("adminSettings:role").GetChildren();
if (roles == null || !roles.Any())
{
return null;
}
userEmail = userEmail.ToLowerInvariant();
var userRole = roles.FirstOrDefault(s => (s.Value != null ? s.Value.ToLowerInvariant().Split(',').Contains(userEmail) : false));
if (userRole == null)
{
return null;
}
return userRole.Key.ToLowerInvariant();
}
private string GetUserRoleFromClaim()
{
return _httpContextAccessor.HttpContext?.User?.Claims?
.FirstOrDefault(c => c.Type == ClaimTypes.Role)?.Value;
}
}

9
src/Admin/Services/IAccessControlService.cs Normal file
View File

@ -0,0 +1,9 @@
using Bit.Admin.Enums;
namespace Bit.Admin.Services;
public interface IAccessControlService
{
public bool UserHasPermission(Permission permission);
public string GetUserRole(string userEmail);
}

4
src/Admin/Startup.cs
View File

@ -7,6 +7,8 @@ using Bit.SharedWeb.Utilities;
using Microsoft.AspNetCore.Identity;
using Stripe;
using Microsoft.AspNetCore.Mvc.Razor;
using Microsoft.Extensions.DependencyInjection.Extensions;
using Bit.Admin.Services;
#if !OSS
using Bit.Commercial.Core.Utilities;
@ -64,6 +66,7 @@ public class Startup
// Context
services.AddScoped<ICurrentContext, CurrentContext>();
services.TryAddSingleton<IHttpContextAccessor, HttpContextAccessor>();
// Identity
services.AddPasswordlessIdentityServices<ReadOnlyEnvIdentityUserStore>(globalSettings);
@ -82,6 +85,7 @@ public class Startup
// Services
services.AddBaseServices(globalSettings);
services.AddDefaultServices(globalSettings);
services.AddScoped<IAccessControlService, AccessControlService>();
#if OSS
services.AddOosServices();

26
src/Admin/Utilities/RequirePermissionAttribute.cs Normal file
View File

@ -0,0 +1,26 @@
using Bit.Admin.Enums;
using Bit.Admin.Services;
using Microsoft.AspNetCore.Mvc.Filters;
namespace Bit.Admin.Utilities;
public class RequirePermissionAttribute : ActionFilterAttribute
{
public Permission Permission { get; set; }
public RequirePermissionAttribute(Permission permission)
{
Permission = permission;
}
public override void OnActionExecuting(ActionExecutingContext context)
{
var accessControlService = context.HttpContext.RequestServices.GetRequiredService<IAccessControlService>();
var hasPermission = accessControlService.UserHasPermission(Permission);
if (!hasPermission)
{
throw new UnauthorizedAccessException("Not authorized.");
}
}
}

194
src/Admin/Utilities/RolePermissionMapping.cs Normal file
View File

@ -0,0 +1,194 @@
using Bit.Admin.Enums;
namespace Bit.Admin.Utilities;
public static class RolePermissionMapping
{
//This is temporary and will be moved to the db in the next round of the rbac implementation
public static readonly Dictionary<string, List<Permission>> RolePermissions = new Dictionary<string, List<Permission>>()
{
{ "owner", new List<Permission>
{
Permission.User_List_View,
Permission.User_UserInformation_View,
Permission.User_GeneralDetails_View,
Permission.Org_CheckEnabledBox,
Permission.User_Delete,
Permission.User_UpgradePremium,
Permission.User_BillingInformation_View,
Permission.User_BillingInformation_DownloadInvoice,
Permission.User_Premium_View,
Permission.User_Premium_Edit,
Permission.User_Licensing_View,
Permission.User_Licensing_Edit,
Permission.User_Billing_View,
Permission.User_Billing_Edit,
Permission.User_Billing_LaunchGateway,
Permission.Org_List_View,
Permission.Org_OrgInformation_View,
Permission.Org_GeneralDetails_View,
Permission.Org_BusinessInformation_View,
Permission.Org_InitiateTrial,
Permission.Org_Delete,
Permission.Org_BillingInformation_View,
Permission.Org_BillingInformation_DownloadInvoice,
Permission.Org_Plan_View,
Permission.Org_Plan_Edit,
Permission.Org_Licensing_View,
Permission.Org_Licensing_Edit,
Permission.Org_Billing_View,
Permission.Org_Billing_Edit,
Permission.Org_Billing_LaunchGateway,
Permission.Provider_List_View,
Permission.Provider_Create,
Permission.Provider_View,
Permission.Provider_ResendEmailInvite,
Permission.Tools_ChargeBrainTreeCustomer,
Permission.Tools_PromoteAdmin,
Permission.Tools_GenerateLicenseFile,
Permission.Tools_ManageTaxRates,
Permission.Tools_ManageStripeSubscriptions,
Permission.Logs_View
}
},
{ "admin", new List<Permission>
{
Permission.User_List_View,
Permission.User_UserInformation_View,
Permission.User_GeneralDetails_View,
Permission.Org_CheckEnabledBox,
Permission.User_Delete,
Permission.User_UpgradePremium,
Permission.User_BillingInformation_View,
Permission.User_BillingInformation_DownloadInvoice,
Permission.User_Premium_View,
Permission.User_Premium_Edit,
Permission.User_Licensing_View,
Permission.User_Licensing_Edit,
Permission.User_Billing_View,
Permission.User_Billing_Edit,
Permission.User_Billing_LaunchGateway,
Permission.Org_List_View,
Permission.Org_OrgInformation_View,
Permission.Org_GeneralDetails_View,
Permission.Org_BusinessInformation_View,
Permission.Org_Delete,
Permission.Org_BillingInformation_View,
Permission.Org_BillingInformation_DownloadInvoice,
Permission.Org_Plan_View,
Permission.Org_Plan_Edit,
Permission.Org_Licensing_View,
Permission.Org_Licensing_Edit,
Permission.Org_Billing_View,
Permission.Org_Billing_Edit,
Permission.Org_Billing_LaunchGateway,
Permission.Org_InitiateTrial,
Permission.Provider_List_View,
Permission.Provider_Create,
Permission.Provider_View,
Permission.Provider_ResendEmailInvite,
Permission.Tools_ChargeBrainTreeCustomer,
Permission.Tools_PromoteAdmin,
Permission.Tools_GenerateLicenseFile,
Permission.Tools_ManageTaxRates,
Permission.Tools_ManageStripeSubscriptions,
Permission.Logs_View
}
},
{ "cs", new List<Permission>
{
Permission.User_List_View,
Permission.User_UserInformation_View,
Permission.User_GeneralDetails_View,
Permission.User_UpgradePremium,
Permission.User_BillingInformation_View,
Permission.User_BillingInformation_DownloadInvoice,
Permission.User_Premium_View,
Permission.User_Licensing_View,
Permission.User_Billing_View,
Permission.User_Billing_LaunchGateway,
Permission.Org_List_View,
Permission.Org_OrgInformation_View,
Permission.Org_GeneralDetails_View,
Permission.Org_BusinessInformation_View,
Permission.Org_BillingInformation_View,
Permission.Org_BillingInformation_DownloadInvoice,
Permission.Org_Plan_View,
Permission.Org_Licensing_View,
Permission.Org_Billing_View,
Permission.Org_Billing_LaunchGateway,
Permission.Provider_List_View,
Permission.Provider_View,
Permission.Logs_View
}
},
{ "billing", new List<Permission>
{
Permission.User_List_View,
Permission.User_UserInformation_View,
Permission.User_GeneralDetails_View,
Permission.User_UpgradePremium,
Permission.User_BillingInformation_View,
Permission.User_BillingInformation_DownloadInvoice,
Permission.User_BillingInformation_CreateEditTransaction,
Permission.User_Premium_View,
Permission.User_Licensing_View,
Permission.User_Billing_View,
Permission.User_Billing_Edit,
Permission.User_Billing_LaunchGateway,
Permission.Org_List_View,
Permission.Org_OrgInformation_View,
Permission.Org_GeneralDetails_View,
Permission.Org_BusinessInformation_View,
Permission.Org_BillingInformation_View,
Permission.Org_BillingInformation_DownloadInvoice,
Permission.Org_BillingInformation_CreateEditTransaction,
Permission.Org_Plan_View,
Permission.Org_Plan_Edit,
Permission.Org_Licensing_View,
Permission.Org_Billing_View,
Permission.Org_Billing_Edit,
Permission.Org_Billing_LaunchGateway,
Permission.Provider_Edit,
Permission.Provider_View,
Permission.Provider_List_View,
Permission.Tools_ChargeBrainTreeCustomer,
Permission.Tools_GenerateLicenseFile,
Permission.Tools_ManageTaxRates,
Permission.Tools_ManageStripeSubscriptions,
Permission.Tools_CreateEditTransaction,
Permission.Logs_View
}
},
{ "sales", new List<Permission>
{
Permission.User_List_View,
Permission.User_UserInformation_View,
Permission.User_GeneralDetails_View,
Permission.Org_CheckEnabledBox,
Permission.User_BillingInformation_View,
Permission.User_BillingInformation_DownloadInvoice,
Permission.User_Premium_View,
Permission.User_Licensing_View,
Permission.User_Licensing_Edit,
Permission.Org_List_View,
Permission.Org_OrgInformation_View,
Permission.Org_GeneralDetails_View,
Permission.Org_BusinessInformation_View,
Permission.Org_InitiateTrial,
Permission.Org_BillingInformation_View,
Permission.Org_BillingInformation_DownloadInvoice,
Permission.Org_Plan_View,
Permission.Org_Plan_Edit,
Permission.Org_Licensing_View,
Permission.Org_Licensing_Edit,
Permission.Provider_List_View,
Permission.Provider_Create,
Permission.Provider_Edit,
Permission.Provider_View,
Permission.Provider_ResendEmailInvite,
Permission.Logs_View
}
},
};
}

56
src/Admin/Views/Organizations/Edit.cshtml
View File

@ -1,6 +1,13 @@
@model OrganizationEditModel
@using Bit.Admin.Enums;
@inject Bit.Admin.Services.IAccessControlService AccessControlService
@model OrganizationEditModel
@{
ViewData["Title"] = (Model.Provider != null ? "Client " : string.Empty) + "Organization: " + Model.Organization.Name;
var canViewOrganizationInformation = AccessControlService.UserHasPermission(Permission.Org_OrgInformation_View);
var canViewBillingInformation = AccessControlService.UserHasPermission(Permission.Org_BillingInformation_View);
var canInitiateTrial = AccessControlService.UserHasPermission(Permission.Org_InitiateTrial);
var canDelete = AccessControlService.UserHasPermission(Permission.Org_Delete);
}
@section Scripts {
@ -79,24 +86,41 @@
<h2>Provider Relationship</h2>
@await Html.PartialAsync("_ProviderInformation", Model.Provider)
}
<h2>Organization Information</h2>
@await Html.PartialAsync("_ViewInformation", Model)
<h2>Billing Information</h2>
@await Html.PartialAsync("_BillingInformation",
new BillingInformationModel { BillingInfo = Model.BillingInfo, OrganizationId = Model.Organization.Id })
@if (canViewOrganizationInformation)
{
<h2>Organization Information</h2>
@await Html.PartialAsync("_ViewInformation", Model)
}
@if (canViewBillingInformation)
{
<h2>Billing Information</h2>
@await Html.PartialAsync("_BillingInformation",
new BillingInformationModel { BillingInfo = Model.BillingInfo, OrganizationId = Model.Organization.Id, Entity = "Organization" })
}
@await Html.PartialAsync("_OrganizationForm", Model)
<div class="d-flex mt-4">
<button type="submit" class="btn btn-primary" form="edit-form">Save</button>
<div class="ml-auto d-flex">
<button class="btn btn-secondary mr-2" type="button" id="teams-trial">
Teams Trial
</button>
<button class="btn btn-secondary mr-2" type="button" id="enterprise-trial">
Enterprise Trial
</button>
<form asp-action="Delete" asp-route-id="@Model.Organization.Id"
onsubmit="return confirm('Are you sure you want to delete this organization?')">
<button class="btn btn-danger" type="submit">Delete</button>
</form>
@if (canInitiateTrial)
{
<button class="btn btn-secondary mr-2" type="button" id="teams-trial">
Teams Trial
</button>
<button class="btn btn-secondary mr-2" type="button" id="enterprise-trial">
Enterprise Trial
</button>
}
@if (canDelete)
{
<form asp-action="Delete" asp-route-id="@Model.Organization.Id"
onsubmit="return confirm('Are you sure you want to delete this organization?')">
<button class="btn btn-danger" type="submit">Delete</button>
</form>
}
</div>
</div>

10
src/Admin/Views/Providers/Admins.cshtml
View File

@ -1,4 +1,11 @@
@using Bit.Admin.Enums;
@inject Bit.Admin.Services.IAccessControlService AccessControlService
@model ProviderViewModel
@{
var canResendEmailInvite = AccessControlService.UserHasPermission(Permission.Provider_ResendEmailInvite);
}
<h2>Provider Admins</h2>
<div class="row">
<div class="col-8">
@ -31,7 +38,8 @@
</td>
<td>
@if(admin.Status.Equals(ProviderUserStatusType.Confirmed)
&& @Model.Provider.Status.Equals(ProviderStatusType.Pending))
&& @Model.Provider.Status.Equals(ProviderStatusType.Pending)
&& canResendEmailInvite)
{
@if(@TempData["InviteResentTo"] != null && @TempData["InviteResentTo"].ToString() == @admin.UserId.Value.ToString())
{

43
src/Admin/Views/Providers/Edit.cshtml
View File

@ -1,6 +1,11 @@
@model ProviderEditModel
@using Bit.Admin.Enums;
@inject Bit.Admin.Services.IAccessControlService AccessControlService
@model ProviderEditModel
@{
ViewData["Title"] = "Provider: " + Model.Provider.Name;
var canEdit = AccessControlService.UserHasPermission(Permission.Provider_Edit);
}
<h1>Provider <small>@Model.Provider.Name</small></h1>
@ -10,29 +15,21 @@
@await Html.PartialAsync("Admins", Model)
<form method="post" id="edit-form">
<h2>General</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="Name"></label>
<input type="text" class="form-control" asp-for="Name" required>
</div>
</div>
</div>
<dl class="row">
<dt class="col-sm-4 col-lg-3">Name</dt>
<dd class="col-sm-8 col-lg-9">@Model.Provider.Name</dd>
</dl>
<h2>Business Information</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="BusinessName"></label>
<input type="text" class="form-control" asp-for="BusinessName">
</div>
</div>
</div>
<dl class="row">
<dt class="col-sm-4 col-lg-3">Business Name</dt>
<dd class="col-sm-8 col-lg-9">@Model.Provider.BusinessName</dd>
</dl>
<h2>Billing</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="BillingEmail"></label>
<input type="email" class="form-control" asp-for="BillingEmail">
<input type="email" class="form-control" asp-for="BillingEmail" readonly='@(!canEdit)'>
</div>
</div>
</div>
@ -46,6 +43,10 @@
</div>
</form>
@await Html.PartialAsync("Organizations", Model)
<div class="d-flex mt-4">
<button type="submit" class="btn btn-primary" form="edit-form">Save</button>
</div>
@if (canEdit)
{
<div class="d-flex mt-4">
<button type="submit" class="btn btn-primary" form="edit-form">Save</button>
</div>
}

16
src/Admin/Views/Providers/Index.cshtml
View File

@ -1,7 +1,12 @@
@using Bit.SharedWeb.Utilities
@using Bit.SharedWeb.Utilities
@using Bit.Admin.Enums;
@inject Bit.Admin.Services.IAccessControlService AccessControlService
@model ProvidersModel
@{
ViewData["Title"] = "Providers";
var canCreateProvider = AccessControlService.UserHasPermission(Permission.Provider_Create);
}
<h1>Providers</h1>
@ -16,9 +21,12 @@
<button type="submit" class="btn btn-primary mb-2" title="Search"><i class="fa fa-search"></i> Search</button>
</form>
</div>
<div class="col-auto">
<a asp-action="Create" class="btn btn-secondary">Create Provider</a>
</div>
@if (canCreateProvider)
{
<div class="col-auto">
<a asp-action="Create" class="btn btn-secondary">Create Provider</a>
</div>
}
</div>
<div class="table-responsive">

48
src/Admin/Views/Shared/_BillingInformation.cshtml
View File

@ -1,4 +1,15 @@
@model BillingInformationModel
@using Bit.Admin.Enums;
@inject Bit.Admin.Services.IAccessControlService AccessControlService
@model BillingInformationModel
@{
var canManageTransactions = Model.Entity == "User" ? AccessControlService.UserHasPermission(Permission.User_BillingInformation_CreateEditTransaction)
: AccessControlService.UserHasPermission(Permission.Org_BillingInformation_CreateEditTransaction);
var canDownloadInvoice = Model.Entity == "User" ? AccessControlService.UserHasPermission(Permission.User_BillingInformation_DownloadInvoice)
: AccessControlService.UserHasPermission(Permission.Org_BillingInformation_DownloadInvoice);
}
<dl class="row">
<dt class="col-sm-4 col-lg-3">Account @(Model.BillingInfo.Balance <= 0 ? "Credit" : "Balance")</dt>
<dd class="col-sm-8 col-lg-9">@Math.Abs(Model.BillingInfo.Balance).ToString("C")</dd>
@ -16,11 +27,14 @@
<td><a target="_blank" href="@invoice.Url" title="View Invoice">@invoice.Number</a></td>
<td>@invoice.Amount.ToString("C")</td>
<td>@(invoice.Paid ? "Paid" : "Unpaid")</td>
<td>
<a target="_blank" href="@invoice.PdfUrl" title="Download Invoice">
<i class="fa fa-file-pdf-o"></i>
</a>
</td>
@if (canDownloadInvoice)
{
<td>
<a target="_blank" href="@invoice.PdfUrl" title="Download Invoice">
<i class="fa fa-file-pdf-o"></i>
</a>
</td>
}
</tr>
}
</tbody>
@ -46,10 +60,13 @@
<td>@transaction.PaymentMethodType.ToString()</td>
<td>@transaction.Details</td>
<td>@transaction.Amount.ToString("C")</td>
<td>
<a title="Edit Transaction" asp-controller="Tools" asp-action="EditTransaction"
asp-route-id="@transaction.Id"><i class="fa fa-edit"></i></a>
</td>
@if (canManageTransactions)
{
<td>
<a title="Edit Transaction" asp-controller="Tools" asp-action="EditTransaction"
asp-route-id="@transaction.Id"><i class="fa fa-edit"></i></a>
</td>
}
</tr>
}
</tbody>
@ -59,9 +76,12 @@
{
<p>No transactions.</p>
}
<a asp-action="CreateTransaction" asp-controller="Tools" asp-route-organizationId="@Model.OrganizationId"
asp-route-userId="@Model.UserId" class="btn btn-sm btn-outline-primary">
<i class="fa fa-plus"></i> New Transaction
</a>
@if (canManageTransactions)
{
<a asp-action="CreateTransaction" asp-controller="Tools" asp-route-organizationId="@Model.OrganizationId"
asp-route-userId="@Model.UserId" class="btn btn-sm btn-outline-primary">
<i class="fa fa-plus"></i> New Transaction
</a>
}
</dd>
</dl>

137
src/Admin/Views/Shared/_Layout.cshtml
View File

@ -1,5 +1,25 @@
@inject SignInManager<IdentityUser> SignInManager
@using Bit.Admin.Enums;
@inject SignInManager<IdentityUser> SignInManager
@inject Bit.Core.Settings.GlobalSettings GlobalSettings
@inject Bit.Admin.Services.IAccessControlService AccessControlService
@{
var canViewUsers = AccessControlService.UserHasPermission(Permission.User_List_View);
var canViewOrgs = AccessControlService.UserHasPermission(Permission.Org_List_View);
var canViewProviders = AccessControlService.UserHasPermission(Permission.Provider_List_View);
var canViewLogs = AccessControlService.UserHasPermission(Permission.Logs_View);
var canChargeBraintree = AccessControlService.UserHasPermission(Permission.Tools_ChargeBrainTreeCustomer);
var canCreateTransaction = AccessControlService.UserHasPermission(Permission.Tools_CreateEditTransaction);
var canPromoteAdmin = AccessControlService.UserHasPermission(Permission.Tools_PromoteAdmin);
var canGenerateLicense = AccessControlService.UserHasPermission(Permission.Tools_GenerateLicenseFile);
var canManageTaxRates = AccessControlService.UserHasPermission(Permission.Tools_ManageTaxRates);
var canManageStripeSubscriptions = AccessControlService.UserHasPermission(Permission.Tools_ManageStripeSubscriptions);
var canViewTools = canChargeBraintree || canCreateTransaction || canPromoteAdmin ||
canGenerateLicense || canManageTaxRates || canManageStripeSubscriptions;
}
<!DOCTYPE html>
<html>
<head>
@ -32,58 +52,91 @@
</button>
<div class="collapse navbar-collapse" id="navbarCollapse">
<ul class="navbar-nav mr-auto">
@if(SignInManager.IsSignedIn(User))
@if (SignInManager.IsSignedIn(User))
{
<li class="nav-item" active-controller="Users">
<a class="nav-link" asp-controller="Users" asp-action="Index">Users</a>
</li>
<li class="nav-item" active-controller="Organizations">
<a class="nav-link" asp-controller="Organizations" asp-action="Index">Organizations</a>
</li>
@if(!GlobalSettings.SelfHosted)
@if (canViewUsers)
{
<li class="nav-item" active-controller="Providers">
<a class="nav-link" asp-controller="Providers" asp-action="Index">Providers</a>
</li>
<li class="nav-item dropdown" active-controller="tools">
<a class="nav-link dropdown-toggle" href="#" id="toolsDropdown" role="button"
data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
Tools
</a>
<div class="dropdown-menu" aria-labelledby="toolsDropdown">
<a class="dropdown-item" asp-controller="Tools" asp-action="ChargeBraintree">
Charge Braintree Customer
</a>
<a class="dropdown-item" asp-controller="Tools" asp-action="CreateTransaction">
Create Transaction
</a>
<a class="dropdown-item" asp-controller="Tools" asp-action="PromoteAdmin">
Promote Admin
</a>
<a class="dropdown-item" asp-controller="Tools" asp-action="GenerateLicense">
Generate License
</a>
<a class="dropdown-item" asp-controller="Tools" asp-action="TaxRate">
Manage Tax Rates
</a>
<a class="dropdown-item" asp-controller="Tools" asp-action="StripeSubscriptions">
Manage Stripe Subscriptions
</a>
</div>
</li>
<li class="nav-item" active-controller="Logs">
<a class="nav-link" asp-controller="Logs" asp-action="Index">Logs</a>
<li class="nav-item" active-controller="Users">
<a class="nav-link" asp-controller="Users" asp-action="Index">Users</a>
</li>
}
@if (canViewOrgs)
{
<li class="nav-item" active-controller="Organizations">
<a class="nav-link" asp-controller="Organizations" asp-action="Index">Organizations</a>
</li>
}
@if (!GlobalSettings.SelfHosted)
{
@if (canViewProviders)
{
<li class="nav-item" active-controller="Providers">
<a class="nav-link" asp-controller="Providers" asp-action="Index">Providers</a>
</li>
}
@if (canViewTools)
{
<li class="nav-item dropdown" active-controller="tools">
<a class="nav-link dropdown-toggle" href="#" id="toolsDropdown" role="button"
data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
Tools
</a>
<div class="dropdown-menu" aria-labelledby="toolsDropdown">
@if (canChargeBraintree)
{
<a class="dropdown-item" asp-controller="Tools" asp-action="ChargeBraintree">
Charge Braintree Customer
</a>
}
@if (canCreateTransaction)
{
<a class="dropdown-item" asp-controller="Tools" asp-action="CreateTransaction">
Create Transaction
</a>
}
@if (canPromoteAdmin)
{
<a class="dropdown-item" asp-controller="Tools" asp-action="PromoteAdmin">
Promote Admin
</a>
}
@if (canGenerateLicense)
{
<a class="dropdown-item" asp-controller="Tools" asp-action="GenerateLicense">
Generate License
</a>
}
@if (canManageTaxRates)
{
<a class="dropdown-item" asp-controller="Tools" asp-action="TaxRate">
Manage Tax Rates
</a>
}
@if (canManageStripeSubscriptions)
{
<a class="dropdown-item" asp-controller="Tools" asp-action="StripeSubscriptions">
Manage Stripe Subscriptions
</a>
}
</div>
</li>
}
@if (canViewLogs)
{
<li class="nav-item" active-controller="Logs">
<a class="nav-link" asp-controller="Logs" asp-action="Index">Logs</a>
</li>
}
}
}
@if(GlobalSettings.SelfHosted)
@if (GlobalSettings.SelfHosted)
{
<li class="nav-item">
<a class="nav-link" href="https://help.bitwarden.com/hosting/" target="_blank">Docs</a>
</li>
}
</ul>
@if(SignInManager.IsSignedIn(User))
@if (SignInManager.IsSignedIn(User))
{
<form asp-controller="Login" asp-action="Logout" method="post">
<button type="submit" class="btn btn-sm btn-secondary">Log Out</button>

481
src/Admin/Views/Shared/_OrganizationForm.cshtml
View File

@ -1,247 +1,286 @@
@using Bit.SharedWeb.Utilities
@using Bit.Admin.Enums;
@inject Bit.Admin.Services.IAccessControlService AccessControlService;
@model OrganizationEditModel
@{
var canViewGeneralDetails = AccessControlService.UserHasPermission(Permission.Org_GeneralDetails_View);
var canViewBilling = AccessControlService.UserHasPermission(Permission.Org_Billing_View);
var canViewBusinessInformation = AccessControlService.UserHasPermission(Permission.Org_BusinessInformation_View);
var canViewPlan = AccessControlService.UserHasPermission(Permission.Org_Plan_View);
var canViewLicensing = AccessControlService.UserHasPermission(Permission.Org_Licensing_View);
var canCheckEnabled = AccessControlService.UserHasPermission(Permission.Org_CheckEnabledBox);
var canEditPlan = AccessControlService.UserHasPermission(Permission.Org_Plan_Edit);
var canEditLicensing = AccessControlService.UserHasPermission(Permission.Org_Licensing_Edit);
var canEditBilling = AccessControlService.UserHasPermission(Permission.Org_Billing_Edit);
var canLaunchGateway = AccessControlService.UserHasPermission(Permission.Org_Billing_LaunchGateway);
}
<form method="post" id="edit-form" asp-route-providerId="@Model.Provider?.Id">
<input asp-for="SalesAssistedTrialStarted" type="hidden">
<h2>General</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="Name"></label>
<input type="text" class="form-control" asp-for="Name" required>
</div>
</div>
</div>
@if (Model.Provider?.Type == ProviderType.Reseller)
@if (canViewGeneralDetails)
{
<h2>General</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label>Client Owner Email</label>
@if (!string.IsNullOrWhiteSpace(Model.Owners))
<label asp-for="Name"></label>
<input type="text" class="form-control" asp-for="Name" required>
</div>
</div>
</div>
@if (Model.Provider?.Type == ProviderType.Reseller)
{
<div class="row">
<div class="col-sm">
<div class="form-group">
<label>Client Owner Email</label>
@if (!string.IsNullOrWhiteSpace(Model.Owners))
{
<input type="text" class="form-control" asp-for="Owners" readonly="readonly">
}
else
{
<input type="text" class="form-control" asp-for="Owners" required>
}
<label class="form-check-label small text-muted align-top">This user should be independent of the Provider. If the Provider is disassociated with the organization, this user will maintain ownership of the organization.</label>
</div>
</div>
</div>
}
@if (Model.Organization != null)
{
<div class="form-check mb-3">
<input type="checkbox" class="form-check-input" asp-for="Enabled" disabled='@(canCheckEnabled ? null : "disabled")'>
<label class="form-check-label" asp-for="Enabled"></label>
</div>
}
}
@if (canViewBusinessInformation)
{
<h2>Business Information</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="BusinessName"></label>
<input type="text" class="form-control" asp-for="BusinessName">
</div>
</div>
</div>
}
@if (canViewPlan)
{
<h2>Plan</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="PlanType"></label>
@{
var planTypes = Enum.GetValues<PlanType>()
.Where(p => Model.Provider == null || p is >= PlanType.TeamsMonthly and <= PlanType.EnterpriseAnnually)
.Select(e => new SelectListItem
{
Value = ((int)e).ToString(),
Text = e.GetDisplayAttribute()?.GetName() ?? e.ToString()
})
.ToList();
}
<select class="form-control" asp-for="PlanType" asp-items="planTypes" disabled='@(canEditPlan ? null : "disabled")'></select>
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="Plan"></label>
<input type="text" class="form-control" asp-for="Plan" required readonly='@(!canEditPlan)'>
</div>
</div>
</div>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="Seats"></label>
<input type="number" class="form-control" asp-for="Seats" min="1" readonly='@(!canEditPlan)'>
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="MaxCollections"></label>
<input type="number" class="form-control" asp-for="MaxCollections" min="1" readonly='@(!canEditPlan)'>
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="MaxStorageGb"></label>
<input type="number" class="form-control" asp-for="MaxStorageGb" min="1" readonly='@(!canEditPlan)'>
</div>
</div>
</div>
<div class="row">
<div class="col-4">
<div class="form-group">
<label asp-for="MaxAutoscaleSeats"></label>
<input type="number" class="form-control" asp-for="MaxAutoscaleSeats" min="1" readonly='@(!canEditPlan)'>
</div>
</div>
</div>
<h2>Features</h2>
<div class="row mb-3">
<div class="col-4">
<h3>General</h3>
<div class="form-check mb-2">
<input type="checkbox" class="form-check-input" asp-for="SelfHost" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="SelfHost"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="Use2fa" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="Use2fa"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseApi" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UseApi"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseGroups" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UseGroups"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UsePolicies" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UsePolicies"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseSso" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UseSso"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseKeyConnector" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UseKeyConnector"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseScim" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UseScim"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseDirectory" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UseDirectory"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseEvents" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UseEvents"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseResetPassword" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UseResetPassword"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseCustomPermissions" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UseCustomPermissions"></label>
</div>
</div>
<div class="col-4">
<h3>Password Manager</h3>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseTotp" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UseTotp"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UsersGetPremium" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UsersGetPremium"></label>
</div>
</div>
<div class="col-4">
<h3>Secrets Manager</h3>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseSecretsManager" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UseSecretsManager"></label>
</div>
</div>
</div>
}
@if(canViewLicensing)
{
<h2>Licensing</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="LicenseKey"></label>
<input type="text" class="form-control" asp-for="LicenseKey" readonly='@(!canEditLicensing)'>
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="ExpirationDate"></label>
<input type="datetime-local" class="form-control" asp-for="ExpirationDate" readonly='@(!canEditLicensing)'>
</div>
</div>
</div>
}
@if (canViewBilling)
{
<h2>Billing</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="BillingEmail"></label>
@if (Model.Provider?.Type == ProviderType.Reseller)
{
<input type="text" class="form-control" asp-for="Owners" readonly="readonly">
<input type="email" class="form-control" asp-for="BillingEmail" readonly="readonly">
}
else
{
<input type="text" class="form-control" asp-for="Owners" required>
<input type="email" class="form-control" asp-for="BillingEmail" readonly='@(!canEditBilling)'>
}
<label class="form-check-label small text-muted align-top">This user should be independent of the Provider. If the Provider is disassociated with the organization, this user will maintain ownership of the organization.</label>
</div>
</div>
</div>
}
@if (Model.Organization != null)
{
<div class="form-check mb-3">
<input type="checkbox" class="form-check-input" asp-for="Enabled">
<label class="form-check-label" asp-for="Enabled"></label>
</div>
}
<h2>Business Information</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="BusinessName"></label>
<input type="text" class="form-control" asp-for="BusinessName">
</div>
</div>
</div>
<h2>Plan</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="PlanType"></label>
@{
var planTypes = Enum.GetValues<PlanType>()
.Where(p => Model.Provider == null || p is >= PlanType.TeamsMonthly and <= PlanType.EnterpriseAnnually)
.Select(e => new SelectListItem
{
Value = ((int)e).ToString(),
Text = e.GetDisplayAttribute()?.GetName() ?? e.ToString()
})
.ToList();
}
<select class="form-control" asp-for="PlanType" asp-items="planTypes"></select>
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="Plan"></label>
<input type="text" class="form-control" asp-for="Plan" required>
</div>
</div>
</div>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="Seats"></label>
<input type="number" class="form-control" asp-for="Seats" min="1">
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="MaxCollections"></label>
<input type="number" class="form-control" asp-for="MaxCollections" min="1">
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="MaxStorageGb"></label>
<input type="number" class="form-control" asp-for="MaxStorageGb" min="1">
</div>
</div>
</div>
<div class="row">
<div class="col-4">
<div class="form-group">
<label asp-for="MaxAutoscaleSeats"></label>
<input type="number" class="form-control" asp-for="MaxAutoscaleSeats" min="1">
</div>
</div>
</div>
<h2>Features</h2>
<div class="row mb-3">
<div class="col-4">
<h3>General</h3>
<div class="form-check mb-2">
<input type="checkbox" class="form-check-input" asp-for="SelfHost">
<label class="form-check-label" asp-for="SelfHost"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="Use2fa">
<label class="form-check-label" asp-for="Use2fa"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseApi">
<label class="form-check-label" asp-for="UseApi"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseGroups">
<label class="form-check-label" asp-for="UseGroups"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UsePolicies">
<label class="form-check-label" asp-for="UsePolicies"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseSso">
<label class="form-check-label" asp-for="UseSso"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseKeyConnector">
<label class="form-check-label" asp-for="UseKeyConnector"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseScim">
<label class="form-check-label" asp-for="UseScim"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseDirectory">
<label class="form-check-label" asp-for="UseDirectory"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseEvents">
<label class="form-check-label" asp-for="UseEvents"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseResetPassword">
<label class="form-check-label" asp-for="UseResetPassword"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseCustomPermissions">
<label class="form-check-label" asp-for="UseCustomPermissions"></label>
</div>
</div>
<div class="col-4">
<h3>Password Manager</h3>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseTotp">
<label class="form-check-label" asp-for="UseTotp"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UsersGetPremium">
<label class="form-check-label" asp-for="UsersGetPremium"></label>
</div>
</div>
<div class="col-4">
<h3>Secrets Manager</h3>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseSecretsManager">
<label class="form-check-label" asp-for="UseSecretsManager"></label>
</div>
</div>
</div>
<h2>Licensing</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="LicenseKey"></label>
<input type="text" class="form-control" asp-for="LicenseKey">
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="ExpirationDate"></label>
<input type="datetime-local" class="form-control" asp-for="ExpirationDate">
</div>
</div>
</div>
<h2>Billing</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="BillingEmail"></label>
@if (Model.Provider?.Type == ProviderType.Reseller)
{
<input type="email" class="form-control" asp-for="BillingEmail" readonly="readonly">
}
else
{
<input type="email" class="form-control" asp-for="BillingEmail">
}
</div>
</div>
<div class="col-sm">
<div class="form-group">
<div class="col-sm">
<div class="form-group">
<label asp-for="Gateway"></label>
<select class="form-control" asp-for="Gateway"
asp-items="Html.GetEnumSelectList<Bit.Core.Enums.GatewayType>()">
<option value="">--</option>
</select>
</div>
</div>
</div>
</div>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="GatewayCustomerId"></label>
<div class="input-group">
<input type="text" class="form-control" asp-for="GatewayCustomerId">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" id="gateway-customer-link">
<i class="fa fa-external-link"></i>
</button>
<div class="form-group">
<label asp-for="Gateway"></label>
<select class="form-control" asp-for="Gateway" disabled='@(canEditBilling ? null : "disabled")'
asp-items="Html.GetEnumSelectList<Bit.Core.Enums.GatewayType>()">
<option value="">--</option>
</select>
</div>
</div>
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="GatewaySubscriptionId"></label>
<div class="input-group">
<input type="text" class="form-control" asp-for="GatewaySubscriptionId">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" id="gateway-subscription-link">
<i class="fa fa-external-link"></i>
</button>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="GatewayCustomerId"></label>
<div class="input-group">
<input type="text" class="form-control" asp-for="GatewayCustomerId" readonly='@(!canEditBilling)'>
@if(canLaunchGateway)
{
<div class="input-group-append">
<button class="btn btn-secondary" type="button" id="gateway-customer-link">
<i class="fa fa-external-link"></i>
</button>
</div>
}
</div>
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="GatewaySubscriptionId"></label>
<div class="input-group">
<input type="text" class="form-control" asp-for="GatewaySubscriptionId" readonly='@(!canEditBilling)'>
@if (canLaunchGateway)
{
<div class="input-group-append">
<button class="btn btn-secondary" type="button" id="gateway-subscription-link">
<i class="fa fa-external-link"></i>
</button>
</div>
}
</div>
</div>
</div>
</div>
</div>
}
</form>

171
src/Admin/Views/Users/Edit.cshtml
View File

@ -1,6 +1,22 @@
@model UserEditModel
@using Bit.Admin.Enums;
@inject Bit.Admin.Services.IAccessControlService AccessControlService
@model UserEditModel
@{
ViewData["Title"] = "User: " + Model.User.Email;
var canViewUserInformation = AccessControlService.UserHasPermission(Permission.User_UserInformation_View);
var canViewBillingInformation = AccessControlService.UserHasPermission(Permission.User_BillingInformation_View);
var canViewGeneral = AccessControlService.UserHasPermission(Permission.User_GeneralDetails_View);
var canViewPremium = AccessControlService.UserHasPermission(Permission.User_Premium_View);
var canViewLicensing = AccessControlService.UserHasPermission(Permission.User_Licensing_View);
var canViewBilling = AccessControlService.UserHasPermission(Permission.User_Billing_View);
var canEditPremium = AccessControlService.UserHasPermission(Permission.User_Premium_Edit);
var canEditLicensing = AccessControlService.UserHasPermission(Permission.User_Licensing_Edit);
var canEditBilling = AccessControlService.UserHasPermission(Permission.User_Billing_Edit);
var canLaunchGateway = AccessControlService.UserHasPermission(Permission.User_Billing_LaunchGateway);
var canUpgradePremium = AccessControlService.UserHasPermission(Permission.User_UpgradePremium);
var canDeleteUser = AccessControlService.UserHasPermission(Permission.User_Delete);
}
@section Scripts {
@ -56,66 +72,76 @@
<h1>User <small>@Model.User.Email</small></h1>
<h2>User Information</h2>
@await Html.PartialAsync("_ViewInformation", Model)
<h2>Billing Information</h2>
@await Html.PartialAsync("_BillingInformation",
new BillingInformationModel { BillingInfo = Model.BillingInfo, UserId = Model.User.Id })
<form method="post" id="edit-form">
@if (canViewUserInformation)
{
<h2>User Information</h2>
@await Html.PartialAsync("_ViewInformation", Model)
}
@if (canViewBillingInformation)
{
<h2>Billing Information</h2>
@await Html.PartialAsync("_BillingInformation",
new BillingInformationModel { BillingInfo = Model.BillingInfo, UserId = Model.User.Id, Entity = "User" })
}
@if (canViewGeneral)
{
<h2>General</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="Name"></label>
<input type="text" class="form-control" asp-for="Name">
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="Email"></label>
<input type="email" class="form-control" asp-for="Email" required>
</div>
</div>
</div>
<dl class="row">
<dt class="col-sm-4 col-lg-3">Name</dt>
<dd class="col-sm-8 col-lg-9">@Model.Name</dd>
<dt class="col-sm-4 col-lg-3">Email</dt>
<dd class="col-sm-8 col-lg-9">@Model.Email</dd>
</dl>
<div class="form-check mb-3">
<input type="checkbox" class="form-check-input" asp-for="EmailVerified">
<input type="checkbox" class="form-check-input" asp-for="EmailVerified" disabled>
<label class="form-check-label" asp-for="EmailVerified"></label>
</div>
<h2>Premium</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="MaxStorageGb"></label>
<input type="number" class="form-control" asp-for="MaxStorageGb" min="1">
}
<form method="post" id="edit-form">
@if (canViewPremium)
{
<h2>Premium</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="MaxStorageGb"></label>
<input type="number" class="form-control" asp-for="MaxStorageGb" min="1" readonly='@(!canEditPremium)'>
</div>
</div>
</div>
</div>
<div class="form-check mb-3">
<input type="checkbox" class="form-check-input" asp-for="Premium">
<label class="form-check-label" asp-for="Premium"></label>
</div>
<h2>Licensing</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="LicenseKey"></label>
<input type="text" class="form-control" asp-for="LicenseKey">
<div class="form-check mb-3">
<input type="checkbox" class="form-check-input" asp-for="Premium" readonly='@(!canUpgradePremium)'>
<label class="form-check-label" asp-for="Premium"></label>
</div>
}
@if (canViewLicensing)
{
<h2>Licensing</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="LicenseKey"></label>
<input type="text" class="form-control" asp-for="LicenseKey" readonly='@(!canEditLicensing)'>
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="PremiumExpirationDate"></label>
<input type="datetime-local" class="form-control" asp-for="PremiumExpirationDate" readonly='@(!canEditLicensing)'>
</div>
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="PremiumExpirationDate"></label>
<input type="datetime-local" class="form-control" asp-for="PremiumExpirationDate">
</div>
</div>
</div>
}
@if (canViewBilling)
{
<h2>Billing</h2>
<div class="row">
<div class="col-md">
<div class="form-group">
<div class="form-group">
<label asp-for="Gateway"></label>
<select class="form-control" asp-for="Gateway"
<select class="form-control" asp-for="Gateway" disabled='@(canEditBilling ? null : "disabled")'
asp-items="Html.GetEnumSelectList<Bit.Core.Enums.GatewayType>()">
<option value="">--</option>
</select>
@ -126,12 +152,15 @@
<div class="form-group">
<label asp-for="GatewayCustomerId"></label>
<div class="input-group">
<input type="text" class="form-control" asp-for="GatewayCustomerId">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" id="gateway-customer-link">
<i class="fa fa-external-link"></i>
</button>
</div>
<input type="text" class="form-control" asp-for="GatewayCustomerId" readonly='@(!canEditBilling)'>
@if (canLaunchGateway)
{
<div class="input-group-append">
<button class="btn btn-secondary" type="button" id="gateway-customer-link">
<i class="fa fa-external-link"></i>
</button>
</div>
}
</div>
</div>
</div>
@ -139,26 +168,36 @@
<div class="form-group">
<label asp-for="GatewaySubscriptionId"></label>
<div class="input-group">
<input type="text" class="form-control" asp-for="GatewaySubscriptionId">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" id="gateway-subscription-link">
<i class="fa fa-external-link"></i>
</button>
</div>
<input type="text" class="form-control" asp-for="GatewaySubscriptionId" readonly='@(!canEditBilling)'>
@if (canLaunchGateway)
{
<div class="input-group-append">
<button class="btn btn-secondary" type="button" id="gateway-subscription-link">
<i class="fa fa-external-link"></i>
</button>
</div>
}
</div>
</div>
</div>
</div>
}
</form>
<div class="d-flex mt-4">
<button type="submit" class="btn btn-primary" form="edit-form">Save</button>
<div class="ml-auto d-flex">
<button class="btn btn-secondary mr-2" type="button" id="upgrade-premium">
Upgrade Premium
</button>
<form asp-action="Delete" asp-route-id="@Model.User.Id"
onsubmit="return confirm('Are you sure you want to delete this user?')">
<button class="btn btn-danger" type="submit">Delete</button>
</form>
@if (canUpgradePremium)
{
<button class="btn btn-secondary mr-2" type="button" id="upgrade-premium">
Upgrade Premium
</button>
}
@if (canDeleteUser)
{
<form asp-action="Delete" asp-route-id="@Model.User.Id"
onsubmit="return confirm('Are you sure you want to delete this user?')">
<button class="btn btn-danger" type="submit">Delete</button>
</form>
}
</div>
</div>