Do not use ApplicationCache when saving OrgUser (#3885)

* Do not use ApplicationCache when saving OrgUser * dotnet format
2024-11-21 12:05:42 +01:00 · 2024-03-11 21:01:56 +10:00 · 2024-03-11 21:01:56 +10:00 · 1a3c1aeb0c
commit 1a3c1aeb0c
parent f432c18ab5
2 changed files with 20 additions and 22 deletions
--- a/src/Core/AdminConsole/Services/Implementations/OrganizationService.cs
+++ b/src/Core/AdminConsole/Services/Implementations/OrganizationService.cs
@ -1421,18 +1421,18 @@ public class OrganizationService : IOrganizationService
        }

        // If the organization is using Flexible Collections, prevent use of any deprecated permissions
-        var organizationAbility = await _applicationCacheService.GetOrganizationAbilityAsync(user.OrganizationId);
-        if (organizationAbility?.FlexibleCollections == true && user.Type == OrganizationUserType.Manager)
+        var organization = await _organizationRepository.GetByIdAsync(user.OrganizationId);
+        if (organization.FlexibleCollections && user.Type == OrganizationUserType.Manager)
        {
            throw new BadRequestException("The Manager role has been deprecated by collection enhancements. Use the collection Can Manage permission instead.");
        }

-        if (organizationAbility?.FlexibleCollections == true && user.AccessAll)
+        if (organization.FlexibleCollections && user.AccessAll)
        {
            throw new BadRequestException("The AccessAll property has been deprecated by collection enhancements. Assign the user to collections instead.");
        }

-        if (organizationAbility?.FlexibleCollections == true && collections?.Any() == true)
+        if (organization.FlexibleCollections && collections?.Any() == true)
        {
            var invalidAssociations = collections.Where(cas => cas.Manage && (cas.ReadOnly || cas.HidePasswords));
            if (invalidAssociations.Any())
@ -1449,7 +1449,6 @@ public class OrganizationService : IOrganizationService
            var additionalSmSeatsRequired = await _countNewSmSeatsRequiredQuery.CountNewSmSeatsRequiredAsync(user.OrganizationId, 1);
            if (additionalSmSeatsRequired > 0)
            {
-                var organization = await _organizationRepository.GetByIdAsync(user.OrganizationId);
                var update = new SecretsManagerSubscriptionUpdate(organization, true)
                    .AdjustSeats(additionalSmSeatsRequired);
                await _updateSecretsManagerSubscriptionCommand.UpdateSubscriptionAsync(update);
--- a/test/Core.Test/AdminConsole/Services/OrganizationServiceTests.cs
+++ b/test/Core.Test/AdminConsole/Services/OrganizationServiceTests.cs
@ -15,7 +15,6 @@ using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Business;
 using Bit.Core.Models.Data;
-using Bit.Core.Models.Data.Organizations;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Models.Mail;
 using Bit.Core.Models.StaticStore;
@ -1371,7 +1370,7 @@ OrganizationUserInvite invite, SutProvider<OrganizationService> sutProvider)

    [Theory, BitAutoData]
    public async Task SaveUser_WithFlexibleCollections_WhenUpgradingToManager_Throws(
-        OrganizationAbility organizationAbility,
+        Organization organization,
        [OrganizationUser(type: OrganizationUserType.User)] OrganizationUser oldUserData,
        [OrganizationUser(type: OrganizationUserType.Manager)] OrganizationUser newUserData,
        [OrganizationUser(type: OrganizationUserType.Owner, status: OrganizationUserStatusType.Confirmed)] OrganizationUser savingUser,
@ -1379,18 +1378,18 @@ OrganizationUserInvite invite, SutProvider<OrganizationService> sutProvider)
        IEnumerable<Guid> groups,
        SutProvider<OrganizationService> sutProvider)
    {
-        organizationAbility.FlexibleCollections = true;
+        organization.FlexibleCollections = true;
        newUserData.Id = oldUserData.Id;
        newUserData.UserId = oldUserData.UserId;
-        newUserData.OrganizationId = oldUserData.OrganizationId = savingUser.OrganizationId = organizationAbility.Id;
+        newUserData.OrganizationId = oldUserData.OrganizationId = savingUser.OrganizationId = organization.Id;
        newUserData.Permissions = CoreHelpers.ClassToJsonData(new Permissions());

-        sutProvider.GetDependency<IApplicationCacheService>()
-            .GetOrganizationAbilityAsync(organizationAbility.Id)
-            .Returns(organizationAbility);
+        sutProvider.GetDependency<IOrganizationRepository>()
+            .GetByIdAsync(organization.Id)
+            .Returns(organization);

        sutProvider.GetDependency<ICurrentContext>()
-            .ManageUsers(organizationAbility.Id)
+            .ManageUsers(organization.Id)
            .Returns(true);

        sutProvider.GetDependency<IOrganizationUserRepository>()
@ -1398,7 +1397,7 @@ OrganizationUserInvite invite, SutProvider<OrganizationService> sutProvider)
            .Returns(oldUserData);

        sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetManyByOrganizationAsync(organizationAbility.Id, OrganizationUserType.Owner)
+            .GetManyByOrganizationAsync(organization.Id, OrganizationUserType.Owner)
            .Returns(new List<OrganizationUser> { savingUser });

        var exception = await Assert.ThrowsAsync<BadRequestException>(
@ -1409,7 +1408,7 @@ OrganizationUserInvite invite, SutProvider<OrganizationService> sutProvider)

    [Theory, BitAutoData]
    public async Task SaveUser_WithFlexibleCollections_WithAccessAll_Throws(
-        OrganizationAbility organizationAbility,
+        Organization organization,
        [OrganizationUser(type: OrganizationUserType.User)] OrganizationUser oldUserData,
        [OrganizationUser(type: OrganizationUserType.User)] OrganizationUser newUserData,
        [OrganizationUser(type: OrganizationUserType.Owner, status: OrganizationUserStatusType.Confirmed)] OrganizationUser savingUser,
@ -1417,19 +1416,19 @@ OrganizationUserInvite invite, SutProvider<OrganizationService> sutProvider)
        IEnumerable<Guid> groups,
        SutProvider<OrganizationService> sutProvider)
    {
-        organizationAbility.FlexibleCollections = true;
+        organization.FlexibleCollections = true;
        newUserData.Id = oldUserData.Id;
        newUserData.UserId = oldUserData.UserId;
-        newUserData.OrganizationId = oldUserData.OrganizationId = savingUser.OrganizationId = organizationAbility.Id;
+        newUserData.OrganizationId = oldUserData.OrganizationId = savingUser.OrganizationId = organization.Id;
        newUserData.Permissions = CoreHelpers.ClassToJsonData(new Permissions());
        newUserData.AccessAll = true;

-        sutProvider.GetDependency<IApplicationCacheService>()
-            .GetOrganizationAbilityAsync(organizationAbility.Id)
-            .Returns(organizationAbility);
+        sutProvider.GetDependency<IOrganizationRepository>()
+            .GetByIdAsync(organization.Id)
+            .Returns(organization);

        sutProvider.GetDependency<ICurrentContext>()
-            .ManageUsers(organizationAbility.Id)
+            .ManageUsers(organization.Id)
            .Returns(true);

        sutProvider.GetDependency<IOrganizationUserRepository>()
@ -1437,7 +1436,7 @@ OrganizationUserInvite invite, SutProvider<OrganizationService> sutProvider)
            .Returns(oldUserData);

        sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetManyByOrganizationAsync(organizationAbility.Id, OrganizationUserType.Owner)
+            .GetManyByOrganizationAsync(organization.Id, OrganizationUserType.Owner)
            .Returns(new List<OrganizationUser> { savingUser });

        var exception = await Assert.ThrowsAsync<BadRequestException>(