mirror of
https://github.com/bitwarden/server.git
synced 2024-11-28 13:15:12 +01:00
[AC-2653] Remove old permissions code from GroupsController (#4148)
This commit is contained in:
parent
fe76de63a0
commit
80793d1ffa
@ -92,19 +92,9 @@ public class GroupsController : Controller
|
||||
[HttpGet("")]
|
||||
public async Task<ListResponseModel<GroupDetailsResponseModel>> Get(Guid orgId)
|
||||
{
|
||||
if (await FlexibleCollectionsIsEnabledAsync(orgId))
|
||||
{
|
||||
// New flexible collections logic
|
||||
return await Get_vNext(orgId);
|
||||
}
|
||||
|
||||
// Old pre-flexible collections logic follows
|
||||
var canAccess = await _currentContext.ManageGroups(orgId) ||
|
||||
await _currentContext.ViewAssignedCollections(orgId) ||
|
||||
await _currentContext.ViewAllCollections(orgId) ||
|
||||
await _currentContext.ManageUsers(orgId);
|
||||
|
||||
if (!canAccess)
|
||||
var authorized =
|
||||
(await _authorizationService.AuthorizeAsync(User, GroupOperations.ReadAll(orgId))).Succeeded;
|
||||
if (!authorized)
|
||||
{
|
||||
throw new NotFoundException();
|
||||
}
|
||||
@ -137,9 +127,7 @@ public class GroupsController : Controller
|
||||
}
|
||||
|
||||
// Flexible Collections - check the user has permission to grant access to the collections for the new group
|
||||
if (await FlexibleCollectionsIsEnabledAsync(orgId) &&
|
||||
_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1) &&
|
||||
model.Collections?.Any() == true)
|
||||
if (_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1) && model.Collections?.Any() == true)
|
||||
{
|
||||
var collections = await _collectionRepository.GetManyByManyIdsAsync(model.Collections.Select(a => a.Id));
|
||||
var authorized =
|
||||
@ -162,7 +150,7 @@ public class GroupsController : Controller
|
||||
[HttpPost("{id}")]
|
||||
public async Task<GroupResponseModel> Put(Guid orgId, Guid id, [FromBody] GroupRequestModel model)
|
||||
{
|
||||
if (await FlexibleCollectionsIsEnabledAsync(orgId) && _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1))
|
||||
if (_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1))
|
||||
{
|
||||
// Use new Flexible Collections v1 logic
|
||||
return await Put_vNext(orgId, id, model);
|
||||
@ -284,24 +272,4 @@ public class GroupsController : Controller
|
||||
|
||||
await _groupService.DeleteUserAsync(group, new Guid(orgUserId));
|
||||
}
|
||||
|
||||
private async Task<ListResponseModel<GroupDetailsResponseModel>> Get_vNext(Guid orgId)
|
||||
{
|
||||
var authorized =
|
||||
(await _authorizationService.AuthorizeAsync(User, GroupOperations.ReadAll(orgId))).Succeeded;
|
||||
if (!authorized)
|
||||
{
|
||||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
var groups = await _groupRepository.GetManyWithCollectionsByOrganizationIdAsync(orgId);
|
||||
var responses = groups.Select(g => new GroupDetailsResponseModel(g.Item1, g.Item2));
|
||||
return new ListResponseModel<GroupDetailsResponseModel>(responses);
|
||||
}
|
||||
|
||||
private async Task<bool> FlexibleCollectionsIsEnabledAsync(Guid organizationId)
|
||||
{
|
||||
var organizationAbility = await _applicationCacheService.GetOrganizationAbilityAsync(organizationId);
|
||||
return organizationAbility?.FlexibleCollections ?? false;
|
||||
}
|
||||
}
|
||||
|
@ -56,7 +56,7 @@ public class GroupsControllerTests
|
||||
{
|
||||
// Enable FC and v1
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organization.Id).Returns(
|
||||
new OrganizationAbility { Id = organization.Id, FlexibleCollections = true, AllowAdminAccessToAllCollectionItems = false });
|
||||
new OrganizationAbility { Id = organization.Id, AllowAdminAccessToAllCollectionItems = false });
|
||||
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
|
||||
|
||||
sutProvider.GetDependency<IAuthorizationService>()
|
||||
@ -102,7 +102,7 @@ public class GroupsControllerTests
|
||||
{
|
||||
// Enable FC and v1
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organization.Id).Returns(
|
||||
new OrganizationAbility { Id = organization.Id, FlexibleCollections = true, AllowAdminAccessToAllCollectionItems = false });
|
||||
new OrganizationAbility { Id = organization.Id, AllowAdminAccessToAllCollectionItems = false });
|
||||
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
|
||||
|
||||
sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
|
||||
@ -133,7 +133,7 @@ public class GroupsControllerTests
|
||||
|
||||
// Enable FC and v1, set Collection Management Setting
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organization.Id).Returns(
|
||||
new OrganizationAbility { Id = organization.Id, AllowAdminAccessToAllCollectionItems = true, FlexibleCollections = true });
|
||||
new OrganizationAbility { Id = organization.Id, AllowAdminAccessToAllCollectionItems = true });
|
||||
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
|
||||
|
||||
sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
|
||||
@ -177,7 +177,6 @@ public class GroupsControllerTests
|
||||
{
|
||||
Id = organization.Id,
|
||||
AllowAdminAccessToAllCollectionItems = false,
|
||||
FlexibleCollections = true
|
||||
});
|
||||
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
|
||||
|
||||
@ -218,7 +217,6 @@ public class GroupsControllerTests
|
||||
{
|
||||
Id = organization.Id,
|
||||
AllowAdminAccessToAllCollectionItems = false,
|
||||
FlexibleCollections = true
|
||||
});
|
||||
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
|
||||
|
||||
@ -274,7 +272,6 @@ public class GroupsControllerTests
|
||||
{
|
||||
Id = organization.Id,
|
||||
AllowAdminAccessToAllCollectionItems = false,
|
||||
FlexibleCollections = true
|
||||
});
|
||||
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
|
||||
|
||||
@ -314,7 +311,6 @@ public class GroupsControllerTests
|
||||
Group group, Organization organization,
|
||||
SutProvider<GroupsController> sutProvider, Guid savingUserId)
|
||||
{
|
||||
organization.FlexibleCollections = true;
|
||||
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
|
||||
Put_Setup(sutProvider, organization, group, savingUserId);
|
||||
|
||||
@ -402,7 +398,6 @@ public class GroupsControllerTests
|
||||
Group group, Organization organization,
|
||||
SutProvider<GroupsController> sutProvider, Guid savingUserId)
|
||||
{
|
||||
organization.FlexibleCollections = true;
|
||||
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
|
||||
Put_Setup(sutProvider, organization, group, savingUserId);
|
||||
|
||||
@ -434,7 +429,6 @@ public class GroupsControllerTests
|
||||
.Returns(new OrganizationAbility
|
||||
{
|
||||
Id = organization.Id,
|
||||
FlexibleCollections = true,
|
||||
AllowAdminAccessToAllCollectionItems = false
|
||||
});
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user