mirror of
https://github.com/bitwarden/server.git
synced 2025-02-02 23:41:21 +01:00
orgs must have one owner checks
This commit is contained in:
parent
9e10314b21
commit
95fdfeb519
@ -10,6 +10,7 @@ namespace Bit.Core.Repositories
|
||||
public interface IOrganizationUserRepository : IRepository<OrganizationUser, Guid>
|
||||
{
|
||||
Task<OrganizationUser> GetByOrganizationAsync(Guid organizationId, Guid userId);
|
||||
Task<ICollection<OrganizationUser>> GetManyByOrganizationAsync(Guid organizationId, OrganizationUserType? type);
|
||||
Task<OrganizationUser> GetByOrganizationAsync(Guid organizationId, string email);
|
||||
Task<Tuple<OrganizationUserUserDetails, ICollection<SubvaultUserDetails>>> GetDetailsByIdAsync(Guid id);
|
||||
Task<ICollection<OrganizationUserUserDetails>> GetManyDetailsByOrganizationAsync(Guid organizationId);
|
||||
|
@ -47,6 +47,20 @@ namespace Bit.Core.Repositories.SqlServer
|
||||
}
|
||||
}
|
||||
|
||||
public async Task<ICollection<OrganizationUser>> GetManyByOrganizationAsync(Guid organizationId,
|
||||
OrganizationUserType? type)
|
||||
{
|
||||
using(var connection = new SqlConnection(ConnectionString))
|
||||
{
|
||||
var results = await connection.QueryAsync<OrganizationUser>(
|
||||
"[dbo].[OrganizationUser_ReadByOrganizationId]",
|
||||
new { OrganizationId = organizationId, Type = type },
|
||||
commandType: CommandType.StoredProcedure);
|
||||
|
||||
return results.ToList();
|
||||
}
|
||||
}
|
||||
|
||||
public async Task<Tuple<OrganizationUserUserDetails, ICollection<SubvaultUserDetails>>> GetDetailsByIdAsync(Guid id)
|
||||
{
|
||||
using(var connection = new SqlConnection(ConnectionString))
|
||||
@ -75,7 +89,7 @@ namespace Bit.Core.Repositories.SqlServer
|
||||
}
|
||||
}
|
||||
|
||||
public async Task<ICollection<OrganizationUserOrganizationDetails>> GetManyDetailsByUserAsync(Guid userId,
|
||||
public async Task<ICollection<OrganizationUserOrganizationDetails>> GetManyDetailsByUserAsync(Guid userId,
|
||||
OrganizationUserStatusType? status = null)
|
||||
{
|
||||
using(var connection = new SqlConnection(ConnectionString))
|
||||
|
@ -242,10 +242,17 @@ namespace Bit.Core.Services
|
||||
throw new BadRequestException("Cannot update users.");
|
||||
}
|
||||
|
||||
// TODO: validate subvaults?
|
||||
var confirmedOwners = (await GetConfirmedOwnersAsync(user.OrganizationId)).ToList();
|
||||
if(confirmedOwners.Count == 1 && confirmedOwners[0].Id == user.Id)
|
||||
{
|
||||
throw new BadRequestException("Organization must have at least one confirmed owner.");
|
||||
}
|
||||
|
||||
var orgSubvaults = await _subvaultRepository.GetManyByOrganizationIdAsync(user.OrganizationId);
|
||||
var filteredSubvaults = subvaults.Where(s => orgSubvaults.Any(os => os.Id == s.SubvaultId));
|
||||
|
||||
await _organizationUserRepository.ReplaceAsync(user);
|
||||
await SaveUserSubvaultsAsync(user, subvaults, false);
|
||||
await SaveUserSubvaultsAsync(user, filteredSubvaults, false);
|
||||
}
|
||||
|
||||
public async Task DeleteUserAsync(Guid organizationId, Guid organizationUserId, Guid deletingUserId)
|
||||
@ -261,9 +268,22 @@ namespace Bit.Core.Services
|
||||
throw new BadRequestException("User not valid.");
|
||||
}
|
||||
|
||||
var confirmedOwners = (await GetConfirmedOwnersAsync(organizationId)).ToList();
|
||||
if(confirmedOwners.Count == 1 && confirmedOwners[0].Id == organizationUserId)
|
||||
{
|
||||
throw new BadRequestException("Organization must have at least one confirmed owner.");
|
||||
}
|
||||
|
||||
await _organizationUserRepository.DeleteAsync(orgUser);
|
||||
}
|
||||
|
||||
private async Task<IEnumerable<OrganizationUser>> GetConfirmedOwnersAsync(Guid organizationId)
|
||||
{
|
||||
var owners = await _organizationUserRepository.GetManyByOrganizationAsync(organizationId,
|
||||
Enums.OrganizationUserType.Owner);
|
||||
return owners.Where(o => o.Status == Enums.OrganizationUserStatusType.Confirmed);
|
||||
}
|
||||
|
||||
private async Task<bool> OrganizationUserHasAdminRightsAsync(Guid organizationId, Guid userId)
|
||||
{
|
||||
var orgUser = await _organizationUserRepository.GetByOrganizationAsync(organizationId, userId);
|
||||
|
@ -178,5 +178,6 @@
|
||||
<Build Include="dbo\Functions\UserCanEditCipher.sql" />
|
||||
<Build Include="dbo\Stored Procedures\Cipher_UpdatePartial.sql" />
|
||||
<Build Include="dbo\Stored Procedures\OrganizationUser_ReadByOrganizationIdEmail.sql" />
|
||||
<Build Include="dbo\Stored Procedures\OrganizationUser_ReadByOrganizationId.sql" />
|
||||
</ItemGroup>
|
||||
</Project>
|
@ -0,0 +1,15 @@
|
||||
CREATE PROCEDURE [dbo].[OrganizationUser_ReadByOrganizationId]
|
||||
@OrganizationId UNIQUEIDENTIFIER,
|
||||
@Type TINYINT
|
||||
AS
|
||||
BEGIN
|
||||
SET NOCOUNT ON
|
||||
|
||||
SELECT
|
||||
*
|
||||
FROM
|
||||
[dbo].[OrganizationUserView]
|
||||
WHERE
|
||||
[OrganizationId] = @OrganizationId
|
||||
AND (@Type IS NULL OR [Type] = @Type)
|
||||
END
|
Loading…
Reference in New Issue
Block a user