check that SingleOrg policy is enabled before saying users cant create new orgs (#1110)

* check that SingleOrg policy is enabled before saying users cant create new orgs * fixed org user kick check for SingleOrg * code review cleanup
2024-11-22 12:15:36 +01:00 · 2021-01-25 11:19:33 -05:00 · 2021-01-25 11:19:33 -05:00 · 445ce33c47
commit 445ce33c47
parent bc4eeff604
2 changed files with 6 additions and 4 deletions
--- a/src/Api/Controllers/OrganizationsController.cs
+++ b/src/Api/Controllers/OrganizationsController.cs
@ -162,7 +162,7 @@ namespace Bit.Api.Controllers
            }

            var policies = await _policyRepository.GetManyByUserIdAsync(user.Id);
-            if (policies.Any(policy => policy.Type == PolicyType.SingleOrg))
+            if (policies.Any(policy => policy.Enabled && policy.Type == PolicyType.SingleOrg))
            {
                throw new Exception("You may not create an organization. You belong to an organization " +
                     "which has a policy that prohibits you from being a member of any other organization.");
@ -190,7 +190,7 @@ namespace Bit.Api.Controllers
            }

            var policies = await _policyRepository.GetManyByUserIdAsync(user.Id);
-            if (policies.Any(policy => policy.Type == PolicyType.SingleOrg))
+            if (policies.Any(policy => policy.Enabled && policy.Type == PolicyType.SingleOrg))
            {
                throw new Exception("You may not create an organization. You belong to an organization " +
                     "which has a policy that prohibits you from being a member of any other organization.");
--- a/src/Core/Services/Implementations/PolicyService.cs
+++ b/src/Core/Services/Implementations/PolicyService.cs
@ -107,11 +107,13 @@ namespace Bit.Core.Services
                        case Enums.PolicyType.SingleOrg:
                            var userOrgs = await _organizationUserRepository.GetManyByManyUsersAsync(
                                    removableOrgUsers.Select(ou => ou.UserId.Value));
+                            organization = organization ?? await _organizationRepository.GetByIdAsync(policy.OrganizationId);
                            foreach (var orgUser in removableOrgUsers)
                            {
-                                if (userOrgs.Any(ou => ou.UserId == orgUser.UserId && ou.Status != OrganizationUserStatusType.Invited))
+                                if (userOrgs.Any(ou => ou.UserId == orgUser.UserId 
+                                            && ou.OrganizationId != organization.Id 
+                                            && ou.Status != OrganizationUserStatusType.Invited))
                                {
-                                    organization = organization ?? await _organizationRepository.GetByIdAsync(policy.OrganizationId);
                                    await organizationService.DeleteUserAsync(policy.OrganizationId, orgUser.Id,
                                        savingUserId);
                                    await _mailService.SendOrganizationUserRemovedForPolicySingleOrgEmailAsync(