mirror of
https://github.com/bitwarden/server.git
synced 2024-11-21 12:05:42 +01:00
[AC-2656] Remove old permissions code from CiphersController (#4186)
This commit is contained in:
Thomas Rittson
GitHub
parent
6262686c0c
commit
9595252224
@ -245,13 +245,13 @@ public class CiphersController : Controller
|
||||
[HttpGet("organization-details")]
|
||||
public async Task<ListResponseModel<CipherMiniDetailsResponseModel>> GetOrganizationCiphers(Guid organizationId)
|
||||
{
|
||||
// Flexible Collections Logic
|
||||
if (await UseFlexibleCollectionsV1Async(organizationId))
|
||||
// Flexible Collections V1 Logic
|
||||
if (UseFlexibleCollectionsV1())
|
||||
{
|
||||
return await GetAllOrganizationCiphersAsync(organizationId);
|
||||
}
|
||||
|
||||
// Pre-Flexible Collections Logic
|
||||
// Pre-Flexible Collections V1 Logic
|
||||
var userId = _userService.GetProperUserId(User).Value;
|
||||
|
||||
(IEnumerable<CipherOrganizationDetails> orgCiphers, Dictionary<Guid, IGrouping<Guid, CollectionCipher>> collectionCiphersGroupDict) = await _cipherService.GetOrganizationCiphers(userId, organizationId);
|
||||
@ -271,7 +271,7 @@ public class CiphersController : Controller
|
||||
[HttpGet("organization-details/assigned")]
|
||||
public async Task<ListResponseModel<CipherDetailsResponseModel>> GetAssignedOrganizationCiphers(Guid organizationId)
|
||||
{
|
||||
if (!await UseFlexibleCollectionsV1Async(organizationId))
|
||||
if (!UseFlexibleCollectionsV1())
|
||||
{
|
||||
throw new FeatureUnavailableException();
|
||||
}
|
||||
@ -329,7 +329,7 @@ public class CiphersController : Controller
|
||||
private async Task<bool> CanEditCipherAsAdminAsync(Guid organizationId, IEnumerable<Guid> cipherIds)
|
||||
{
|
||||
// Pre-Flexible collections V1 only needs to check EditAnyCollection
|
||||
if (!await UseFlexibleCollectionsV1Async(organizationId))
|
||||
if (!UseFlexibleCollectionsV1())
|
||||
{
|
||||
return await _currentContext.EditAnyCollection(organizationId);
|
||||
}
|
||||
@ -397,7 +397,7 @@ public class CiphersController : Controller
|
||||
var org = _currentContext.GetOrganization(organizationId);
|
||||
|
||||
// If not using V1, owners, admins, and users with EditAnyCollection permissions, and providers can always edit all ciphers
|
||||
if (!await UseFlexibleCollectionsV1Async(organizationId))
|
||||
if (!UseFlexibleCollectionsV1())
|
||||
{
|
||||
return org is { Type: OrganizationUserType.Owner or OrganizationUserType.Admin } or
|
||||
{ Permissions.EditAnyCollection: true } ||
|
||||
@ -669,7 +669,7 @@ public class CiphersController : Controller
|
||||
|
||||
// In V1, we still need to check if the user can edit the collections they're submitting
|
||||
// This should only happen for unassigned ciphers (otherwise restricted admins would use the normal collections endpoint)
|
||||
if (await UseFlexibleCollectionsV1Async(cipher.OrganizationId.Value) && !await CanEditItemsInCollections(cipher.OrganizationId.Value, collectionIds))
|
||||
if (UseFlexibleCollectionsV1() && !await CanEditItemsInCollections(cipher.OrganizationId.Value, collectionIds))
|
||||
{
|
||||
throw new NotFoundException();
|
||||
}
|
||||
@ -680,14 +680,6 @@ public class CiphersController : Controller
|
||||
[HttpPost("bulk-collections")]
|
||||
public async Task PostBulkCollections([FromBody] CipherBulkUpdateCollectionsRequestModel model)
|
||||
{
|
||||
var orgAbility = await _applicationCacheService.GetOrganizationAbilityAsync(model.OrganizationId);
|
||||
|
||||
// Only available for organizations with flexible collections
|
||||
if (orgAbility is null or { FlexibleCollections: false })
|
||||
{
|
||||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
if (!await CanEditCiphersAsync(model.OrganizationId, model.CipherIds) ||
|
||||
!await CanEditItemsInCollections(model.OrganizationId, model.CollectionIds))
|
||||
{
|
||||
@ -1272,14 +1264,8 @@ public class CiphersController : Controller
|
||||
return await _cipherRepository.GetByIdAsync(cipherId, userId, UseFlexibleCollections);
|
||||
}
|
||||
|
||||
private async Task<bool> UseFlexibleCollectionsV1Async(Guid organizationId)
|
||||
private bool UseFlexibleCollectionsV1()
|
||||
{
|
||||
if (!_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
var organizationAbility = await _applicationCacheService.GetOrganizationAbilityAsync(organizationId);
|
||||
return organizationAbility?.FlexibleCollections ?? false;
|
||||
return _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1);
|
||||
}
|
||||
}
|
||||
|
||||
@ -150,8 +150,7 @@ public class CiphersControllerTests
|
||||
[BitAutoData(OrganizationUserType.Custom, false, false)]
|
||||
public async Task CanEditCiphersAsAdminAsync_FlexibleCollections_Success(
|
||||
OrganizationUserType userType, bool allowAdminsAccessToAllItems, bool shouldSucceed,
|
||||
CurrentContextOrganization organization, Guid userId, Cipher cipher, SutProvider<CiphersController> sutProvider
|
||||
)
|
||||
CurrentContextOrganization organization, Guid userId, Cipher cipher, SutProvider<CiphersController> sutProvider)
|
||||
{
|
||||
cipher.OrganizationId = organization.Id;
|
||||
organization.Type = userType;
|
||||
@ -169,7 +168,6 @@ public class CiphersControllerTests
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organization.Id).Returns(new OrganizationAbility
|
||||
{
|
||||
Id = organization.Id,
|
||||
FlexibleCollections = true,
|
||||
AllowAdminAccessToAllCollectionItems = allowAdminsAccessToAllItems
|
||||
});
|
||||
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(true);
|
||||
@ -188,47 +186,6 @@ public class CiphersControllerTests
|
||||
}
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// To be removed after FlexibleCollections is fully released
|
||||
/// </summary>
|
||||
[Theory]
|
||||
[BitAutoData(true, true)]
|
||||
[BitAutoData(false, true)]
|
||||
[BitAutoData(true, false)]
|
||||
[BitAutoData(false, false)]
|
||||
public async Task CanEditCiphersAsAdminAsync_NonFlexibleCollections(
|
||||
bool v1Enabled, bool shouldSucceed, CurrentContextOrganization organization, Guid userId, Cipher cipher, SutProvider<CiphersController> sutProvider
|
||||
)
|
||||
{
|
||||
cipher.OrganizationId = organization.Id;
|
||||
sutProvider.GetDependency<ICurrentContext>().EditAnyCollection(organization.Id).Returns(shouldSucceed);
|
||||
|
||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(userId);
|
||||
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organization.Id).Returns(new OrganizationAbility
|
||||
{
|
||||
Id = organization.Id,
|
||||
FlexibleCollections = false,
|
||||
AllowAdminAccessToAllCollectionItems = false
|
||||
});
|
||||
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(v1Enabled);
|
||||
sutProvider.GetDependency<ICipherRepository>().GetByIdAsync(cipher.Id).Returns(cipher);
|
||||
|
||||
if (shouldSucceed)
|
||||
{
|
||||
await sutProvider.Sut.DeleteAdmin(cipher.Id.ToString());
|
||||
await sutProvider.GetDependency<ICipherService>().ReceivedWithAnyArgs()
|
||||
.DeleteAsync(default, default);
|
||||
}
|
||||
else
|
||||
{
|
||||
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.DeleteAdmin(cipher.Id.ToString()));
|
||||
await sutProvider.GetDependency<ICipherService>().DidNotReceiveWithAnyArgs()
|
||||
.DeleteAsync(default, default);
|
||||
}
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[BitAutoData(false, false)]
|
||||
[BitAutoData(true, false)]
|
||||
@ -251,7 +208,6 @@ public class CiphersControllerTests
|
||||
sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organization.Id).Returns(new OrganizationAbility
|
||||
{
|
||||
Id = organization.Id,
|
||||
FlexibleCollections = fcV1Enabled, // Assume FlexibleCollections is enabled if v1 is enabled
|
||||
AllowAdminAccessToAllCollectionItems = false
|
||||
});
|
||||
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1).Returns(fcV1Enabled);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user