Permissions bugs (#1083)

* Null checked org invite collections * Null checked permissions on org invite * Gave a static seat count to org invite fixture * Null checked the right way
2025-02-16 01:51:21 +01:00 · 2021-01-13 15:14:28 -05:00 · 2021-01-13 15:14:28 -05:00 · 9f938f5efd
commit 9f938f5efd
parent 96cc88aafc
4 changed files with 29 additions and 5 deletions
--- a/src/Core/Models/Business/OrganizationUserInvite.cs
+++ b/src/Core/Models/Business/OrganizationUserInvite.cs
@ -20,7 +20,7 @@ namespace Bit.Core.Models.Business
            Emails = requestModel.Emails;
            Type = requestModel.Type.Value;
            AccessAll = requestModel.AccessAll;
-            Collections = requestModel.Collections.Select(c => c.ToSelectionReadOnly());
+            Collections = requestModel.Collections?.Select(c => c.ToSelectionReadOnly());
            Permissions = requestModel.Permissions;
        }
    }
--- a/src/Core/Services/Implementations/OrganizationService.cs
+++ b/src/Core/Services/Implementations/OrganizationService.cs
@ -1022,11 +1022,15 @@ namespace Bit.Core.Services
                    ExternalId = externalId,
                    CreationDate = DateTime.UtcNow,
                    RevisionDate = DateTime.UtcNow,
-                    Permissions = System.Text.Json.JsonSerializer.Serialize(invite.Permissions, new JsonSerializerOptions
+                };
+
+                if (invite.Permissions != null)
+                {
+                    orgUser.Permissions = System.Text.Json.JsonSerializer.Serialize(invite.Permissions, new JsonSerializerOptions
                    {
                        PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
-                    }),
-                };
+                    });
+                }

                if (!orgUser.AccessAll && invite.Collections.Any())
                {
--- a/test/Core.Test/AutoFixture/OrganizationFixtures.cs
+++ b/test/Core.Test/AutoFixture/OrganizationFixtures.cs
@ -56,7 +56,8 @@ namespace Bit.Core.Test.AutoFixture.OrganizationFixtures
                PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
            });
            fixture.Customize<Organization>(composer => composer
-                .With(o => o.Id, organizationId));
+                .With(o => o.Id, organizationId)
+                .With(o => o.Seats, (short)100));
            fixture.Customize<OrganizationUser>(composer => composer
                .With(ou => ou.OrganizationId, organizationId)
                .With(ou => ou.Type, InvitorUserType)
--- a/test/Core.Test/Services/OrganizationServiceTests.cs
+++ b/test/Core.Test/Services/OrganizationServiceTests.cs
@ -296,6 +296,25 @@ namespace Bit.Core.Test.Services
            Assert.Contains("can not manage admins", exception.Message.ToLowerInvariant());
        }

+        [Theory] 
+        [OrganizationInviteAutoData(
+            inviteeUserType: (int)OrganizationUserType.User, 
+            invitorUserType: (int)OrganizationUserType.Owner
+        )]
+        public async Task InviteUser_NoPermissionsObject_Passes(Organization organization, OrganizationUserInvite invite, 
+            OrganizationUser invitor, SutProvider<OrganizationService> sutProvider)
+        {
+            invite.Permissions = null;
+            var organizationRepository = sutProvider.GetDependency<IOrganizationRepository>();
+            var organizationUserRepository = sutProvider.GetDependency<IOrganizationUserRepository>();
+            var eventService = sutProvider.GetDependency<IEventService>();
+
+            organizationRepository.GetByIdAsync(organization.Id).Returns(organization);
+            organizationUserRepository.GetManyByUserAsync(invitor.UserId.Value).Returns(new List<OrganizationUser> { invitor });
+
+            await sutProvider.Sut.InviteUserAsync(organization.Id, invitor.UserId, null, invite);
+        }
+
        [Theory] 
        [OrganizationInviteAutoData(
            inviteeUserType: (int)OrganizationUserType.User,