orgs must have one owner checks

2025-02-16 01:51:21 +01:00 · 2017-03-29 21:26:19 -04:00 · 2017-03-29 21:26:19 -04:00 · 95fdfeb519
commit 95fdfeb519
parent 9e10314b21
5 changed files with 54 additions and 3 deletions
--- a/src/Core/Repositories/IOrganizationUserRepository.cs
+++ b/src/Core/Repositories/IOrganizationUserRepository.cs
@ -10,6 +10,7 @@ namespace Bit.Core.Repositories
    public interface IOrganizationUserRepository : IRepository<OrganizationUser, Guid>
    {
        Task<OrganizationUser> GetByOrganizationAsync(Guid organizationId, Guid userId);
+        Task<ICollection<OrganizationUser>> GetManyByOrganizationAsync(Guid organizationId, OrganizationUserType? type);
        Task<OrganizationUser> GetByOrganizationAsync(Guid organizationId, string email);
        Task<Tuple<OrganizationUserUserDetails, ICollection<SubvaultUserDetails>>> GetDetailsByIdAsync(Guid id);
        Task<ICollection<OrganizationUserUserDetails>> GetManyDetailsByOrganizationAsync(Guid organizationId);
--- a/src/Core/Repositories/SqlServer/OrganizationUserRepository.cs
+++ b/src/Core/Repositories/SqlServer/OrganizationUserRepository.cs
@ -47,6 +47,20 @@ namespace Bit.Core.Repositories.SqlServer
            }
        }

+        public async Task<ICollection<OrganizationUser>> GetManyByOrganizationAsync(Guid organizationId,
+            OrganizationUserType? type)
+        {
+            using(var connection = new SqlConnection(ConnectionString))
+            {
+                var results = await connection.QueryAsync<OrganizationUser>(
+                    "[dbo].[OrganizationUser_ReadByOrganizationId]",
+                    new { OrganizationId = organizationId, Type = type },
+                    commandType: CommandType.StoredProcedure);
+
+                return results.ToList();
+            }
+        }
+
        public async Task<Tuple<OrganizationUserUserDetails, ICollection<SubvaultUserDetails>>> GetDetailsByIdAsync(Guid id)
        {
            using(var connection = new SqlConnection(ConnectionString))
@ -75,7 +89,7 @@ namespace Bit.Core.Repositories.SqlServer
            }
        }

-        public async Task<ICollection<OrganizationUserOrganizationDetails>> GetManyDetailsByUserAsync(Guid userId, 
+        public async Task<ICollection<OrganizationUserOrganizationDetails>> GetManyDetailsByUserAsync(Guid userId,
            OrganizationUserStatusType? status = null)
        {
            using(var connection = new SqlConnection(ConnectionString))
--- a/src/Core/Services/Implementations/OrganizationService.cs
+++ b/src/Core/Services/Implementations/OrganizationService.cs
@ -242,10 +242,17 @@ namespace Bit.Core.Services
                throw new BadRequestException("Cannot update users.");
            }

-            // TODO: validate subvaults?
+            var confirmedOwners = (await GetConfirmedOwnersAsync(user.OrganizationId)).ToList();
+            if(confirmedOwners.Count == 1 && confirmedOwners[0].Id == user.Id)
+            {
+                throw new BadRequestException("Organization must have at least one confirmed owner.");
+            }
+
+            var orgSubvaults = await _subvaultRepository.GetManyByOrganizationIdAsync(user.OrganizationId);
+            var filteredSubvaults = subvaults.Where(s => orgSubvaults.Any(os => os.Id == s.SubvaultId));

            await _organizationUserRepository.ReplaceAsync(user);
-            await SaveUserSubvaultsAsync(user, subvaults, false);
+            await SaveUserSubvaultsAsync(user, filteredSubvaults, false);
        }

        public async Task DeleteUserAsync(Guid organizationId, Guid organizationUserId, Guid deletingUserId)
@ -261,9 +268,22 @@ namespace Bit.Core.Services
                throw new BadRequestException("User not valid.");
            }

+            var confirmedOwners = (await GetConfirmedOwnersAsync(organizationId)).ToList();
+            if(confirmedOwners.Count == 1 && confirmedOwners[0].Id == organizationUserId)
+            {
+                throw new BadRequestException("Organization must have at least one confirmed owner.");
+            }
+
            await _organizationUserRepository.DeleteAsync(orgUser);
        }

+        private async Task<IEnumerable<OrganizationUser>> GetConfirmedOwnersAsync(Guid organizationId)
+        {
+            var owners = await _organizationUserRepository.GetManyByOrganizationAsync(organizationId,
+                Enums.OrganizationUserType.Owner);
+            return owners.Where(o => o.Status == Enums.OrganizationUserStatusType.Confirmed);
+        }
+
        private async Task<bool> OrganizationUserHasAdminRightsAsync(Guid organizationId, Guid userId)
        {
            var orgUser = await _organizationUserRepository.GetByOrganizationAsync(organizationId, userId);
--- a/src/Sql/Sql.sqlproj
+++ b/src/Sql/Sql.sqlproj
@ -178,5 +178,6 @@
    <Build Include="dbo\Functions\UserCanEditCipher.sql" />
    <Build Include="dbo\Stored Procedures\Cipher_UpdatePartial.sql" />
    <Build Include="dbo\Stored Procedures\OrganizationUser_ReadByOrganizationIdEmail.sql" />
+    <Build Include="dbo\Stored Procedures\OrganizationUser_ReadByOrganizationId.sql" />
  </ItemGroup>
 </Project>
--- a/Procedures/OrganizationUser_ReadByOrganizationId.sql
+++ b/Procedures/OrganizationUser_ReadByOrganizationId.sql
@ -0,0 +1,15 @@
+CREATE PROCEDURE [dbo].[OrganizationUser_ReadByOrganizationId]
+    @OrganizationId UNIQUEIDENTIFIER,
+    @Type TINYINT
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        *
+    FROM
+        [dbo].[OrganizationUserView]
+    WHERE
+        [OrganizationId] = @OrganizationId
+        AND (@Type IS NULL OR [Type] = @Type)
+END