From a5630f8af4b38a4c6138ea13a073936c7f246fcf Mon Sep 17 00:00:00 2001
From: Kyle Spearrin <kyle.spearrin@gmail.com>
Date: Sat, 24 Feb 2018 14:29:11 -0500
Subject: [PATCH] admin attachment apis

---
 src/Api/Controllers/CiphersController.cs | 39 ++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/src/Api/Controllers/CiphersController.cs b/src/Api/Controllers/CiphersController.cs
index afe2a0f15..b8cad2764 100644
--- a/src/Api/Controllers/CiphersController.cs
+++ b/src/Api/Controllers/CiphersController.cs
@@ -414,6 +414,29 @@ namespace Bit.Api.Controllers
             return new CipherResponseModel(cipher, _globalSettings);
         }
 
+        [HttpPost("{id}/attachment-admin")]
+        [DisableFormValueModelBinding]
+        public async Task<CipherResponseModel> PostAttachmentAdmin(string id)
+        {
+            ValidateAttachment();
+
+            var userId = _userService.GetProperUserId(User).Value;
+            var cipher = await _cipherRepository.GetDetailsByIdAsync(new Guid(id));
+            if(cipher == null || !cipher.OrganizationId.HasValue ||
+                !_currentContext.OrganizationAdmin(cipher.OrganizationId.Value))
+            {
+                throw new NotFoundException();
+            }
+
+            await Request.GetFileAsync(async (stream, fileName) =>
+            {
+                await _cipherService.CreateAttachmentAsync(cipher, stream, fileName,
+                        Request.ContentLength.GetValueOrDefault(0), userId);
+            });
+
+            return new CipherResponseModel(cipher, _globalSettings);
+        }
+
         [HttpPost("{id}/attachment/{attachmentId}/share")]
         [RequestSizeLimit(105_906_176)]
         [DisableFormValueModelBinding]
@@ -450,6 +473,22 @@ namespace Bit.Api.Controllers
             await _cipherService.DeleteAttachmentAsync(cipher, attachmentId, userId, false);
         }
 
+        [HttpDelete("{id}/attachment/{attachmentId}/admin")]
+        [HttpPost("{id}/attachment/{attachmentId}/delete-admin")]
+        public async Task DeleteAttachmentAdmin(string id, string attachmentId)
+        {
+            var idGuid = new Guid(id);
+            var userId = _userService.GetProperUserId(User).Value;
+            var cipher = await _cipherRepository.GetByIdAsync(idGuid);
+            if(cipher == null || !cipher.OrganizationId.HasValue ||
+                !_currentContext.OrganizationAdmin(cipher.OrganizationId.Value))
+            {
+                throw new NotFoundException();
+            }
+
+            await _cipherService.DeleteAttachmentAsync(cipher, attachmentId, userId, false);
+        }
+
         private void ValidateAttachment()
         {
             if(!Request?.ContentType.Contains("multipart/") ?? true)