mirror of
https://github.com/bitwarden/server.git
synced 2024-12-11 15:17:44 +01:00
Update references
This commit is contained in:
parent
61ad4ef252
commit
2eee23e28b
@ -1,4 +1,6 @@
|
|||||||
@model OrganizationViewModel
|
@inject Bit.Core.Services.IFeatureService FeatureService
|
||||||
|
@model OrganizationViewModel
|
||||||
|
|
||||||
<dl class="row">
|
<dl class="row">
|
||||||
<dt class="col-sm-4 col-lg-3">Id</dt>
|
<dt class="col-sm-4 col-lg-3">Id</dt>
|
||||||
<dd id="org-id" class="col-sm-8 col-lg-9"><code>@Model.Organization.Id</code></dd>
|
<dd id="org-id" class="col-sm-8 col-lg-9"><code>@Model.Organization.Id</code></dd>
|
||||||
@ -53,8 +55,19 @@
|
|||||||
<dt class="col-sm-4 col-lg-3">Administrators manage all collections</dt>
|
<dt class="col-sm-4 col-lg-3">Administrators manage all collections</dt>
|
||||||
<dd id="pm-manage-collections" class="col-sm-8 col-lg-9">@(Model.Organization.AllowAdminAccessToAllCollectionItems ? "On" : "Off")</dd>
|
<dd id="pm-manage-collections" class="col-sm-8 col-lg-9">@(Model.Organization.AllowAdminAccessToAllCollectionItems ? "On" : "Off")</dd>
|
||||||
|
|
||||||
|
@if (!FeatureService.IsEnabled(Bit.Core.FeatureFlagKeys.LimitCollectionCreationDeletionSplit))
|
||||||
|
{
|
||||||
<dt class="col-sm-4 col-lg-3">Limit collection creation to administrators</dt>
|
<dt class="col-sm-4 col-lg-3">Limit collection creation to administrators</dt>
|
||||||
<dd id="pm-collection-creation" class="col-sm-8 col-lg-9">@(Model.Organization.LimitCollectionCreationDeletion ? "On" : "Off")</dd>
|
<dd id="pm-collection-creation" class="col-sm-8 col-lg-9">@(Model.Organization.LimitCollectionCreationDeletion ? "On" : "Off")</dd>
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
<dt class="col-sm-4 col-lg-3">Limit collection creation to administrators</dt>
|
||||||
|
<dd id="pm-collection-creation" class="col-sm-8 col-lg-9">@(Model.Organization.LimitCollectionCreation ? "On" : "Off")</dd>
|
||||||
|
|
||||||
|
<dt class="col-sm-4 col-lg-3">Limit collection deletion to administrators</dt>
|
||||||
|
<dd id="pm-collection-deletion" class="col-sm-8 col-lg-9">@(Model.Organization.LimitCollectionDeletion ? "On" : "Off")</dd>
|
||||||
|
}
|
||||||
</dl>
|
</dl>
|
||||||
|
|
||||||
<h2>Secrets Manager</h2>
|
<h2>Secrets Manager</h2>
|
||||||
|
@ -55,6 +55,9 @@ public class OrganizationResponseModel : ResponseModel
|
|||||||
SmServiceAccounts = organization.SmServiceAccounts;
|
SmServiceAccounts = organization.SmServiceAccounts;
|
||||||
MaxAutoscaleSmSeats = organization.MaxAutoscaleSmSeats;
|
MaxAutoscaleSmSeats = organization.MaxAutoscaleSmSeats;
|
||||||
MaxAutoscaleSmServiceAccounts = organization.MaxAutoscaleSmServiceAccounts;
|
MaxAutoscaleSmServiceAccounts = organization.MaxAutoscaleSmServiceAccounts;
|
||||||
|
LimitCollectionCreation = organization.LimitCollectionCreation;
|
||||||
|
LimitCollectionDeletion = organization.LimitCollectionDeletion;
|
||||||
|
// Deperectated: https://bitwarden.atlassian.net/browse/PM-10863
|
||||||
LimitCollectionCreationDeletion = organization.LimitCollectionCreationDeletion;
|
LimitCollectionCreationDeletion = organization.LimitCollectionCreationDeletion;
|
||||||
AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
|
AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
|
||||||
}
|
}
|
||||||
@ -98,6 +101,9 @@ public class OrganizationResponseModel : ResponseModel
|
|||||||
public int? SmServiceAccounts { get; set; }
|
public int? SmServiceAccounts { get; set; }
|
||||||
public int? MaxAutoscaleSmSeats { get; set; }
|
public int? MaxAutoscaleSmSeats { get; set; }
|
||||||
public int? MaxAutoscaleSmServiceAccounts { get; set; }
|
public int? MaxAutoscaleSmServiceAccounts { get; set; }
|
||||||
|
public bool LimitCollectionCreation { get; set; }
|
||||||
|
public bool LimitCollectionDeletion { get; set; }
|
||||||
|
// Deperectated: https://bitwarden.atlassian.net/browse/PM-10863
|
||||||
public bool LimitCollectionCreationDeletion { get; set; }
|
public bool LimitCollectionCreationDeletion { get; set; }
|
||||||
public bool AllowAdminAccessToAllCollectionItems { get; set; }
|
public bool AllowAdminAccessToAllCollectionItems { get; set; }
|
||||||
}
|
}
|
||||||
|
@ -62,6 +62,9 @@ public class ProfileOrganizationResponseModel : ResponseModel
|
|||||||
FamilySponsorshipToDelete = organization.FamilySponsorshipToDelete;
|
FamilySponsorshipToDelete = organization.FamilySponsorshipToDelete;
|
||||||
FamilySponsorshipValidUntil = organization.FamilySponsorshipValidUntil;
|
FamilySponsorshipValidUntil = organization.FamilySponsorshipValidUntil;
|
||||||
AccessSecretsManager = organization.AccessSecretsManager;
|
AccessSecretsManager = organization.AccessSecretsManager;
|
||||||
|
LimitCollectionCreation = organization.LimitCollectionCreation;
|
||||||
|
LimitCollectionDeletion = organization.LimitCollectionDeletion;
|
||||||
|
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
|
||||||
LimitCollectionCreationDeletion = organization.LimitCollectionCreationDeletion;
|
LimitCollectionCreationDeletion = organization.LimitCollectionCreationDeletion;
|
||||||
AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
|
AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
|
||||||
|
|
||||||
@ -120,6 +123,9 @@ public class ProfileOrganizationResponseModel : ResponseModel
|
|||||||
public DateTime? FamilySponsorshipValidUntil { get; set; }
|
public DateTime? FamilySponsorshipValidUntil { get; set; }
|
||||||
public bool? FamilySponsorshipToDelete { get; set; }
|
public bool? FamilySponsorshipToDelete { get; set; }
|
||||||
public bool AccessSecretsManager { get; set; }
|
public bool AccessSecretsManager { get; set; }
|
||||||
|
public bool LimitCollectionCreation { get; set; }
|
||||||
|
public bool LimitCollectionDeletion { get; set; }
|
||||||
|
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
|
||||||
public bool LimitCollectionCreationDeletion { get; set; }
|
public bool LimitCollectionCreationDeletion { get; set; }
|
||||||
public bool AllowAdminAccessToAllCollectionItems { get; set; }
|
public bool AllowAdminAccessToAllCollectionItems { get; set; }
|
||||||
}
|
}
|
||||||
|
@ -44,6 +44,9 @@ public class ProfileProviderOrganizationResponseModel : ProfileOrganizationRespo
|
|||||||
ProviderId = organization.ProviderId;
|
ProviderId = organization.ProviderId;
|
||||||
ProviderName = organization.ProviderName;
|
ProviderName = organization.ProviderName;
|
||||||
ProductTierType = StaticStore.GetPlan(organization.PlanType).ProductTier;
|
ProductTierType = StaticStore.GetPlan(organization.PlanType).ProductTier;
|
||||||
|
LimitCollectionCreation = organization.LimitCollectionCreation;
|
||||||
|
LimitCollectionDeletion = organization.LimitCollectionDeletion;
|
||||||
|
// https://bitwarden.atlassian.net/browse/PM-10863
|
||||||
LimitCollectionCreationDeletion = organization.LimitCollectionCreationDeletion;
|
LimitCollectionCreationDeletion = organization.LimitCollectionCreationDeletion;
|
||||||
AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
|
AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
|
||||||
}
|
}
|
||||||
|
@ -4,11 +4,17 @@ namespace Bit.Api.Models.Request.Organizations;
|
|||||||
|
|
||||||
public class OrganizationCollectionManagementUpdateRequestModel
|
public class OrganizationCollectionManagementUpdateRequestModel
|
||||||
{
|
{
|
||||||
|
public bool LimitCollectionCreation { get; set; }
|
||||||
|
public bool LimitCollectionDeletion { get; set; }
|
||||||
|
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
|
||||||
public bool LimitCreateDeleteOwnerAdmin { get; set; }
|
public bool LimitCreateDeleteOwnerAdmin { get; set; }
|
||||||
public bool AllowAdminAccessToAllCollectionItems { get; set; }
|
public bool AllowAdminAccessToAllCollectionItems { get; set; }
|
||||||
|
|
||||||
public virtual Organization ToOrganization(Organization existingOrganization)
|
public virtual Organization ToOrganization(Organization existingOrganization)
|
||||||
{
|
{
|
||||||
|
existingOrganization.LimitCollectionCreation = LimitCollectionCreation;
|
||||||
|
existingOrganization.LimitCollectionDeletion = LimitCollectionDeletion;
|
||||||
|
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
|
||||||
existingOrganization.LimitCollectionCreationDeletion = LimitCreateDeleteOwnerAdmin;
|
existingOrganization.LimitCollectionCreationDeletion = LimitCreateDeleteOwnerAdmin;
|
||||||
existingOrganization.AllowAdminAccessToAllCollectionItems = AllowAdminAccessToAllCollectionItems;
|
existingOrganization.AllowAdminAccessToAllCollectionItems = AllowAdminAccessToAllCollectionItems;
|
||||||
return existingOrganization;
|
return existingOrganization;
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
#nullable enable
|
#nullable enable
|
||||||
using System.Diagnostics;
|
using System.Diagnostics;
|
||||||
|
using Bit.Core;
|
||||||
using Bit.Core.Context;
|
using Bit.Core.Context;
|
||||||
using Bit.Core.Entities;
|
using Bit.Core.Entities;
|
||||||
using Bit.Core.Enums;
|
using Bit.Core.Enums;
|
||||||
@ -123,8 +124,14 @@ public class BulkCollectionAuthorizationHandler : BulkAuthorizationHandler<BulkC
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var organizationAbility = await GetOrganizationAbilityAsync(org);
|
||||||
|
|
||||||
|
var limitCollectionCreationEnabled = !(_featureService.IsEnabled(FeatureFlagKeys.LimitCollectionCreationDeletionSplit)
|
||||||
|
? organizationAbility is { LimitCollectionCreation: false }
|
||||||
|
: organizationAbility is { LimitCollectionCreationDeletion: false });
|
||||||
|
|
||||||
// If the limit collection management setting is disabled, allow any user to create collections
|
// If the limit collection management setting is disabled, allow any user to create collections
|
||||||
if (await GetOrganizationAbilityAsync(org) is { LimitCollectionCreationDeletion: false })
|
if (!limitCollectionCreationEnabled)
|
||||||
{
|
{
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
@ -256,8 +263,15 @@ public class BulkCollectionAuthorizationHandler : BulkAuthorizationHandler<BulkC
|
|||||||
// Ensure acting user has manage permissions for all collections being deleted
|
// Ensure acting user has manage permissions for all collections being deleted
|
||||||
// If LimitCollectionCreationDeletion is true, only Owners and Admins can delete collections they manage
|
// If LimitCollectionCreationDeletion is true, only Owners and Admins can delete collections they manage
|
||||||
var organizationAbility = await GetOrganizationAbilityAsync(org);
|
var organizationAbility = await GetOrganizationAbilityAsync(org);
|
||||||
var canDeleteManagedCollections = organizationAbility is { LimitCollectionCreationDeletion: false } ||
|
|
||||||
|
var limitCollectionDeletionEnabled = !(_featureService.IsEnabled(FeatureFlagKeys.LimitCollectionCreationDeletionSplit)
|
||||||
|
? organizationAbility is { LimitCollectionDeletion: false }
|
||||||
|
: organizationAbility is { LimitCollectionCreationDeletion: false });
|
||||||
|
|
||||||
|
var canDeleteManagedCollections =
|
||||||
|
!limitCollectionDeletionEnabled ||
|
||||||
org is { Type: OrganizationUserType.Owner or OrganizationUserType.Admin };
|
org is { Type: OrganizationUserType.Owner or OrganizationUserType.Admin };
|
||||||
|
|
||||||
if (canDeleteManagedCollections && await CanManageCollectionsAsync(resources, org))
|
if (canDeleteManagedCollections && await CanManageCollectionsAsync(resources, org))
|
||||||
{
|
{
|
||||||
return true;
|
return true;
|
||||||
|
@ -313,7 +313,6 @@ public class Organization : ITableObject<Guid>, IStorableSubscriber, IRevisable,
|
|||||||
UseSecretsManager = license.UseSecretsManager;
|
UseSecretsManager = license.UseSecretsManager;
|
||||||
SmSeats = license.SmSeats;
|
SmSeats = license.SmSeats;
|
||||||
SmServiceAccounts = license.SmServiceAccounts;
|
SmServiceAccounts = license.SmServiceAccounts;
|
||||||
LimitCollectionCreationDeletion = license.LimitCollectionCreationDeletion;
|
|
||||||
AllowAdminAccessToAllCollectionItems = license.AllowAdminAccessToAllCollectionItems;
|
AllowAdminAccessToAllCollectionItems = license.AllowAdminAccessToAllCollectionItems;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -21,6 +21,9 @@ public class OrganizationAbility
|
|||||||
UseResetPassword = organization.UseResetPassword;
|
UseResetPassword = organization.UseResetPassword;
|
||||||
UseCustomPermissions = organization.UseCustomPermissions;
|
UseCustomPermissions = organization.UseCustomPermissions;
|
||||||
UsePolicies = organization.UsePolicies;
|
UsePolicies = organization.UsePolicies;
|
||||||
|
LimitCollectionCreation = organization.LimitCollectionCreation;
|
||||||
|
LimitCollectionDeletion = organization.LimitCollectionDeletion;
|
||||||
|
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
|
||||||
LimitCollectionCreationDeletion = organization.LimitCollectionCreationDeletion;
|
LimitCollectionCreationDeletion = organization.LimitCollectionCreationDeletion;
|
||||||
AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
|
AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
|
||||||
}
|
}
|
||||||
@ -37,6 +40,9 @@ public class OrganizationAbility
|
|||||||
public bool UseResetPassword { get; set; }
|
public bool UseResetPassword { get; set; }
|
||||||
public bool UseCustomPermissions { get; set; }
|
public bool UseCustomPermissions { get; set; }
|
||||||
public bool UsePolicies { get; set; }
|
public bool UsePolicies { get; set; }
|
||||||
|
public bool LimitCollectionCreation { get; set; }
|
||||||
|
public bool LimitCollectionDeletion { get; set; }
|
||||||
|
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
|
||||||
public bool LimitCollectionCreationDeletion { get; set; }
|
public bool LimitCollectionCreationDeletion { get; set; }
|
||||||
public bool AllowAdminAccessToAllCollectionItems { get; set; }
|
public bool AllowAdminAccessToAllCollectionItems { get; set; }
|
||||||
}
|
}
|
||||||
|
@ -54,6 +54,9 @@ public class OrganizationUserOrganizationDetails
|
|||||||
public bool UsePasswordManager { get; set; }
|
public bool UsePasswordManager { get; set; }
|
||||||
public int? SmSeats { get; set; }
|
public int? SmSeats { get; set; }
|
||||||
public int? SmServiceAccounts { get; set; }
|
public int? SmServiceAccounts { get; set; }
|
||||||
|
public bool LimitCollectionCreation { get; set; }
|
||||||
|
public bool LimitCollectionDeletion { get; set; }
|
||||||
|
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
|
||||||
public bool LimitCollectionCreationDeletion { get; set; }
|
public bool LimitCollectionCreationDeletion { get; set; }
|
||||||
public bool AllowAdminAccessToAllCollectionItems { get; set; }
|
public bool AllowAdminAccessToAllCollectionItems { get; set; }
|
||||||
}
|
}
|
||||||
|
@ -144,6 +144,9 @@ public class SelfHostedOrganizationDetails : Organization
|
|||||||
RevisionDate = RevisionDate,
|
RevisionDate = RevisionDate,
|
||||||
MaxAutoscaleSeats = MaxAutoscaleSeats,
|
MaxAutoscaleSeats = MaxAutoscaleSeats,
|
||||||
OwnersNotifiedOfAutoscaling = OwnersNotifiedOfAutoscaling,
|
OwnersNotifiedOfAutoscaling = OwnersNotifiedOfAutoscaling,
|
||||||
|
LimitCollectionCreation = LimitCollectionCreation,
|
||||||
|
LimitCollectionDeletion = LimitCollectionDeletion,
|
||||||
|
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
|
||||||
LimitCollectionCreationDeletion = LimitCollectionCreationDeletion,
|
LimitCollectionCreationDeletion = LimitCollectionCreationDeletion,
|
||||||
AllowAdminAccessToAllCollectionItems = AllowAdminAccessToAllCollectionItems,
|
AllowAdminAccessToAllCollectionItems = AllowAdminAccessToAllCollectionItems,
|
||||||
Status = Status
|
Status = Status
|
||||||
|
@ -40,6 +40,8 @@ public class ProviderUserOrganizationDetails
|
|||||||
[JsonConverter(typeof(HtmlEncodingStringConverter))]
|
[JsonConverter(typeof(HtmlEncodingStringConverter))]
|
||||||
public string ProviderName { get; set; }
|
public string ProviderName { get; set; }
|
||||||
public PlanType PlanType { get; set; }
|
public PlanType PlanType { get; set; }
|
||||||
|
public bool LimitCollectionCreation { get; set; }
|
||||||
|
public bool LimitCollectionDeletion { get; set; }
|
||||||
public bool LimitCollectionCreationDeletion { get; set; }
|
public bool LimitCollectionCreationDeletion { get; set; }
|
||||||
public bool AllowAdminAccessToAllCollectionItems { get; set; }
|
public bool AllowAdminAccessToAllCollectionItems { get; set; }
|
||||||
}
|
}
|
||||||
|
@ -705,10 +705,16 @@ public class OrganizationService : IOrganizationService
|
|||||||
UseSecretsManager = license.UseSecretsManager,
|
UseSecretsManager = license.UseSecretsManager,
|
||||||
SmSeats = license.SmSeats,
|
SmSeats = license.SmSeats,
|
||||||
SmServiceAccounts = license.SmServiceAccounts,
|
SmServiceAccounts = license.SmServiceAccounts,
|
||||||
LimitCollectionCreationDeletion = license.LimitCollectionCreationDeletion,
|
|
||||||
AllowAdminAccessToAllCollectionItems = license.AllowAdminAccessToAllCollectionItems,
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// These fields are being removed from consideration when processing
|
||||||
|
// licenses.
|
||||||
|
if (!_featureService.IsEnabled(FeatureFlagKeys.LimitCollectionCreationDeletionSplit))
|
||||||
|
{
|
||||||
|
organization.LimitCollectionCreationDeletion = license.LimitCollectionCreationDeletion;
|
||||||
|
organization.AllowAdminAccessToAllCollectionItems = license.AllowAdminAccessToAllCollectionItems;
|
||||||
|
}
|
||||||
|
|
||||||
var result = await SignUpAsync(organization, owner.Id, ownerKey, collectionName, false);
|
var result = await SignUpAsync(organization, owner.Id, ownerKey, collectionName, false);
|
||||||
|
|
||||||
var dir = $"{_globalSettings.LicenseDirectory}/organization";
|
var dir = $"{_globalSettings.LicenseDirectory}/organization";
|
||||||
|
@ -53,8 +53,11 @@ public class OrganizationLicense : ILicense
|
|||||||
UseSecretsManager = org.UseSecretsManager;
|
UseSecretsManager = org.UseSecretsManager;
|
||||||
SmSeats = org.SmSeats;
|
SmSeats = org.SmSeats;
|
||||||
SmServiceAccounts = org.SmServiceAccounts;
|
SmServiceAccounts = org.SmServiceAccounts;
|
||||||
|
|
||||||
|
// Deprecated. Left for backwards compatibility with old license versions.
|
||||||
LimitCollectionCreationDeletion = org.LimitCollectionCreationDeletion;
|
LimitCollectionCreationDeletion = org.LimitCollectionCreationDeletion;
|
||||||
AllowAdminAccessToAllCollectionItems = org.AllowAdminAccessToAllCollectionItems;
|
AllowAdminAccessToAllCollectionItems = org.AllowAdminAccessToAllCollectionItems;
|
||||||
|
//
|
||||||
|
|
||||||
if (subscriptionInfo?.Subscription == null)
|
if (subscriptionInfo?.Subscription == null)
|
||||||
{
|
{
|
||||||
@ -138,8 +141,12 @@ public class OrganizationLicense : ILicense
|
|||||||
public bool UseSecretsManager { get; set; }
|
public bool UseSecretsManager { get; set; }
|
||||||
public int? SmSeats { get; set; }
|
public int? SmSeats { get; set; }
|
||||||
public int? SmServiceAccounts { get; set; }
|
public int? SmServiceAccounts { get; set; }
|
||||||
|
|
||||||
|
// Deprecated. Left for backwards compatibility with old license versions.
|
||||||
public bool LimitCollectionCreationDeletion { get; set; } = true;
|
public bool LimitCollectionCreationDeletion { get; set; } = true;
|
||||||
public bool AllowAdminAccessToAllCollectionItems { get; set; } = true;
|
public bool AllowAdminAccessToAllCollectionItems { get; set; } = true;
|
||||||
|
//
|
||||||
|
|
||||||
public bool Trial { get; set; }
|
public bool Trial { get; set; }
|
||||||
public LicenseType? LicenseType { get; set; }
|
public LicenseType? LicenseType { get; set; }
|
||||||
public string Hash { get; set; }
|
public string Hash { get; set; }
|
||||||
@ -150,7 +157,14 @@ public class OrganizationLicense : ILicense
|
|||||||
/// Represents the current version of the license format. Should be updated whenever new fields are added.
|
/// Represents the current version of the license format. Should be updated whenever new fields are added.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
/// <remarks>Intentionally set one version behind to allow self hosted users some time to update before
|
/// <remarks>Intentionally set one version behind to allow self hosted users some time to update before
|
||||||
/// getting out of date license errors</remarks>
|
/// getting out of date license errors
|
||||||
|
/// </remarks>
|
||||||
|
/// <remarks>
|
||||||
|
/// ⚠ This is important! We are on this license version because of new
|
||||||
|
/// properties that were added for versions 14 and 15. These properties
|
||||||
|
/// were later removed! When you increment to version 16 please delete
|
||||||
|
/// this comment.
|
||||||
|
/// </remarks>
|
||||||
public const int CurrentLicenseFileVersion = 14;
|
public const int CurrentLicenseFileVersion = 14;
|
||||||
private bool ValidLicenseVersion
|
private bool ValidLicenseVersion
|
||||||
{
|
{
|
||||||
@ -367,12 +381,6 @@ public class OrganizationLicense : ILicense
|
|||||||
organization.SmServiceAccounts == SmServiceAccounts;
|
organization.SmServiceAccounts == SmServiceAccounts;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
* Version 14 added LimitCollectionCreationDeletion and Version 15 added AllowAdminAccessToAllCollectionItems,
|
|
||||||
* however these are just user settings and it is not worth failing validation if they mismatch.
|
|
||||||
* They are intentionally excluded.
|
|
||||||
*/
|
|
||||||
|
|
||||||
return valid;
|
return valid;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -38,9 +38,6 @@ public class OrganizationMapperProfile : Profile
|
|||||||
.ForMember(org => org.ApiKeys, opt => opt.Ignore())
|
.ForMember(org => org.ApiKeys, opt => opt.Ignore())
|
||||||
.ForMember(org => org.Connections, opt => opt.Ignore())
|
.ForMember(org => org.Connections, opt => opt.Ignore())
|
||||||
.ForMember(org => org.Domains, opt => opt.Ignore())
|
.ForMember(org => org.Domains, opt => opt.Ignore())
|
||||||
// Shadow properties - to be introduced by https://bitwarden.atlassian.net/browse/PM-10863
|
|
||||||
.ForMember(org => org.LimitCollectionCreation, opt => opt.Ignore())
|
|
||||||
.ForMember(org => org.LimitCollectionDeletion, opt => opt.Ignore())
|
|
||||||
.ReverseMap();
|
.ReverseMap();
|
||||||
|
|
||||||
CreateProjection<Organization, SelfHostedOrganizationDetails>()
|
CreateProjection<Organization, SelfHostedOrganizationDetails>()
|
||||||
|
@ -99,6 +99,9 @@ public class OrganizationRepository : Repository<Core.AdminConsole.Entities.Orga
|
|||||||
UseScim = e.UseScim,
|
UseScim = e.UseScim,
|
||||||
UseCustomPermissions = e.UseCustomPermissions,
|
UseCustomPermissions = e.UseCustomPermissions,
|
||||||
UsePolicies = e.UsePolicies,
|
UsePolicies = e.UsePolicies,
|
||||||
|
LimitCollectionCreation = e.LimitCollectionCreation,
|
||||||
|
LimitCollectionDeletion = e.LimitCollectionDeletion,
|
||||||
|
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
|
||||||
LimitCollectionCreationDeletion = e.LimitCollectionCreationDeletion,
|
LimitCollectionCreationDeletion = e.LimitCollectionCreationDeletion,
|
||||||
AllowAdminAccessToAllCollectionItems = e.AllowAdminAccessToAllCollectionItems
|
AllowAdminAccessToAllCollectionItems = e.AllowAdminAccessToAllCollectionItems
|
||||||
}).ToListAsync();
|
}).ToListAsync();
|
||||||
|
@ -66,6 +66,9 @@ public class OrganizationUserOrganizationDetailsViewQuery : IQuery<OrganizationU
|
|||||||
UsePasswordManager = o.UsePasswordManager,
|
UsePasswordManager = o.UsePasswordManager,
|
||||||
SmSeats = o.SmSeats,
|
SmSeats = o.SmSeats,
|
||||||
SmServiceAccounts = o.SmServiceAccounts,
|
SmServiceAccounts = o.SmServiceAccounts,
|
||||||
|
LimitCollectionCreation = o.LimitCollectionCreation,
|
||||||
|
LimitCollectionDeletion = o.LimitCollectionDeletion,
|
||||||
|
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
|
||||||
LimitCollectionCreationDeletion = o.LimitCollectionCreationDeletion,
|
LimitCollectionCreationDeletion = o.LimitCollectionCreationDeletion,
|
||||||
AllowAdminAccessToAllCollectionItems = o.AllowAdminAccessToAllCollectionItems,
|
AllowAdminAccessToAllCollectionItems = o.AllowAdminAccessToAllCollectionItems,
|
||||||
};
|
};
|
||||||
|
@ -44,6 +44,9 @@ public class ProviderUserOrganizationDetailsViewQuery : IQuery<ProviderUserOrgan
|
|||||||
ProviderId = x.p.Id,
|
ProviderId = x.p.Id,
|
||||||
ProviderName = x.p.Name,
|
ProviderName = x.p.Name,
|
||||||
PlanType = x.o.PlanType,
|
PlanType = x.o.PlanType,
|
||||||
|
LimitCollectionCreation = x.o.LimitCollectionCreation,
|
||||||
|
LimitCollectionDeletion = x.o.LimitCollectionDeletion,
|
||||||
|
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
|
||||||
LimitCollectionCreationDeletion = x.o.LimitCollectionCreationDeletion,
|
LimitCollectionCreationDeletion = x.o.LimitCollectionCreationDeletion,
|
||||||
AllowAdminAccessToAllCollectionItems = x.o.AllowAdminAccessToAllCollectionItems,
|
AllowAdminAccessToAllCollectionItems = x.o.AllowAdminAccessToAllCollectionItems,
|
||||||
});
|
});
|
||||||
|
@ -32,7 +32,7 @@ public class BulkCollectionAuthorizationHandlerTests
|
|||||||
organization.Type = userType;
|
organization.Type = userType;
|
||||||
organization.Permissions = new Permissions();
|
organization.Permissions = new Permissions();
|
||||||
|
|
||||||
ArrangeOrganizationAbility(sutProvider, organization, true);
|
ArrangeOrganizationAbility(sutProvider, organization, true, true);
|
||||||
|
|
||||||
var context = new AuthorizationHandlerContext(
|
var context = new AuthorizationHandlerContext(
|
||||||
new[] { BulkCollectionOperations.Create },
|
new[] { BulkCollectionOperations.Create },
|
||||||
@ -48,7 +48,7 @@ public class BulkCollectionAuthorizationHandlerTests
|
|||||||
}
|
}
|
||||||
|
|
||||||
[Theory, BitAutoData, CollectionCustomization]
|
[Theory, BitAutoData, CollectionCustomization]
|
||||||
public async Task CanCreateAsync_WhenUser_WithLimitCollectionCreationDeletionFalse_Success(
|
public async Task CanCreateAsync_WhenUser_WithLimitCollectionCreationFalse_Success(
|
||||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||||
ICollection<Collection> collections,
|
ICollection<Collection> collections,
|
||||||
CurrentContextOrganization organization)
|
CurrentContextOrganization organization)
|
||||||
@ -57,7 +57,7 @@ public class BulkCollectionAuthorizationHandlerTests
|
|||||||
|
|
||||||
organization.Type = OrganizationUserType.User;
|
organization.Type = OrganizationUserType.User;
|
||||||
|
|
||||||
ArrangeOrganizationAbility(sutProvider, organization, false);
|
ArrangeOrganizationAbility(sutProvider, organization, false, false);
|
||||||
|
|
||||||
var context = new AuthorizationHandlerContext(
|
var context = new AuthorizationHandlerContext(
|
||||||
new[] { BulkCollectionOperations.Create },
|
new[] { BulkCollectionOperations.Create },
|
||||||
@ -92,7 +92,7 @@ public class BulkCollectionAuthorizationHandlerTests
|
|||||||
ManageUsers = false
|
ManageUsers = false
|
||||||
};
|
};
|
||||||
|
|
||||||
ArrangeOrganizationAbility(sutProvider, organization, true);
|
ArrangeOrganizationAbility(sutProvider, organization, true, true);
|
||||||
|
|
||||||
var context = new AuthorizationHandlerContext(
|
var context = new AuthorizationHandlerContext(
|
||||||
new[] { BulkCollectionOperations.Create },
|
new[] { BulkCollectionOperations.Create },
|
||||||
@ -116,7 +116,7 @@ public class BulkCollectionAuthorizationHandlerTests
|
|||||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider)
|
SutProvider<BulkCollectionAuthorizationHandler> sutProvider)
|
||||||
{
|
{
|
||||||
collections.ForEach(c => c.OrganizationId = organization.Id);
|
collections.ForEach(c => c.OrganizationId = organization.Id);
|
||||||
ArrangeOrganizationAbility(sutProvider, organization, true);
|
ArrangeOrganizationAbility(sutProvider, organization, true, true);
|
||||||
|
|
||||||
var context = new AuthorizationHandlerContext(
|
var context = new AuthorizationHandlerContext(
|
||||||
new[] { BulkCollectionOperations.Create },
|
new[] { BulkCollectionOperations.Create },
|
||||||
@ -904,7 +904,7 @@ public class BulkCollectionAuthorizationHandlerTests
|
|||||||
DeleteAnyCollection = true
|
DeleteAnyCollection = true
|
||||||
};
|
};
|
||||||
|
|
||||||
ArrangeOrganizationAbility(sutProvider, organization, true);
|
ArrangeOrganizationAbility(sutProvider, organization, true, true);
|
||||||
|
|
||||||
var context = new AuthorizationHandlerContext(
|
var context = new AuthorizationHandlerContext(
|
||||||
new[] { BulkCollectionOperations.Delete },
|
new[] { BulkCollectionOperations.Delete },
|
||||||
@ -931,7 +931,7 @@ public class BulkCollectionAuthorizationHandlerTests
|
|||||||
organization.Type = userType;
|
organization.Type = userType;
|
||||||
organization.Permissions = new Permissions();
|
organization.Permissions = new Permissions();
|
||||||
|
|
||||||
ArrangeOrganizationAbility(sutProvider, organization, true);
|
ArrangeOrganizationAbility(sutProvider, organization, true, true);
|
||||||
|
|
||||||
var context = new AuthorizationHandlerContext(
|
var context = new AuthorizationHandlerContext(
|
||||||
new[] { BulkCollectionOperations.Delete },
|
new[] { BulkCollectionOperations.Delete },
|
||||||
@ -947,7 +947,7 @@ public class BulkCollectionAuthorizationHandlerTests
|
|||||||
}
|
}
|
||||||
|
|
||||||
[Theory, BitAutoData, CollectionCustomization]
|
[Theory, BitAutoData, CollectionCustomization]
|
||||||
public async Task CanDeleteAsync_WhenUser_LimitCollectionCreationDeletionFalse_WithCanManagePermission_Success(
|
public async Task CanDeleteAsync_WhenUser_LimitCollectionDeletionFalse_WithCanManagePermission_Success(
|
||||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||||
ICollection<CollectionDetails> collections,
|
ICollection<CollectionDetails> collections,
|
||||||
CurrentContextOrganization organization)
|
CurrentContextOrganization organization)
|
||||||
@ -957,42 +957,6 @@ public class BulkCollectionAuthorizationHandlerTests
|
|||||||
organization.Type = OrganizationUserType.User;
|
organization.Type = OrganizationUserType.User;
|
||||||
organization.Permissions = new Permissions();
|
organization.Permissions = new Permissions();
|
||||||
|
|
||||||
ArrangeOrganizationAbility(sutProvider, organization, false);
|
|
||||||
|
|
||||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
|
||||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
|
||||||
sutProvider.GetDependency<ICollectionRepository>().GetManyByUserIdAsync(actingUserId).Returns(collections);
|
|
||||||
|
|
||||||
foreach (var c in collections)
|
|
||||||
{
|
|
||||||
c.Manage = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
var context = new AuthorizationHandlerContext(
|
|
||||||
new[] { BulkCollectionOperations.Delete },
|
|
||||||
new ClaimsPrincipal(),
|
|
||||||
collections);
|
|
||||||
|
|
||||||
await sutProvider.Sut.HandleAsync(context);
|
|
||||||
|
|
||||||
Assert.True(context.HasSucceeded);
|
|
||||||
}
|
|
||||||
|
|
||||||
[Theory, CollectionCustomization]
|
|
||||||
[BitAutoData(OrganizationUserType.Admin)]
|
|
||||||
[BitAutoData(OrganizationUserType.Owner)]
|
|
||||||
[BitAutoData(OrganizationUserType.User)]
|
|
||||||
public async Task CanDeleteAsync_LimitCollectionCreationDeletionFalse_AllowAdminAccessToAllCollectionItemsFalse_WithCanManagePermission_Success(
|
|
||||||
OrganizationUserType userType,
|
|
||||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
|
||||||
ICollection<CollectionDetails> collections,
|
|
||||||
CurrentContextOrganization organization)
|
|
||||||
{
|
|
||||||
var actingUserId = Guid.NewGuid();
|
|
||||||
|
|
||||||
organization.Type = userType;
|
|
||||||
organization.Permissions = new Permissions();
|
|
||||||
|
|
||||||
ArrangeOrganizationAbility(sutProvider, organization, false, false);
|
ArrangeOrganizationAbility(sutProvider, organization, false, false);
|
||||||
|
|
||||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||||
@ -1017,7 +981,8 @@ public class BulkCollectionAuthorizationHandlerTests
|
|||||||
[Theory, CollectionCustomization]
|
[Theory, CollectionCustomization]
|
||||||
[BitAutoData(OrganizationUserType.Admin)]
|
[BitAutoData(OrganizationUserType.Admin)]
|
||||||
[BitAutoData(OrganizationUserType.Owner)]
|
[BitAutoData(OrganizationUserType.Owner)]
|
||||||
public async Task CanDeleteAsync_WhenAdminOrOwner_LimitCollectionCreationDeletionTrue_AllowAdminAccessToAllCollectionItemsFalse_WithCanManagePermission_Success(
|
[BitAutoData(OrganizationUserType.User)]
|
||||||
|
public async Task CanDeleteAsync_LimitCollectionDeletionFalse_AllowAdminAccessToAllCollectionItemsFalse_WithCanManagePermission_Success(
|
||||||
OrganizationUserType userType,
|
OrganizationUserType userType,
|
||||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||||
ICollection<CollectionDetails> collections,
|
ICollection<CollectionDetails> collections,
|
||||||
@ -1028,7 +993,7 @@ public class BulkCollectionAuthorizationHandlerTests
|
|||||||
organization.Type = userType;
|
organization.Type = userType;
|
||||||
organization.Permissions = new Permissions();
|
organization.Permissions = new Permissions();
|
||||||
|
|
||||||
ArrangeOrganizationAbility(sutProvider, organization, true, false);
|
ArrangeOrganizationAbility(sutProvider, organization, false, false, false);
|
||||||
|
|
||||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||||
@ -1052,7 +1017,7 @@ public class BulkCollectionAuthorizationHandlerTests
|
|||||||
[Theory, CollectionCustomization]
|
[Theory, CollectionCustomization]
|
||||||
[BitAutoData(OrganizationUserType.Admin)]
|
[BitAutoData(OrganizationUserType.Admin)]
|
||||||
[BitAutoData(OrganizationUserType.Owner)]
|
[BitAutoData(OrganizationUserType.Owner)]
|
||||||
public async Task CanDeleteAsync_WhenAdminOrOwner_LimitCollectionCreationDeletionTrue_AllowAdminAccessToAllCollectionItemsFalse_WithoutCanManagePermission_Failure(
|
public async Task CanDeleteAsync_WhenAdminOrOwner_LimitCollectionDeletionTrue_AllowAdminAccessToAllCollectionItemsFalse_WithCanManagePermission_Success(
|
||||||
OrganizationUserType userType,
|
OrganizationUserType userType,
|
||||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||||
ICollection<CollectionDetails> collections,
|
ICollection<CollectionDetails> collections,
|
||||||
@ -1063,7 +1028,42 @@ public class BulkCollectionAuthorizationHandlerTests
|
|||||||
organization.Type = userType;
|
organization.Type = userType;
|
||||||
organization.Permissions = new Permissions();
|
organization.Permissions = new Permissions();
|
||||||
|
|
||||||
ArrangeOrganizationAbility(sutProvider, organization, true, false);
|
ArrangeOrganizationAbility(sutProvider, organization, true, true, false);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||||
|
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||||
|
sutProvider.GetDependency<ICollectionRepository>().GetManyByUserIdAsync(actingUserId).Returns(collections);
|
||||||
|
|
||||||
|
foreach (var c in collections)
|
||||||
|
{
|
||||||
|
c.Manage = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
var context = new AuthorizationHandlerContext(
|
||||||
|
new[] { BulkCollectionOperations.Delete },
|
||||||
|
new ClaimsPrincipal(),
|
||||||
|
collections);
|
||||||
|
|
||||||
|
await sutProvider.Sut.HandleAsync(context);
|
||||||
|
|
||||||
|
Assert.True(context.HasSucceeded);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory, CollectionCustomization]
|
||||||
|
[BitAutoData(OrganizationUserType.Admin)]
|
||||||
|
[BitAutoData(OrganizationUserType.Owner)]
|
||||||
|
public async Task CanDeleteAsync_WhenAdminOrOwner_LimitCollectionDeletionTrue_AllowAdminAccessToAllCollectionItemsFalse_WithoutCanManagePermission_Failure(
|
||||||
|
OrganizationUserType userType,
|
||||||
|
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||||
|
ICollection<CollectionDetails> collections,
|
||||||
|
CurrentContextOrganization organization)
|
||||||
|
{
|
||||||
|
var actingUserId = Guid.NewGuid();
|
||||||
|
|
||||||
|
organization.Type = userType;
|
||||||
|
organization.Permissions = new Permissions();
|
||||||
|
|
||||||
|
ArrangeOrganizationAbility(sutProvider, organization, true, true, false);
|
||||||
|
|
||||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||||
@ -1086,7 +1086,7 @@ public class BulkCollectionAuthorizationHandlerTests
|
|||||||
}
|
}
|
||||||
|
|
||||||
[Theory, BitAutoData, CollectionCustomization]
|
[Theory, BitAutoData, CollectionCustomization]
|
||||||
public async Task CanDeleteAsync_WhenUser_LimitCollectionCreationDeletionTrue_AllowAdminAccessToAllCollectionItemsTrue_Failure(
|
public async Task CanDeleteAsync_WhenUser_LimitCollectionDeletionTrue_AllowAdminAccessToAllCollectionItemsTrue_Failure(
|
||||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||||
ICollection<CollectionDetails> collections,
|
ICollection<CollectionDetails> collections,
|
||||||
CurrentContextOrganization organization)
|
CurrentContextOrganization organization)
|
||||||
@ -1096,7 +1096,7 @@ public class BulkCollectionAuthorizationHandlerTests
|
|||||||
organization.Type = OrganizationUserType.User;
|
organization.Type = OrganizationUserType.User;
|
||||||
organization.Permissions = new Permissions();
|
organization.Permissions = new Permissions();
|
||||||
|
|
||||||
ArrangeOrganizationAbility(sutProvider, organization, true);
|
ArrangeOrganizationAbility(sutProvider, organization, true, true);
|
||||||
|
|
||||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||||
@ -1119,7 +1119,7 @@ public class BulkCollectionAuthorizationHandlerTests
|
|||||||
}
|
}
|
||||||
|
|
||||||
[Theory, BitAutoData, CollectionCustomization]
|
[Theory, BitAutoData, CollectionCustomization]
|
||||||
public async Task CanDeleteAsync_WhenUser_LimitCollectionCreationDeletionTrue_AllowAdminAccessToAllCollectionItemsFalse_Failure(
|
public async Task CanDeleteAsync_WhenUser_LimitCollectionDeletionTrue_AllowAdminAccessToAllCollectionItemsFalse_Failure(
|
||||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||||
ICollection<CollectionDetails> collections,
|
ICollection<CollectionDetails> collections,
|
||||||
CurrentContextOrganization organization)
|
CurrentContextOrganization organization)
|
||||||
@ -1129,7 +1129,7 @@ public class BulkCollectionAuthorizationHandlerTests
|
|||||||
organization.Type = OrganizationUserType.User;
|
organization.Type = OrganizationUserType.User;
|
||||||
organization.Permissions = new Permissions();
|
organization.Permissions = new Permissions();
|
||||||
|
|
||||||
ArrangeOrganizationAbility(sutProvider, organization, true, false);
|
ArrangeOrganizationAbility(sutProvider, organization, true, true, false);
|
||||||
|
|
||||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
|
||||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||||
@ -1171,7 +1171,7 @@ public class BulkCollectionAuthorizationHandlerTests
|
|||||||
ManageUsers = false
|
ManageUsers = false
|
||||||
};
|
};
|
||||||
|
|
||||||
ArrangeOrganizationAbility(sutProvider, organization, true);
|
ArrangeOrganizationAbility(sutProvider, organization, true, true);
|
||||||
|
|
||||||
var context = new AuthorizationHandlerContext(
|
var context = new AuthorizationHandlerContext(
|
||||||
new[] { BulkCollectionOperations.Delete },
|
new[] { BulkCollectionOperations.Delete },
|
||||||
@ -1262,6 +1262,8 @@ public class BulkCollectionAuthorizationHandlerTests
|
|||||||
{ collections.First().OrganizationId,
|
{ collections.First().OrganizationId,
|
||||||
new OrganizationAbility
|
new OrganizationAbility
|
||||||
{
|
{
|
||||||
|
LimitCollectionCreation = true,
|
||||||
|
LimitCollectionDeletion = true,
|
||||||
LimitCollectionCreationDeletion = true,
|
LimitCollectionCreationDeletion = true,
|
||||||
AllowAdminAccessToAllCollectionItems = true
|
AllowAdminAccessToAllCollectionItems = true
|
||||||
}
|
}
|
||||||
@ -1338,14 +1340,20 @@ public class BulkCollectionAuthorizationHandlerTests
|
|||||||
|
|
||||||
private static void ArrangeOrganizationAbility(
|
private static void ArrangeOrganizationAbility(
|
||||||
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
SutProvider<BulkCollectionAuthorizationHandler> sutProvider,
|
||||||
CurrentContextOrganization organization, bool limitCollectionCreationDeletion,
|
CurrentContextOrganization organization,
|
||||||
|
bool limitCollectionCreation,
|
||||||
|
bool limitCollectionDeletion,
|
||||||
bool allowAdminAccessToAllCollectionItems = true)
|
bool allowAdminAccessToAllCollectionItems = true)
|
||||||
{
|
{
|
||||||
var organizationAbility = new OrganizationAbility();
|
var organizationAbility = new OrganizationAbility();
|
||||||
organizationAbility.Id = organization.Id;
|
organizationAbility.Id = organization.Id;
|
||||||
organizationAbility.LimitCollectionCreationDeletion = limitCollectionCreationDeletion;
|
organizationAbility.LimitCollectionCreation = limitCollectionCreation;
|
||||||
|
organizationAbility.LimitCollectionDeletion = limitCollectionDeletion;
|
||||||
|
// Deprecated: remove with https://bitwarden.atlassian.net/browse/PM-10863
|
||||||
|
organizationAbility.LimitCollectionCreationDeletion = limitCollectionCreation || limitCollectionDeletion;
|
||||||
organizationAbility.AllowAdminAccessToAllCollectionItems = allowAdminAccessToAllCollectionItems;
|
organizationAbility.AllowAdminAccessToAllCollectionItems = allowAdminAccessToAllCollectionItems;
|
||||||
|
|
||||||
|
|
||||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organizationAbility.Id)
|
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organizationAbility.Id)
|
||||||
.Returns(organizationAbility);
|
.Returns(organizationAbility);
|
||||||
}
|
}
|
||||||
|
@ -111,7 +111,5 @@ public static class OrganizationLicenseFileFixtures
|
|||||||
SmServiceAccounts = 8,
|
SmServiceAccounts = 8,
|
||||||
MaxAutoscaleSmSeats = 101,
|
MaxAutoscaleSmSeats = 101,
|
||||||
MaxAutoscaleSmServiceAccounts = 102,
|
MaxAutoscaleSmServiceAccounts = 102,
|
||||||
LimitCollectionCreationDeletion = true,
|
|
||||||
AllowAdminAccessToAllCollectionItems = true,
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -253,7 +253,8 @@ public class OrganizationUserRepositoryTests
|
|||||||
Assert.Equal(orgUser1.Permissions, result.Permissions);
|
Assert.Equal(orgUser1.Permissions, result.Permissions);
|
||||||
Assert.Equal(organization.SmSeats, result.SmSeats);
|
Assert.Equal(organization.SmSeats, result.SmSeats);
|
||||||
Assert.Equal(organization.SmServiceAccounts, result.SmServiceAccounts);
|
Assert.Equal(organization.SmServiceAccounts, result.SmServiceAccounts);
|
||||||
Assert.Equal(organization.LimitCollectionCreationDeletion, result.LimitCollectionCreationDeletion);
|
Assert.Equal(organization.LimitCollectionCreation, result.LimitCollectionCreation);
|
||||||
|
Assert.Equal(organization.LimitCollectionDeletion, result.LimitCollectionDeletion);
|
||||||
Assert.Equal(organization.AllowAdminAccessToAllCollectionItems, result.AllowAdminAccessToAllCollectionItems);
|
Assert.Equal(organization.AllowAdminAccessToAllCollectionItems, result.AllowAdminAccessToAllCollectionItems);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user