[PS-165] Missing copy verification code (#2022)

* Made changes to organization details endpoint * Fixed formatting * Added script to utils directory
2024-11-21 12:05:42 +01:00 · 2022-06-07 16:52:07 +01:00 · 2022-06-07 16:52:07 +01:00 · 64edad8f49
commit 64edad8f49
parent 60a167f2b7
9 changed files with 123 additions and 7 deletions
--- a/src/Api/Controllers/CiphersController.cs
+++ b/src/Api/Controllers/CiphersController.cs
@ -224,11 +224,12 @@ namespace Bit.Api.Controllers
                throw new NotFoundException();
            }

-            IEnumerable<Cipher> orgCiphers;
-            if (await _currentContext.OrganizationAdmin(orgIdGuid))
+            IEnumerable<CipherOrganizationDetails> orgCiphers;
+            if (await _currentContext.OrganizationOwner(orgIdGuid))
            {
-                // Admins, Owners and Providers can access all items even if not assigned to them
-                orgCiphers = await _cipherRepository.GetManyByOrganizationIdAsync(orgIdGuid);
+                // User may be a Provider for the organization, in which case GetManyByUserIdAsync won't return any results
+                // But they have access to all organization ciphers, so we can safely get by orgId instead
+                orgCiphers = await _cipherRepository.GetManyOrganizationDetailsByOrganizationIdAsync(orgIdGuid);
            }
            else
            {
@ -245,7 +246,8 @@ namespace Bit.Api.Controllers


            var responses = orgCiphers.Select(c => new CipherMiniDetailsResponseModel(c, _globalSettings,
-                collectionCiphersGroupDict));
+                collectionCiphersGroupDict, c.OrganizationUseTotp));
+

            var providerId = await _currentContext.ProviderIdForOrg(orgIdGuid);
            if (providerId.HasValue)
--- a/src/Api/Models/Response/CipherResponseModel.cs
+++ b/src/Api/Models/Response/CipherResponseModel.cs
@ -132,8 +132,8 @@ namespace Bit.Api.Models.Response
    public class CipherMiniDetailsResponseModel : CipherMiniResponseModel
    {
        public CipherMiniDetailsResponseModel(Cipher cipher, GlobalSettings globalSettings,
-            IDictionary<Guid, IGrouping<Guid, CollectionCipher>> collectionCiphers, string obj = "cipherMiniDetails")
-            : base(cipher, globalSettings, false, obj)
+            IDictionary<Guid, IGrouping<Guid, CollectionCipher>> collectionCiphers, bool orgUseTotp, string obj = "cipherMiniDetails")
+            : base(cipher, globalSettings, orgUseTotp, obj)
        {
            if (collectionCiphers?.ContainsKey(cipher.Id) ?? false)
            {
--- a/src/Core/Repositories/ICipherRepository.cs
+++ b/src/Core/Repositories/ICipherRepository.cs
@ -11,6 +11,7 @@ namespace Bit.Core.Repositories
    {
        Task<CipherDetails> GetByIdAsync(Guid id, Guid userId);
        Task<CipherOrganizationDetails> GetOrganizationDetailsByIdAsync(Guid id);
+        Task<ICollection<CipherOrganizationDetails>> GetManyOrganizationDetailsByOrganizationIdAsync(Guid organizationId);
        Task<bool> GetCanEditByIdAsync(Guid userId, Guid cipherId);
        Task<ICollection<CipherDetails>> GetManyByUserIdAsync(Guid userId, bool withOrganizations = true);
        Task<ICollection<Cipher>> GetManyByOrganizationIdAsync(Guid organizationId);
--- a/src/Infrastructure.Dapper/Repositories/CipherRepository.cs
+++ b/src/Infrastructure.Dapper/Repositories/CipherRepository.cs
@ -50,6 +50,20 @@ namespace Bit.Infrastructure.Dapper.Repositories
            }
        }

+        public async Task<ICollection<CipherOrganizationDetails>> GetManyOrganizationDetailsByOrganizationIdAsync(
+            Guid organizationId)
+        {
+            using (var connection = new SqlConnection(ConnectionString))
+            {
+                var results = await connection.QueryAsync<CipherOrganizationDetails>(
+                    $"[{Schema}].[CipherOrganizationDetails_ReadByOrganizationId]",
+                    new { OrganizationId = organizationId },
+                    commandType: CommandType.StoredProcedure);
+
+                return results.ToList();
+            }
+        }
+
        public async Task<bool> GetCanEditByIdAsync(Guid userId, Guid cipherId)
        {
            using (var connection = new SqlConnection(ConnectionString))
--- a/src/Infrastructure.EntityFramework/Repositories/CipherRepository.cs
+++ b/src/Infrastructure.EntityFramework/Repositories/CipherRepository.cs
@ -259,6 +259,18 @@ namespace Bit.Infrastructure.EntityFramework.Repositories
            }
        }

+        public async Task<ICollection<CipherOrganizationDetails>> GetManyOrganizationDetailsByOrganizationIdAsync(
+            Guid organizationId)
+        {
+            using (var scope = ServiceScopeFactory.CreateScope())
+            {
+                var dbContext = GetDatabaseContext(scope);
+                var query = new CipherOrganizationDetailsReadByIdQuery(organizationId);
+                var data = await query.Run(dbContext).ToListAsync();
+                return data;
+            }
+        }
+
        public async Task<bool> GetCanEditByIdAsync(Guid userId, Guid cipherId)
        {
            using (var scope = ServiceScopeFactory.CreateScope())
--- a/src/Infrastructure.EntityFramework/Repositories/Queries/CipherOrganizationDetailsReadByOrgizationIdQuery.cs
+++ b/src/Infrastructure.EntityFramework/Repositories/Queries/CipherOrganizationDetailsReadByOrgizationIdQuery.cs
@ -0,0 +1,40 @@
+using System;
+using System.Linq;
+using Core.Models.Data;
+
+namespace Bit.Infrastructure.EntityFramework.Repositories.Queries
+{
+    public class CipherOrganizationDetailsReadByOrgizationIdQuery : IQuery<CipherOrganizationDetails>
+    {
+        private readonly Guid _organizationId;
+
+        public CipherOrganizationDetailsReadByOrgizationIdQuery(Guid organizationId)
+        {
+            _organizationId = organizationId;
+        }
+        public virtual IQueryable<CipherOrganizationDetails> Run(DatabaseContext dbContext)
+        {
+            var query = from c in dbContext.Ciphers
+                        join o in dbContext.Organizations
+                            on c.OrganizationId equals o.Id into o_g
+                        from o in o_g.DefaultIfEmpty()
+                        where c.OrganizationId == _organizationId
+                        select new CipherOrganizationDetails
+                        {
+                            Id = c.Id,
+                            UserId = c.UserId,
+                            OrganizationId = c.OrganizationId,
+                            Type = c.Type,
+                            Data = c.Data,
+                            Favorites = c.Favorites,
+                            Folders = c.Folders,
+                            Attachments = c.Attachments,
+                            CreationDate = c.CreationDate,
+                            RevisionDate = c.RevisionDate,
+                            DeletedDate = c.DeletedDate,
+                            OrganizationUseTotp = o.UseTotp,
+                        };
+            return query;
+        }
+    }
+}
--- a/src/Sql/Sql.sqlproj
+++ b/src/Sql/Sql.sqlproj
@ -390,5 +390,6 @@
    <Build Include="dbo\Stored Procedures\OrganizationConnection_ReadByOrganizationIdType.sql" />
    <Build Include="dbo\Views\OrganizationApiKeyView.sql" />
    <Build Include="dbo\Views\OrganizationConnectionView.sql" />
+    <Build Include="dbo\Stored Procedures\CipherOrganizationDetails_ReadByOrganizationId.sql" />
  </ItemGroup>
 </Project>
--- a/Procedures/CipherOrganizationDetails_ReadByOrganizationId.sql
+++ b/Procedures/CipherOrganizationDetails_ReadByOrganizationId.sql
@ -0,0 +1,19 @@
+CREATE PROCEDURE [dbo].[CipherOrganizationDetails_ReadByOrganizationId]
+    @OrganizationId UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        C.*,
+        CASE 
+            WHEN O.[UseTotp] = 1 THEN 1
+            ELSE 0
+        END [OrganizationUseTotp]
+    FROM
+        [dbo].[CipherView] C
+    LEFT JOIN
+        [dbo].[OrganizationView] O ON O.[Id] = C.[OrganizationId]
+    WHERE
+        C.[OrganizationId] = @OrganizationId 
+END
--- a/util/Migrator/DbScripts/2022-05-31_00_CipherOrganizationDetails.sql
+++ b/util/Migrator/DbScripts/2022-05-31_00_CipherOrganizationDetails.sql
@ -0,0 +1,27 @@
+--CipherOrganizationDetails_ReadByOrganizationId
+IF OBJECT_ID('[dbo].[CipherOrganizationDetails_ReadByOrganizationId]') IS NOT NULL 
+BEGIN
+    DROP PROCEDURE [dbo].[CipherOrganizationDetails_ReadByOrganizationId]
+END 
+GO
+
+CREATE PROCEDURE [dbo].[CipherOrganizationDetails_ReadByOrganizationId]
+    @OrganizationId UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+SELECT
+    C.*,
+    CASE
+        WHEN O.[UseTotp] = 1 THEN 1
+        ELSE 0
+        END [OrganizationUseTotp]
+FROM
+    [dbo].[CipherView] C
+    LEFT JOIN
+    [dbo].[OrganizationView] O ON O.[Id] = C.[OrganizationId]
+WHERE
+    C.[OrganizationId] = @OrganizationId
+END
+GO