1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-28 13:15:12 +01:00

[AC-2653] Remove old permissions code from GroupsController (#4148)

This commit is contained in:
Thomas Rittson 2024-06-04 08:46:48 +10:00 committed by GitHub
parent fe76de63a0
commit 80793d1ffa
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 8 additions and 46 deletions

View File

@ -92,19 +92,9 @@ public class GroupsController : Controller
[HttpGet("")]
public async Task<ListResponseModel<GroupDetailsResponseModel>> Get(Guid orgId)
{
if (await FlexibleCollectionsIsEnabledAsync(orgId))
{
// New flexible collections logic
return await Get_vNext(orgId);
}
// Old pre-flexible collections logic follows
var canAccess = await _currentContext.ManageGroups(orgId) ||
await _currentContext.ViewAssignedCollections(orgId) ||
await _currentContext.ViewAllCollections(orgId) ||
await _currentContext.ManageUsers(orgId);
if (!canAccess)
var authorized =
(await _authorizationService.AuthorizeAsync(User, GroupOperations.ReadAll(orgId))).Succeeded;
if (!authorized)
{
throw new NotFoundException();
}
@ -137,9 +127,7 @@ public class GroupsController : Controller
}
// Flexible Collections - check the user has permission to grant access to the collections for the new group
if (await FlexibleCollectionsIsEnabledAsync(orgId) &&
_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1) &&
model.Collections?.Any() == true)
if (_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1) && model.Collections?.Any() == true)
{
var collections = await _collectionRepository.GetManyByManyIdsAsync(model.Collections.Select(a => a.Id));
var authorized =
@ -162,7 +150,7 @@ public class GroupsController : Controller
[HttpPost("{id}")]
public async Task<GroupResponseModel> Put(Guid orgId, Guid id, [FromBody] GroupRequestModel model)
{
if (await FlexibleCollectionsIsEnabledAsync(orgId) && _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1))
if (_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1))
{
// Use new Flexible Collections v1 logic
return await Put_vNext(orgId, id, model);
@ -284,24 +272,4 @@ public class GroupsController : Controller
await _groupService.DeleteUserAsync(group, new Guid(orgUserId));
}
private async Task<ListResponseModel<GroupDetailsResponseModel>> Get_vNext(Guid orgId)
{
var authorized =
(await _authorizationService.AuthorizeAsync(User, GroupOperations.ReadAll(orgId))).Succeeded;
if (!authorized)
{
throw new NotFoundException();
}
var groups = await _groupRepository.GetManyWithCollectionsByOrganizationIdAsync(orgId);
var responses = groups.Select(g => new GroupDetailsResponseModel(g.Item1, g.Item2));
return new ListResponseModel<GroupDetailsResponseModel>(responses);
}
private async Task<bool> FlexibleCollectionsIsEnabledAsync(Guid organizationId)
{
var organizationAbility = await _applicationCacheService.GetOrganizationAbilityAsync(organizationId);
return organizationAbility?.FlexibleCollections ?? false;
}
}

View File

@ -56,7 +56,7 @@ public class GroupsControllerTests
{
// Enable FC and v1
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organization.Id).Returns(
new OrganizationAbility { Id = organization.Id, FlexibleCollections = true, AllowAdminAccessToAllCollectionItems = false });
new OrganizationAbility { Id = organization.Id, AllowAdminAccessToAllCollectionItems = false });
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
sutProvider.GetDependency<IAuthorizationService>()
@ -102,7 +102,7 @@ public class GroupsControllerTests
{
// Enable FC and v1
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organization.Id).Returns(
new OrganizationAbility { Id = organization.Id, FlexibleCollections = true, AllowAdminAccessToAllCollectionItems = false });
new OrganizationAbility { Id = organization.Id, AllowAdminAccessToAllCollectionItems = false });
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
@ -133,7 +133,7 @@ public class GroupsControllerTests
// Enable FC and v1, set Collection Management Setting
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organization.Id).Returns(
new OrganizationAbility { Id = organization.Id, AllowAdminAccessToAllCollectionItems = true, FlexibleCollections = true });
new OrganizationAbility { Id = organization.Id, AllowAdminAccessToAllCollectionItems = true });
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
@ -177,7 +177,6 @@ public class GroupsControllerTests
{
Id = organization.Id,
AllowAdminAccessToAllCollectionItems = false,
FlexibleCollections = true
});
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
@ -218,7 +217,6 @@ public class GroupsControllerTests
{
Id = organization.Id,
AllowAdminAccessToAllCollectionItems = false,
FlexibleCollections = true
});
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
@ -274,7 +272,6 @@ public class GroupsControllerTests
{
Id = organization.Id,
AllowAdminAccessToAllCollectionItems = false,
FlexibleCollections = true
});
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
@ -314,7 +311,6 @@ public class GroupsControllerTests
Group group, Organization organization,
SutProvider<GroupsController> sutProvider, Guid savingUserId)
{
organization.FlexibleCollections = true;
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
Put_Setup(sutProvider, organization, group, savingUserId);
@ -402,7 +398,6 @@ public class GroupsControllerTests
Group group, Organization organization,
SutProvider<GroupsController> sutProvider, Guid savingUserId)
{
organization.FlexibleCollections = true;
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
Put_Setup(sutProvider, organization, group, savingUserId);
@ -434,7 +429,6 @@ public class GroupsControllerTests
.Returns(new OrganizationAbility
{
Id = organization.Id,
FlexibleCollections = true,
AllowAdminAccessToAllCollectionItems = false
});