mirror of
https://github.com/bitwarden/server.git
synced 2024-11-21 12:05:42 +01:00
[SM-670] Add permission context to project lists. (#2822)
* Attach permission context to project lists. * restrict service-account actions * Fix project permission details * Add getters and setters * dotnet format * Fix admin create unassigned secret (#2872)
This commit is contained in:
Thomas Avery
GitHub
parent
9cbd0ac799
commit
20d3b4b4e8
@ -118,7 +118,7 @@ public class CreateAccessPoliciesCommand : ICreateAccessPoliciesCommand
|
||||
case AccessClientType.User:
|
||||
if (projectIdToCheck.HasValue)
|
||||
{
|
||||
hasAccess = await _projectRepository.UserHasWriteAccessToProject(projectIdToCheck.Value, userId);
|
||||
hasAccess = (await _projectRepository.AccessToProjectAsync(projectIdToCheck.Value, userId, accessClient)).Write;
|
||||
}
|
||||
else if (serviceAccountIdToCheck.HasValue)
|
||||
{
|
||||
|
||||
@ -83,7 +83,7 @@ public class DeleteAccessPolicyCommand : IDeleteAccessPolicyCommand
|
||||
case AccessClientType.User:
|
||||
if (projectIdToCheck.HasValue)
|
||||
{
|
||||
hasAccess = await _projectRepository.UserHasWriteAccessToProject(projectIdToCheck.Value, userId);
|
||||
hasAccess = (await _projectRepository.AccessToProjectAsync(projectIdToCheck.Value, userId, accessClient)).Write;
|
||||
}
|
||||
else if (serviceAccountIdToCheck.HasValue)
|
||||
{
|
||||
|
||||
@ -87,7 +87,7 @@ public class UpdateAccessPolicyCommand : IUpdateAccessPolicyCommand
|
||||
case AccessClientType.User:
|
||||
if (projectIdToCheck.HasValue)
|
||||
{
|
||||
hasAccess = await _projectRepository.UserHasWriteAccessToProject(projectIdToCheck.Value, userId);
|
||||
hasAccess = (await _projectRepository.AccessToProjectAsync(projectIdToCheck.Value, userId, accessClient)).Write;
|
||||
}
|
||||
else if (serviceAccountIdToCheck.HasValue)
|
||||
{
|
||||
|
||||
@ -49,19 +49,13 @@ public class DeleteProjectCommand : IDeleteProjectCommand
|
||||
var orgAdmin = await _currentContext.OrganizationAdmin(organizationId);
|
||||
var accessClient = AccessClientHelper.ToAccessClient(_currentContext.ClientType, orgAdmin);
|
||||
|
||||
var results = new List<Tuple<Project, String>>(projects.Count);
|
||||
var results = new List<Tuple<Project, string>>(projects.Count);
|
||||
var deleteIds = new List<Guid>();
|
||||
|
||||
foreach (var project in projects)
|
||||
{
|
||||
var hasAccess = accessClient switch
|
||||
{
|
||||
AccessClientType.NoAccessCheck => true,
|
||||
AccessClientType.User => await _projectRepository.UserHasWriteAccessToProject(project.Id, userId),
|
||||
_ => false,
|
||||
};
|
||||
|
||||
if (!hasAccess)
|
||||
var access = await _projectRepository.AccessToProjectAsync(project.Id, userId, accessClient);
|
||||
if (!access.Write || accessClient == AccessClientType.ServiceAccount)
|
||||
{
|
||||
results.Add(new Tuple<Project, string>(project, "access denied"));
|
||||
}
|
||||
|
||||
@ -34,14 +34,8 @@ public class UpdateProjectCommand : IUpdateProjectCommand
|
||||
var orgAdmin = await _currentContext.OrganizationAdmin(project.OrganizationId);
|
||||
var accessClient = AccessClientHelper.ToAccessClient(_currentContext.ClientType, orgAdmin);
|
||||
|
||||
var hasAccess = accessClient switch
|
||||
{
|
||||
AccessClientType.NoAccessCheck => true,
|
||||
AccessClientType.User => await _projectRepository.UserHasWriteAccessToProject(updatedProject.Id, userId),
|
||||
_ => false,
|
||||
};
|
||||
|
||||
if (!hasAccess)
|
||||
var access = await _projectRepository.AccessToProjectAsync(updatedProject.Id, userId, accessClient);
|
||||
if (!access.Write || accessClient == AccessClientType.ServiceAccount)
|
||||
{
|
||||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
@ -39,7 +39,7 @@ public class CreateSecretCommand : ICreateSecretCommand
|
||||
var hasAccess = accessClient switch
|
||||
{
|
||||
AccessClientType.NoAccessCheck => true,
|
||||
AccessClientType.User => await _projectRepository.UserHasWriteAccessToProject(project.Id, userId),
|
||||
AccessClientType.User => (await _projectRepository.AccessToProjectAsync(project.Id, userId, accessClient)).Write,
|
||||
_ => false,
|
||||
};
|
||||
|
||||
|
||||
@ -54,16 +54,10 @@ public class DeleteSecretCommand : IDeleteSecretCommand
|
||||
if (secret.Projects != null && secret.Projects?.Count > 0)
|
||||
{
|
||||
var projectId = secret.Projects.First().Id;
|
||||
|
||||
hasAccess = accessClient switch
|
||||
{
|
||||
AccessClientType.NoAccessCheck => true,
|
||||
AccessClientType.User => await _projectRepository.UserHasWriteAccessToProject(projectId, userId),
|
||||
_ => false,
|
||||
};
|
||||
hasAccess = (await _projectRepository.AccessToProjectAsync(projectId, userId, accessClient)).Write;
|
||||
}
|
||||
|
||||
if (!hasAccess)
|
||||
if (!hasAccess || accessClient == AccessClientType.ServiceAccount)
|
||||
{
|
||||
results.Add(new Tuple<Secret, string>(secret, "access denied"));
|
||||
}
|
||||
|
||||
@ -51,7 +51,7 @@ public class UpdateSecretCommand : IUpdateSecretCommand
|
||||
return secret;
|
||||
}
|
||||
|
||||
public async Task<bool> HasAccessToOriginalAndUpdatedProject(AccessClientType accessClient, Secret secret, Secret updatedSecret, Guid userId)
|
||||
private async Task<bool> HasAccessToOriginalAndUpdatedProject(AccessClientType accessClient, Secret secret, Secret updatedSecret, Guid userId)
|
||||
{
|
||||
switch (accessClient)
|
||||
{
|
||||
@ -60,8 +60,8 @@ public class UpdateSecretCommand : IUpdateSecretCommand
|
||||
case AccessClientType.User:
|
||||
var oldProject = secret.Projects?.FirstOrDefault();
|
||||
var newProject = updatedSecret.Projects?.FirstOrDefault();
|
||||
var accessToOld = oldProject != null && await _projectRepository.UserHasWriteAccessToProject(oldProject.Id, userId);
|
||||
var accessToNew = newProject != null && await _projectRepository.UserHasWriteAccessToProject(newProject.Id, userId);
|
||||
var accessToOld = oldProject != null && (await _projectRepository.AccessToProjectAsync(oldProject.Id, userId, accessClient)).Write;
|
||||
var accessToNew = newProject != null && (await _projectRepository.AccessToProjectAsync(newProject.Id, userId, accessClient)).Write;
|
||||
return accessToOld && accessToNew;
|
||||
default:
|
||||
return false;
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
using System.Linq.Expressions;
|
||||
using AutoMapper;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.SecretsManager.Models.Data;
|
||||
using Bit.Core.SecretsManager.Repositories;
|
||||
using Bit.Infrastructure.EntityFramework.Repositories;
|
||||
using Bit.Infrastructure.EntityFramework.SecretsManager.Models;
|
||||
@ -27,22 +28,16 @@ public class ProjectRepository : Repository<Core.SecretsManager.Entities.Project
|
||||
}
|
||||
}
|
||||
|
||||
public async Task<IEnumerable<Core.SecretsManager.Entities.Project>> GetManyByOrganizationIdAsync(Guid organizationId, Guid userId, AccessClientType accessType)
|
||||
public async Task<IEnumerable<ProjectPermissionDetails>> GetManyByOrganizationIdAsync(Guid organizationId, Guid userId, AccessClientType accessType)
|
||||
{
|
||||
using var scope = ServiceScopeFactory.CreateScope();
|
||||
var dbContext = GetDatabaseContext(scope);
|
||||
var query = dbContext.Project.Where(p => p.OrganizationId == organizationId && p.DeletedDate == null);
|
||||
|
||||
query = accessType switch
|
||||
{
|
||||
AccessClientType.NoAccessCheck => query,
|
||||
AccessClientType.User => query.Where(UserHasReadAccessToProject(userId)),
|
||||
AccessClientType.ServiceAccount => query.Where(ServiceAccountHasReadAccessToProject(userId)),
|
||||
_ => throw new ArgumentOutOfRangeException(nameof(accessType), accessType, null),
|
||||
};
|
||||
var query = dbContext.Project.Where(p => p.OrganizationId == organizationId && p.DeletedDate == null).OrderBy(p => p.RevisionDate);
|
||||
|
||||
var projects = await query.OrderBy(p => p.RevisionDate).ToListAsync();
|
||||
return Mapper.Map<List<Core.SecretsManager.Entities.Project>>(projects);
|
||||
var projects = ProjectToPermissionDetails(query, userId, accessType);
|
||||
|
||||
return await projects.ToListAsync();
|
||||
}
|
||||
|
||||
public async Task<IEnumerable<Core.SecretsManager.Entities.Project>> GetManyByOrganizationIdWriteAccessAsync(
|
||||
@ -63,20 +58,6 @@ public class ProjectRepository : Repository<Core.SecretsManager.Entities.Project
|
||||
return Mapper.Map<List<Core.SecretsManager.Entities.Project>>(projects);
|
||||
}
|
||||
|
||||
private static Expression<Func<Project, bool>> UserHasReadAccessToProject(Guid userId) => p =>
|
||||
p.UserAccessPolicies.Any(ap => ap.OrganizationUser.User.Id == userId && ap.Read) ||
|
||||
p.GroupAccessPolicies.Any(ap => ap.Group.GroupUsers.Any(gu => gu.OrganizationUser.User.Id == userId && ap.Read));
|
||||
|
||||
private static Expression<Func<Project, bool>> UserHasWriteAccessToProject(Guid userId) => p =>
|
||||
p.UserAccessPolicies.Any(ap => ap.OrganizationUser.User.Id == userId && ap.Write) ||
|
||||
p.GroupAccessPolicies.Any(ap => ap.Group.GroupUsers.Any(gu => gu.OrganizationUser.User.Id == userId && ap.Write));
|
||||
|
||||
private static Expression<Func<Project, bool>> ServiceAccountHasReadAccessToProject(Guid serviceAccountId) => p =>
|
||||
p.ServiceAccountAccessPolicies.Any(ap => ap.ServiceAccount.Id == serviceAccountId && ap.Read);
|
||||
|
||||
private static Expression<Func<Project, bool>> ServiceAccountHasWriteAccessToProject(Guid serviceAccountId) => p =>
|
||||
p.ServiceAccountAccessPolicies.Any(ap => ap.ServiceAccount.Id == serviceAccountId && ap.Write);
|
||||
|
||||
public async Task DeleteManyByIdAsync(IEnumerable<Guid> ids)
|
||||
{
|
||||
using (var scope = ServiceScopeFactory.CreateScope())
|
||||
@ -97,57 +78,13 @@ public class ProjectRepository : Repository<Core.SecretsManager.Entities.Project
|
||||
{
|
||||
var dbContext = GetDatabaseContext(scope);
|
||||
var projects = await dbContext.Project
|
||||
.Include(p => p.Secrets)
|
||||
.Where(c => ids.Contains(c.Id) && c.DeletedDate == null)
|
||||
.ToListAsync();
|
||||
.Include(p => p.Secrets)
|
||||
.Where(c => ids.Contains(c.Id) && c.DeletedDate == null)
|
||||
.ToListAsync();
|
||||
return Mapper.Map<List<Core.SecretsManager.Entities.Project>>(projects);
|
||||
}
|
||||
}
|
||||
|
||||
public async Task<bool> ServiceAccountHasReadAccessToProject(Guid id, Guid userId)
|
||||
{
|
||||
using var scope = ServiceScopeFactory.CreateScope();
|
||||
var dbContext = GetDatabaseContext(scope);
|
||||
var query = dbContext.Project
|
||||
.Where(p => p.Id == id)
|
||||
.Where(ServiceAccountHasReadAccessToProject(userId));
|
||||
|
||||
return await query.AnyAsync();
|
||||
}
|
||||
|
||||
public async Task<bool> ServiceAccountHasWriteAccessToProject(Guid id, Guid userId)
|
||||
{
|
||||
using var scope = ServiceScopeFactory.CreateScope();
|
||||
var dbContext = GetDatabaseContext(scope);
|
||||
var query = dbContext.Project
|
||||
.Where(p => p.Id == id)
|
||||
.Where(ServiceAccountHasWriteAccessToProject(userId));
|
||||
|
||||
return await query.AnyAsync();
|
||||
}
|
||||
|
||||
public async Task<bool> UserHasReadAccessToProject(Guid id, Guid userId)
|
||||
{
|
||||
using var scope = ServiceScopeFactory.CreateScope();
|
||||
var dbContext = GetDatabaseContext(scope);
|
||||
var query = dbContext.Project
|
||||
.Where(p => p.Id == id)
|
||||
.Where(UserHasReadAccessToProject(userId));
|
||||
|
||||
return await query.AnyAsync();
|
||||
}
|
||||
|
||||
public async Task<bool> UserHasWriteAccessToProject(Guid id, Guid userId)
|
||||
{
|
||||
using var scope = ServiceScopeFactory.CreateScope();
|
||||
var dbContext = GetDatabaseContext(scope);
|
||||
var query = dbContext.Project
|
||||
.Where(p => p.Id == id)
|
||||
.Where(UserHasWriteAccessToProject(userId));
|
||||
|
||||
return await query.AnyAsync();
|
||||
}
|
||||
|
||||
public async Task<IEnumerable<Core.SecretsManager.Entities.Project>> ImportAsync(IEnumerable<Core.SecretsManager.Entities.Project> projects)
|
||||
{
|
||||
using var scope = ServiceScopeFactory.CreateScope();
|
||||
@ -199,4 +136,54 @@ public class ProjectRepository : Repository<Core.SecretsManager.Entities.Project
|
||||
|
||||
return projectIds.Count == results.Count;
|
||||
}
|
||||
|
||||
private IQueryable<ProjectPermissionDetails> ProjectToPermissionDetails(IQueryable<Project> query, Guid userId, AccessClientType accessType)
|
||||
{
|
||||
var projects = accessType switch
|
||||
{
|
||||
AccessClientType.NoAccessCheck => query.Select(p => new ProjectPermissionDetails
|
||||
{
|
||||
Project = Mapper.Map<Bit.Core.SecretsManager.Entities.Project>(p),
|
||||
Read = true,
|
||||
Write = true,
|
||||
}),
|
||||
AccessClientType.User => query.Where(UserHasReadAccessToProject(userId)).Select(ProjectToPermissionsUser(userId, true)),
|
||||
AccessClientType.ServiceAccount => query.Where(ServiceAccountHasReadAccessToProject(userId)).Select(ProjectToPermissionsServiceAccount(userId, true)),
|
||||
_ => throw new ArgumentOutOfRangeException(nameof(accessType), accessType, null),
|
||||
};
|
||||
return projects;
|
||||
}
|
||||
|
||||
private Expression<Func<Project, ProjectPermissionDetails>> ProjectToPermissionsUser(Guid userId, bool read) =>
|
||||
p => new ProjectPermissionDetails
|
||||
{
|
||||
Project = Mapper.Map<Bit.Core.SecretsManager.Entities.Project>(p),
|
||||
Read = read,
|
||||
Write = p.UserAccessPolicies.Any(ap => ap.OrganizationUser.User.Id == userId && ap.Write) ||
|
||||
p.GroupAccessPolicies.Any(ap =>
|
||||
ap.Group.GroupUsers.Any(gu => gu.OrganizationUser.User.Id == userId && ap.Write)),
|
||||
};
|
||||
|
||||
private Expression<Func<Project, ProjectPermissionDetails>> ProjectToPermissionsServiceAccount(Guid userId, bool read) =>
|
||||
p => new ProjectPermissionDetails
|
||||
{
|
||||
Project = Mapper.Map<Bit.Core.SecretsManager.Entities.Project>(p),
|
||||
Read = read,
|
||||
Write = p.ServiceAccountAccessPolicies.Any(ap => ap.ServiceAccount.Id == userId && ap.Write),
|
||||
};
|
||||
|
||||
private static Expression<Func<Project, bool>> UserHasReadAccessToProject(Guid userId) => p =>
|
||||
p.UserAccessPolicies.Any(ap => ap.OrganizationUser.User.Id == userId && ap.Read) ||
|
||||
p.GroupAccessPolicies.Any(ap => ap.Group.GroupUsers.Any(gu => gu.OrganizationUser.User.Id == userId && ap.Read));
|
||||
|
||||
private static Expression<Func<Project, bool>> UserHasWriteAccessToProject(Guid userId) => p =>
|
||||
p.UserAccessPolicies.Any(ap => ap.OrganizationUser.User.Id == userId && ap.Write) ||
|
||||
p.GroupAccessPolicies.Any(ap => ap.Group.GroupUsers.Any(gu => gu.OrganizationUser.User.Id == userId && ap.Write));
|
||||
|
||||
private static Expression<Func<Project, bool>> ServiceAccountHasReadAccessToProject(Guid serviceAccountId) => p =>
|
||||
p.ServiceAccountAccessPolicies.Any(ap => ap.ServiceAccount.Id == serviceAccountId && ap.Read);
|
||||
|
||||
private static Expression<Func<Project, bool>> ServiceAccountHasWriteAccessToProject(Guid serviceAccountId) => p =>
|
||||
p.ServiceAccountAccessPolicies.Any(ap => ap.ServiceAccount.Id == serviceAccountId && ap.Write);
|
||||
|
||||
}
|
||||
|
||||
@ -136,8 +136,8 @@ public class CreateAccessPoliciesCommandTests
|
||||
{
|
||||
if (permissionType == PermissionType.RunAsUserWithPermission)
|
||||
{
|
||||
sutProvider.GetDependency<IProjectRepository>().UserHasWriteAccessToProject(project.Id, userId)
|
||||
.Returns(true);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(project.Id, userId, AccessClientType.User)
|
||||
.Returns((true, true));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -2,6 +2,7 @@
|
||||
using Bit.Commercial.Core.Test.SecretsManager.Enums;
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.SecretsManager.Entities;
|
||||
using Bit.Core.SecretsManager.Repositories;
|
||||
@ -28,8 +29,8 @@ public class DeleteAccessPolicyCommandTests
|
||||
.Returns(true);
|
||||
break;
|
||||
case PermissionType.RunAsUserWithPermission:
|
||||
sutProvider.GetDependency<IProjectRepository>().UserHasWriteAccessToProject(grantedProject.Id, userId)
|
||||
.Returns(true);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(grantedProject.Id, userId, AccessClientType.User)
|
||||
.Returns((true, true));
|
||||
break;
|
||||
default:
|
||||
throw new ArgumentOutOfRangeException(nameof(permissionType), permissionType, null);
|
||||
|
||||
@ -2,6 +2,7 @@
|
||||
using Bit.Commercial.Core.Test.SecretsManager.Enums;
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.SecretsManager.Entities;
|
||||
using Bit.Core.SecretsManager.Repositories;
|
||||
@ -28,8 +29,8 @@ public class UpdateAccessPolicyCommandTests
|
||||
.Returns(true);
|
||||
break;
|
||||
case PermissionType.RunAsUserWithPermission:
|
||||
sutProvider.GetDependency<IProjectRepository>().UserHasWriteAccessToProject(grantedProject.Id, userId)
|
||||
.Returns(true);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(grantedProject.Id, userId, AccessClientType.User)
|
||||
.Returns((true, true));
|
||||
break;
|
||||
default:
|
||||
throw new ArgumentOutOfRangeException(nameof(permissionType), permissionType, null);
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
using Bit.Commercial.Core.SecretsManager.Commands.Projects;
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.Identity;
|
||||
using Bit.Core.SecretsManager.Entities;
|
||||
@ -52,7 +53,8 @@ public class DeleteProjectCommandTests
|
||||
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(organizationId).Returns(true);
|
||||
sutProvider.GetDependency<ICurrentContext>().ClientType = ClientType.User;
|
||||
sutProvider.GetDependency<IProjectRepository>().GetManyWithSecretsByIds(data).Returns(projects);
|
||||
sutProvider.GetDependency<IProjectRepository>().UserHasWriteAccessToProject(Arg.Any<Guid>(), userId).Returns(true);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(Arg.Any<Guid>(), userId, AccessClientType.User)
|
||||
.Returns((true, true));
|
||||
|
||||
var results = await sutProvider.Sut.DeleteProjects(data, userId);
|
||||
|
||||
@ -74,7 +76,8 @@ public class DeleteProjectCommandTests
|
||||
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(organizationId).Returns(true);
|
||||
sutProvider.GetDependency<ICurrentContext>().ClientType = ClientType.User;
|
||||
sutProvider.GetDependency<IProjectRepository>().GetManyWithSecretsByIds(data).Returns(projects);
|
||||
sutProvider.GetDependency<IProjectRepository>().UserHasWriteAccessToProject(userId, userId).Returns(false);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(Arg.Any<Guid>(), userId, AccessClientType.User)
|
||||
.Returns((false, false));
|
||||
|
||||
var results = await sutProvider.Sut.DeleteProjects(data, userId);
|
||||
|
||||
@ -96,6 +99,9 @@ public class DeleteProjectCommandTests
|
||||
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(organizationId).Returns(true);
|
||||
sutProvider.GetDependency<ICurrentContext>().OrganizationAdmin(organizationId).Returns(true);
|
||||
sutProvider.GetDependency<IProjectRepository>().GetManyWithSecretsByIds(data).Returns(projects);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(Arg.Any<Guid>(), userId, AccessClientType.NoAccessCheck)
|
||||
.Returns((true, true));
|
||||
|
||||
|
||||
var results = await sutProvider.Sut.DeleteProjects(data, userId);
|
||||
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
using Bit.Commercial.Core.SecretsManager.Commands.Projects;
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.SecretsManager.Entities;
|
||||
using Bit.Core.SecretsManager.Repositories;
|
||||
@ -35,6 +36,8 @@ public class UpdateProjectCommandTests
|
||||
sutProvider.GetDependency<IProjectRepository>().GetByIdAsync(project.Id).Returns(project);
|
||||
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(project.OrganizationId).Returns(true);
|
||||
sutProvider.GetDependency<ICurrentContext>().OrganizationAdmin(project.OrganizationId).Returns(true);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(project.Id, userId, AccessClientType.NoAccessCheck)
|
||||
.Returns((true, true));
|
||||
|
||||
var project2 = new Project { Id = project.Id, Name = "newName" };
|
||||
var result = await sutProvider.Sut.UpdateAsync(project2, userId);
|
||||
@ -51,7 +54,8 @@ public class UpdateProjectCommandTests
|
||||
public async Task UpdateAsync_User_NoAccess(Project project, Guid userId, SutProvider<UpdateProjectCommand> sutProvider)
|
||||
{
|
||||
sutProvider.GetDependency<IProjectRepository>().GetByIdAsync(project.Id).Returns(project);
|
||||
sutProvider.GetDependency<IProjectRepository>().UserHasWriteAccessToProject(project.Id, userId).Returns(false);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(project.Id, userId, AccessClientType.User)
|
||||
.Returns((false, false));
|
||||
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(project.OrganizationId).Returns(true);
|
||||
|
||||
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.UpdateAsync(project, userId));
|
||||
@ -64,7 +68,8 @@ public class UpdateProjectCommandTests
|
||||
public async Task UpdateAsync_User_Success(Project project, Guid userId, SutProvider<UpdateProjectCommand> sutProvider)
|
||||
{
|
||||
sutProvider.GetDependency<IProjectRepository>().GetByIdAsync(project.Id).Returns(project);
|
||||
sutProvider.GetDependency<IProjectRepository>().UserHasWriteAccessToProject(project.Id, userId).Returns(true);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(project.Id, userId, AccessClientType.User)
|
||||
.Returns((true, true));
|
||||
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(project.OrganizationId).Returns(true);
|
||||
|
||||
var project2 = new Project { Id = project.Id, Name = "newName" };
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
using Bit.Commercial.Core.SecretsManager.Commands.Secrets;
|
||||
using Bit.Commercial.Core.Test.SecretsManager.Enums;
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.SecretsManager.Entities;
|
||||
using Bit.Core.SecretsManager.Repositories;
|
||||
@ -30,11 +31,14 @@ public class CreateSecretCommandTests
|
||||
if (permissionType == PermissionType.RunAsAdmin)
|
||||
{
|
||||
sutProvider.GetDependency<ICurrentContext>().OrganizationAdmin(data.OrganizationId).Returns(true);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync((Guid)data.Projects?.First().Id, userId, AccessClientType.NoAccessCheck)
|
||||
.Returns((true, true));
|
||||
}
|
||||
else
|
||||
{
|
||||
sutProvider.GetDependency<ICurrentContext>().OrganizationAdmin(data.OrganizationId).Returns(false);
|
||||
sutProvider.GetDependency<IProjectRepository>().UserHasWriteAccessToProject((Guid)(data.Projects?.First().Id), userId).Returns(true);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync((Guid)data.Projects?.First().Id, userId, AccessClientType.User)
|
||||
.Returns((true, true));
|
||||
}
|
||||
|
||||
await sutProvider.Sut.CreateAsync(data, userId);
|
||||
@ -52,7 +56,8 @@ public class CreateSecretCommandTests
|
||||
data.Projects = new List<Project>() { mockProject };
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().OrganizationAdmin(data.OrganizationId).Returns(false);
|
||||
sutProvider.GetDependency<IProjectRepository>().UserHasWriteAccessToProject((Guid)(data.Projects?.First().Id), userId).Returns(false);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync((Guid)data.Projects?.First().Id, userId, AccessClientType.User)
|
||||
.Returns((false, false));
|
||||
|
||||
await Assert.ThrowsAsync<NotFoundException>(() =>
|
||||
sutProvider.Sut.CreateAsync(data, userId));
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
using Bit.Commercial.Core.SecretsManager.Commands.Secrets;
|
||||
using Bit.Commercial.Core.Test.SecretsManager.Enums;
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.SecretsManager.Entities;
|
||||
using Bit.Core.SecretsManager.Repositories;
|
||||
@ -60,7 +61,8 @@ public class DeleteSecretCommandTests
|
||||
else
|
||||
{
|
||||
sutProvider.GetDependency<ICurrentContext>().OrganizationAdmin(organizationId).Returns(false);
|
||||
sutProvider.GetDependency<IProjectRepository>().UserHasWriteAccessToProject(mockProject.Id, userId).Returns(true);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(mockProject.Id, userId, AccessClientType.User)
|
||||
.Returns((true, true));
|
||||
projects = new List<Project>() { mockProject };
|
||||
}
|
||||
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
using Bit.Commercial.Core.SecretsManager.Commands.Secrets;
|
||||
using Bit.Commercial.Core.Test.SecretsManager.Enums;
|
||||
using Bit.Core.Context;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.SecretsManager.Entities;
|
||||
using Bit.Core.SecretsManager.Repositories;
|
||||
@ -46,7 +47,9 @@ public class UpdateSecretCommandTests
|
||||
else
|
||||
{
|
||||
sutProvider.GetDependency<ICurrentContext>().OrganizationAdmin(data.OrganizationId).Returns(false);
|
||||
sutProvider.GetDependency<IProjectRepository>().UserHasWriteAccessToProject((Guid)(data.Projects?.First().Id), userId).Returns(true);
|
||||
sutProvider.GetDependency<IProjectRepository>()
|
||||
.AccessToProjectAsync((Guid)data.Projects?.First().Id, userId, AccessClientType.User)
|
||||
.Returns((true, true));
|
||||
}
|
||||
|
||||
sutProvider.GetDependency<ISecretRepository>().GetByIdAsync(data.Id).Returns(data);
|
||||
|
||||
@ -249,14 +249,8 @@ public class AccessPoliciesController : Controller
|
||||
}
|
||||
|
||||
var (accessClient, userId) = await GetAccessClientTypeAsync(project.OrganizationId);
|
||||
var hasAccess = accessClient switch
|
||||
{
|
||||
AccessClientType.NoAccessCheck => true,
|
||||
AccessClientType.User => await _projectRepository.UserHasWriteAccessToProject(project.Id, userId),
|
||||
_ => false,
|
||||
};
|
||||
|
||||
if (!hasAccess)
|
||||
var access = await _projectRepository.AccessToProjectAsync(project.Id, userId, accessClient);
|
||||
if (!access.Write || accessClient == AccessClientType.ServiceAccount)
|
||||
{
|
||||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
@ -67,7 +67,9 @@ public class ProjectsController : Controller
|
||||
|
||||
var userId = _userService.GetProperUserId(User).Value;
|
||||
var result = await _createProjectCommand.CreateAsync(createRequest.ToProject(organizationId), userId);
|
||||
return new ProjectResponseModel(result);
|
||||
|
||||
// Creating a project means you have read & write permission.
|
||||
return new ProjectResponseModel(result, true, true);
|
||||
}
|
||||
|
||||
[HttpPut("projects/{id}")]
|
||||
@ -76,11 +78,13 @@ public class ProjectsController : Controller
|
||||
var userId = _userService.GetProperUserId(User).Value;
|
||||
|
||||
var result = await _updateProjectCommand.UpdateAsync(updateRequest.ToProject(id), userId);
|
||||
return new ProjectResponseModel(result);
|
||||
|
||||
// Updating a project means you have read & write permission.
|
||||
return new ProjectResponseModel(result, true, true);
|
||||
}
|
||||
|
||||
[HttpGet("projects/{id}")]
|
||||
public async Task<ProjectPermissionDetailsResponseModel> GetAsync([FromRoute] Guid id)
|
||||
public async Task<ProjectResponseModel> GetAsync([FromRoute] Guid id)
|
||||
{
|
||||
var project = await _projectRepository.GetByIdAsync(id);
|
||||
if (project == null)
|
||||
@ -104,7 +108,7 @@ public class ProjectsController : Controller
|
||||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
return new ProjectPermissionDetailsResponseModel(project, access.Read, access.Write);
|
||||
return new ProjectResponseModel(project, access.Read, access.Write);
|
||||
}
|
||||
|
||||
[HttpPost("projects/delete")]
|
||||
|
||||
@ -47,7 +47,7 @@ public class SecretsManagerPortingController : Controller
|
||||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
return new SMExportResponseModel(projects, secrets.Select(s => s.Secret));
|
||||
return new SMExportResponseModel(projects.Select(p => p.Project), secrets.Select(s => s.Secret));
|
||||
}
|
||||
|
||||
[HttpPost("sm/{organizationId}/import")]
|
||||
|
||||
@ -1,22 +0,0 @@
|
||||
using Bit.Core.SecretsManager.Entities;
|
||||
|
||||
namespace Bit.Api.SecretsManager.Models.Response;
|
||||
|
||||
public class ProjectPermissionDetailsResponseModel : ProjectResponseModel
|
||||
{
|
||||
private const string _objectName = "projectPermissionDetails";
|
||||
|
||||
public ProjectPermissionDetailsResponseModel(Project project, bool read, bool write, string obj = _objectName) : base(project, obj)
|
||||
{
|
||||
Read = read;
|
||||
Write = write;
|
||||
}
|
||||
|
||||
public ProjectPermissionDetailsResponseModel()
|
||||
{
|
||||
}
|
||||
|
||||
public bool Read { get; set; }
|
||||
|
||||
public bool Write { get; set; }
|
||||
}
|
||||
@ -1,5 +1,6 @@
|
||||
using Bit.Core.Models.Api;
|
||||
using Bit.Core.SecretsManager.Entities;
|
||||
using Bit.Core.SecretsManager.Models.Data;
|
||||
|
||||
namespace Bit.Api.SecretsManager.Models.Response;
|
||||
|
||||
@ -7,7 +8,7 @@ public class ProjectResponseModel : ResponseModel
|
||||
{
|
||||
private const string _objectName = "project";
|
||||
|
||||
public ProjectResponseModel(Project project, string obj = _objectName)
|
||||
public ProjectResponseModel(Project project, bool read, bool write, string obj = _objectName)
|
||||
: base(obj)
|
||||
{
|
||||
if (project == null)
|
||||
@ -20,6 +21,25 @@ public class ProjectResponseModel : ResponseModel
|
||||
Name = project.Name;
|
||||
CreationDate = project.CreationDate;
|
||||
RevisionDate = project.RevisionDate;
|
||||
Read = read;
|
||||
Write = write;
|
||||
}
|
||||
|
||||
public ProjectResponseModel(ProjectPermissionDetails projectDetails, string obj = _objectName)
|
||||
: base(obj)
|
||||
{
|
||||
if (projectDetails == null)
|
||||
{
|
||||
throw new ArgumentNullException(nameof(projectDetails));
|
||||
}
|
||||
|
||||
Id = projectDetails.Project.Id.ToString();
|
||||
OrganizationId = projectDetails.Project.OrganizationId.ToString();
|
||||
Name = projectDetails.Project.Name;
|
||||
CreationDate = projectDetails.Project.CreationDate;
|
||||
RevisionDate = projectDetails.Project.RevisionDate;
|
||||
Read = projectDetails.Read;
|
||||
Write = projectDetails.Write;
|
||||
}
|
||||
|
||||
public ProjectResponseModel() : base(_objectName)
|
||||
@ -36,5 +56,7 @@ public class ProjectResponseModel : ResponseModel
|
||||
|
||||
public DateTime RevisionDate { get; set; }
|
||||
|
||||
public IEnumerable<Guid> Secrets { get; set; }
|
||||
public bool Read { get; set; }
|
||||
|
||||
public bool Write { get; set; }
|
||||
}
|
||||
|
||||
@ -2,8 +2,9 @@
|
||||
|
||||
namespace Bit.Core.SecretsManager.Models.Data;
|
||||
|
||||
public class ProjectPermissionDetails : Project
|
||||
public class ProjectPermissionDetails
|
||||
{
|
||||
public Project Project { get; set; }
|
||||
public bool Read { get; set; }
|
||||
public bool Write { get; set; }
|
||||
}
|
||||
|
||||
@ -4,7 +4,7 @@ namespace Bit.Core.SecretsManager.Models.Data;
|
||||
|
||||
public class SecretPermissionDetails
|
||||
{
|
||||
public Secret Secret;
|
||||
public Secret Secret { get; set; }
|
||||
public bool Read { get; set; }
|
||||
public bool Write { get; set; }
|
||||
}
|
||||
|
||||
@ -1,11 +1,12 @@
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.SecretsManager.Entities;
|
||||
using Bit.Core.SecretsManager.Models.Data;
|
||||
|
||||
namespace Bit.Core.SecretsManager.Repositories;
|
||||
|
||||
public interface IProjectRepository
|
||||
{
|
||||
Task<IEnumerable<Project>> GetManyByOrganizationIdAsync(Guid organizationId, Guid userId, AccessClientType accessType);
|
||||
Task<IEnumerable<ProjectPermissionDetails>> GetManyByOrganizationIdAsync(Guid organizationId, Guid userId, AccessClientType accessType);
|
||||
Task<IEnumerable<Project>> GetManyByOrganizationIdWriteAccessAsync(Guid organizationId, Guid userId, AccessClientType accessType);
|
||||
Task<IEnumerable<Project>> GetManyWithSecretsByIds(IEnumerable<Guid> ids);
|
||||
Task<Project> GetByIdAsync(Guid id);
|
||||
@ -13,10 +14,6 @@ public interface IProjectRepository
|
||||
Task ReplaceAsync(Project project);
|
||||
Task DeleteManyByIdAsync(IEnumerable<Guid> ids);
|
||||
Task<IEnumerable<Project>> ImportAsync(IEnumerable<Project> projects);
|
||||
Task<bool> UserHasReadAccessToProject(Guid id, Guid userId);
|
||||
Task<bool> UserHasWriteAccessToProject(Guid id, Guid userId);
|
||||
Task<bool> ServiceAccountHasWriteAccessToProject(Guid id, Guid userId);
|
||||
Task<bool> ServiceAccountHasReadAccessToProject(Guid id, Guid userId);
|
||||
Task<(bool Read, bool Write)> AccessToProjectAsync(Guid id, Guid userId, AccessClientType accessType);
|
||||
Task<bool> ProjectsAreInOrganization(List<Guid> projectIds, Guid organizationId);
|
||||
}
|
||||
|
||||
@ -304,7 +304,7 @@ public class ProjectsControllerTests : IClassFixture<ApiApplicationFactory>, IAs
|
||||
|
||||
var response = await _client.GetAsync($"/projects/{project.Id}");
|
||||
response.EnsureSuccessStatusCode();
|
||||
var result = await response.Content.ReadFromJsonAsync<ProjectPermissionDetailsResponseModel>();
|
||||
var result = await response.Content.ReadFromJsonAsync<ProjectResponseModel>();
|
||||
Assert.Equal(project.Name, result!.Name);
|
||||
Assert.Equal(project.RevisionDate, result.RevisionDate);
|
||||
Assert.Equal(project.CreationDate, result.CreationDate);
|
||||
|
||||
@ -255,7 +255,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
|
||||
Name = _mockEncryptedString
|
||||
});
|
||||
|
||||
var orgUserId = (Guid)orgAdminUser.UserId;
|
||||
var orgUserId = (Guid)orgAdminUser.UserId!;
|
||||
|
||||
if (permissionType == PermissionType.RunAsUserWithPermission)
|
||||
{
|
||||
@ -270,7 +270,7 @@ public class SecretsControllerTests : IClassFixture<ApiApplicationFactory>, IAsy
|
||||
GrantedProjectId = project.Id, OrganizationUserId = orgUser.Id , Read = true, Write = true,
|
||||
},
|
||||
};
|
||||
orgUserId = (Guid)orgUser.UserId;
|
||||
orgUserId = (Guid)orgUser.UserId!;
|
||||
await _accessPolicyRepository.CreateManyAsync(accessPolicies);
|
||||
}
|
||||
|
||||
|
||||
@ -102,11 +102,13 @@ public class AccessPoliciesControllerTests
|
||||
{
|
||||
case PermissionType.RunAsAdmin:
|
||||
SetupAdmin(sutProvider, data.OrganizationId);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(Arg.Any<Guid>(), Arg.Any<Guid>(), AccessClientType.NoAccessCheck)
|
||||
.Returns((true, true));
|
||||
break;
|
||||
case PermissionType.RunAsUserWithPermission:
|
||||
SetupUserWithPermission(sutProvider, data.OrganizationId);
|
||||
sutProvider.GetDependency<IProjectRepository>().UserHasWriteAccessToProject(default, default)
|
||||
.ReturnsForAnyArgs(true);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(Arg.Any<Guid>(), Arg.Any<Guid>(), AccessClientType.User)
|
||||
.Returns((true, true));
|
||||
break;
|
||||
}
|
||||
|
||||
@ -129,8 +131,8 @@ public class AccessPoliciesControllerTests
|
||||
{
|
||||
SetupUserWithoutPermission(sutProvider, data.OrganizationId);
|
||||
sutProvider.GetDependency<IProjectRepository>().GetByIdAsync(default).ReturnsForAnyArgs(data);
|
||||
sutProvider.GetDependency<IProjectRepository>().UserHasWriteAccessToProject(default, default)
|
||||
.ReturnsForAnyArgs(false);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(default, default, default)
|
||||
.Returns((false, false));
|
||||
|
||||
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.GetProjectAccessPoliciesAsync(id));
|
||||
|
||||
@ -153,11 +155,13 @@ public class AccessPoliciesControllerTests
|
||||
{
|
||||
case PermissionType.RunAsAdmin:
|
||||
SetupAdmin(sutProvider, data.OrganizationId);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(Arg.Any<Guid>(), Arg.Any<Guid>(), AccessClientType.NoAccessCheck)
|
||||
.Returns((true, true));
|
||||
break;
|
||||
case PermissionType.RunAsUserWithPermission:
|
||||
SetupUserWithPermission(sutProvider, data.OrganizationId);
|
||||
sutProvider.GetDependency<IProjectRepository>().UserHasWriteAccessToProject(default, default)
|
||||
.ReturnsForAnyArgs(true);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(Arg.Any<Guid>(), Arg.Any<Guid>(), AccessClientType.User)
|
||||
.Returns((true, true));
|
||||
break;
|
||||
}
|
||||
|
||||
@ -184,8 +188,8 @@ public class AccessPoliciesControllerTests
|
||||
{
|
||||
SetupUserWithoutPermission(sutProvider, data.OrganizationId);
|
||||
sutProvider.GetDependency<IProjectRepository>().GetByIdAsync(default).ReturnsForAnyArgs(data);
|
||||
sutProvider.GetDependency<IProjectRepository>().UserHasWriteAccessToProject(default, default)
|
||||
.ReturnsForAnyArgs(false);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(default, default, default)
|
||||
.Returns((false, false));
|
||||
|
||||
sutProvider.GetDependency<IAccessPolicyRepository>().GetManyByGrantedProjectIdAsync(default, default)
|
||||
.ReturnsForAnyArgs(new List<BaseAccessPolicy> { resultAccessPolicy });
|
||||
|
||||
@ -6,6 +6,7 @@ using Bit.Core.Enums;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.SecretsManager.Commands.Projects.Interfaces;
|
||||
using Bit.Core.SecretsManager.Entities;
|
||||
using Bit.Core.SecretsManager.Models.Data;
|
||||
using Bit.Core.SecretsManager.Repositories;
|
||||
using Bit.Core.Services;
|
||||
using Bit.Core.Test.SecretsManager.AutoFixture.ProjectsFixture;
|
||||
@ -88,7 +89,7 @@ public class ProjectsControllerTests
|
||||
}
|
||||
|
||||
sutProvider.GetDependency<IProjectRepository>().GetManyByOrganizationIdAsync(default, default, default)
|
||||
.ReturnsForAnyArgs(new List<Project> { mockProject });
|
||||
.ReturnsForAnyArgs(new List<ProjectPermissionDetails> { new() { Project = mockProject, Read = true, Write = true } });
|
||||
|
||||
var result = await sutProvider.Sut.ListByOrganizationAsync(data);
|
||||
|
||||
@ -193,8 +194,8 @@ public class ProjectsControllerTests
|
||||
break;
|
||||
case PermissionType.RunAsUserWithPermission:
|
||||
SetupUserWithPermission(sutProvider, orgId);
|
||||
sutProvider.GetDependency<IProjectRepository>()
|
||||
.UserHasReadAccessToProject(Arg.Is(data), Arg.Any<Guid>()).ReturnsForAnyArgs(true);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(default, default, default)
|
||||
.Returns((true, true));
|
||||
break;
|
||||
}
|
||||
|
||||
@ -216,8 +217,8 @@ public class ProjectsControllerTests
|
||||
Guid data)
|
||||
{
|
||||
SetupUserWithPermission(sutProvider, orgId);
|
||||
sutProvider.GetDependency<IProjectRepository>().UserHasReadAccessToProject(Arg.Is(data), Arg.Any<Guid>())
|
||||
.ReturnsForAnyArgs(false);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(default, default, default)
|
||||
.Returns((false, false));
|
||||
|
||||
sutProvider.GetDependency<IProjectRepository>().GetByIdAsync(Arg.Is(data))
|
||||
.ReturnsForAnyArgs(new Project { Id = data, OrganizationId = orgId });
|
||||
|
||||
@ -61,7 +61,8 @@ public class SecretsControllerTests
|
||||
{
|
||||
resultSecret.Projects = new List<Core.SecretsManager.Entities.Project>() { mockProject };
|
||||
sutProvider.GetDependency<ICurrentContext>().OrganizationAdmin(organizationId).Returns(false);
|
||||
sutProvider.GetDependency<IProjectRepository>().UserHasReadAccessToProject(mockProject.Id, userId).Returns(true);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(default, default, default)
|
||||
.Returns((true, true));
|
||||
}
|
||||
|
||||
|
||||
@ -107,11 +108,14 @@ public class SecretsControllerTests
|
||||
{
|
||||
resultSecret.OrganizationId = organizationId;
|
||||
sutProvider.GetDependency<ICurrentContext>().OrganizationAdmin(organizationId).Returns(true);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(Arg.Any<Guid>(), Arg.Any<Guid>(), AccessClientType.NoAccessCheck)
|
||||
.Returns((true, true));
|
||||
}
|
||||
else
|
||||
{
|
||||
sutProvider.GetDependency<ICurrentContext>().OrganizationAdmin(organizationId).Returns(false);
|
||||
sutProvider.GetDependency<IProjectRepository>().UserHasReadAccessToProject(mockProject.Id, userId).Returns(true);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(Arg.Any<Guid>(), Arg.Any<Guid>(), AccessClientType.User)
|
||||
.Returns((true, true));
|
||||
}
|
||||
|
||||
await sutProvider.Sut.GetAsync(resultSecret.Id);
|
||||
@ -142,7 +146,8 @@ public class SecretsControllerTests
|
||||
{
|
||||
resultSecret.Projects = new List<Core.SecretsManager.Entities.Project>() { mockProject };
|
||||
sutProvider.GetDependency<ICurrentContext>().OrganizationAdmin(organizationId).Returns(false);
|
||||
sutProvider.GetDependency<IProjectRepository>().UserHasReadAccessToProject(mockProject.Id, userId).Returns(true);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(Arg.Any<Guid>(), Arg.Any<Guid>(), AccessClientType.User)
|
||||
.Returns((true, true));
|
||||
}
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(organizationId).Returns(true);
|
||||
@ -174,7 +179,8 @@ public class SecretsControllerTests
|
||||
{
|
||||
data.ProjectIds = new Guid[] { mockProject.Id };
|
||||
sutProvider.GetDependency<ICurrentContext>().OrganizationAdmin(organizationId).Returns(false);
|
||||
sutProvider.GetDependency<IProjectRepository>().UserHasReadAccessToProject(mockProject.Id, userId).Returns(true);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(default, default, default)
|
||||
.Returns((true, true));
|
||||
}
|
||||
|
||||
var resultSecret = data.ToSecret(secretId);
|
||||
@ -200,7 +206,8 @@ public class SecretsControllerTests
|
||||
{
|
||||
data.FirstOrDefault().Projects = new List<Project>() { mockProject };
|
||||
sutProvider.GetDependency<ICurrentContext>().OrganizationAdmin(organizationId).Returns(false);
|
||||
sutProvider.GetDependency<IProjectRepository>().UserHasReadAccessToProject(mockProject.Id, userId).Returns(true);
|
||||
sutProvider.GetDependency<IProjectRepository>().AccessToProjectAsync(default, default, default)
|
||||
.Returns((true, true));
|
||||
}
|
||||
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user