Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-02-17 02:01:53 +01:00
Code Issues Projects Releases Wiki Activity

check that SingleOrg policy is enabled before saying users cant create new orgs (#1110)

Browse Source 
* check that SingleOrg policy is enabled before saying users cant create new orgs

* fixed org user kick check for SingleOrg

* code review cleanup
This commit is contained in:
Addison Beck 2021-01-25 11:19:33 -05:00 committed by GitHub
parent bc4eeff604
commit 445ce33c47
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Api/Controllers/OrganizationsController.cs
View File

@ -162,7 +162,7 @@ namespace Bit.Api.Controllers
} }
var policies = await _policyRepository.GetManyByUserIdAsync(user.Id); var policies = await _policyRepository.GetManyByUserIdAsync(user.Id);
if (policies.Any(policy => policy.Type == PolicyType.SingleOrg)) if (policies.Any(policy => policy.Enabled && policy.Type == PolicyType.SingleOrg))
{ {
throw new Exception("You may not create an organization. You belong to an organization " + throw new Exception("You may not create an organization. You belong to an organization " +
"which has a policy that prohibits you from being a member of any other organization."); "which has a policy that prohibits you from being a member of any other organization.");
@ -190,7 +190,7 @@ namespace Bit.Api.Controllers
} }
var policies = await _policyRepository.GetManyByUserIdAsync(user.Id); var policies = await _policyRepository.GetManyByUserIdAsync(user.Id);
if (policies.Any(policy => policy.Type == PolicyType.SingleOrg)) if (policies.Any(policy => policy.Enabled && policy.Type == PolicyType.SingleOrg))
{ {
throw new Exception("You may not create an organization. You belong to an organization " + throw new Exception("You may not create an organization. You belong to an organization " +
"which has a policy that prohibits you from being a member of any other organization."); "which has a policy that prohibits you from being a member of any other organization.");

6
src/Core/Services/Implementations/PolicyService.cs
View File

@ -107,11 +107,13 @@ namespace Bit.Core.Services
case Enums.PolicyType.SingleOrg: case Enums.PolicyType.SingleOrg:
var userOrgs = await _organizationUserRepository.GetManyByManyUsersAsync( var userOrgs = await _organizationUserRepository.GetManyByManyUsersAsync(
removableOrgUsers.Select(ou => ou.UserId.Value)); removableOrgUsers.Select(ou => ou.UserId.Value));
organization = organization ?? await _organizationRepository.GetByIdAsync(policy.OrganizationId);
foreach (var orgUser in removableOrgUsers) foreach (var orgUser in removableOrgUsers)
{ {
if (userOrgs.Any(ou => ou.UserId == orgUser.UserId && ou.Status != OrganizationUserStatusType.Invited)) if (userOrgs.Any(ou => ou.UserId == orgUser.UserId
&& ou.OrganizationId != organization.Id
&& ou.Status != OrganizationUserStatusType.Invited))
{ {
organization = organization ?? await _organizationRepository.GetByIdAsync(policy.OrganizationId);
await organizationService.DeleteUserAsync(policy.OrganizationId, orgUser.Id, await organizationService.DeleteUserAsync(policy.OrganizationId, orgUser.Id,
savingUserId); savingUserId);
await _mailService.SendOrganizationUserRemovedForPolicySingleOrgEmailAsync( await _mailService.SendOrganizationUserRemovedForPolicySingleOrgEmailAsync(