diff --git a/src/Core/Models/Data/Organizations/OrganizationAbility.cs b/src/Core/Models/Data/Organizations/OrganizationAbility.cs index 809f4d5d4..22bf4008e 100644 --- a/src/Core/Models/Data/Organizations/OrganizationAbility.cs +++ b/src/Core/Models/Data/Organizations/OrganizationAbility.cs @@ -20,6 +20,7 @@ public class OrganizationAbility UseScim = organization.UseScim; UseResetPassword = organization.UseResetPassword; UseCustomPermissions = organization.UseCustomPermissions; + UsePolicies = organization.UsePolicies; } public Guid Id { get; set; } @@ -33,4 +34,5 @@ public class OrganizationAbility public bool UseScim { get; set; } public bool UseResetPassword { get; set; } public bool UseCustomPermissions { get; set; } + public bool UsePolicies { get; set; } } diff --git a/src/Core/Services/Implementations/PolicyService.cs b/src/Core/Services/Implementations/PolicyService.cs index 595a798e7..6f918e684 100644 --- a/src/Core/Services/Implementations/PolicyService.cs +++ b/src/Core/Services/Implementations/PolicyService.cs @@ -12,6 +12,7 @@ namespace Bit.Core.Services; public class PolicyService : IPolicyService { + private readonly IApplicationCacheService _applicationCacheService; private readonly IEventService _eventService; private readonly IOrganizationRepository _organizationRepository; private readonly IOrganizationUserRepository _organizationUserRepository; @@ -23,6 +24,7 @@ public class PolicyService : IPolicyService private IEnumerable _cachedOrganizationUserPolicyDetails; public PolicyService( + IApplicationCacheService applicationCacheService, IEventService eventService, IOrganizationRepository organizationRepository, IOrganizationUserRepository organizationUserRepository, @@ -31,6 +33,7 @@ public class PolicyService : IPolicyService IMailService mailService, GlobalSettings globalSettings) { + _applicationCacheService = applicationCacheService; _eventService = eventService; _organizationRepository = organizationRepository; _organizationUserRepository = organizationUserRepository; @@ -206,7 +209,9 @@ public class PolicyService : IPolicyService } var excludedUserTypes = GetUserTypesExcludedFromPolicy(policyType); + var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync(); return _cachedOrganizationUserPolicyDetails.Where(o => + (!orgAbilities.ContainsKey(o.OrganizationId) || orgAbilities[o.OrganizationId].Enabled && orgAbilities[o.OrganizationId].UsePolicies) && (policyType == null || o.PolicyType == policyType) && o.PolicyEnabled && !excludedUserTypes.Contains(o.OrganizationUserType) && diff --git a/src/Infrastructure.EntityFramework/Repositories/OrganizationRepository.cs b/src/Infrastructure.EntityFramework/Repositories/OrganizationRepository.cs index 045ac881e..702f9bea5 100644 --- a/src/Infrastructure.EntityFramework/Repositories/OrganizationRepository.cs +++ b/src/Infrastructure.EntityFramework/Repositories/OrganizationRepository.cs @@ -87,7 +87,8 @@ public class OrganizationRepository : Repository(); diff --git a/test/Identity.IntegrationTest/Endpoints/IdentityServerTests.cs b/test/Identity.IntegrationTest/Endpoints/IdentityServerTests.cs index b1e74bd17..cae6ed172 100644 --- a/test/Identity.IntegrationTest/Endpoints/IdentityServerTests.cs +++ b/test/Identity.IntegrationTest/Endpoints/IdentityServerTests.cs @@ -556,7 +556,7 @@ public class IdentityServerTests : IClassFixture var organizationUserRepository = _factory.Services.GetService(); var policyRepository = _factory.Services.GetService(); - var organization = new Bit.Core.Entities.Organization { Id = organizationId, Enabled = true, UseSso = ssoPolicyEnabled }; + var organization = new Bit.Core.Entities.Organization { Id = organizationId, Enabled = true, UseSso = ssoPolicyEnabled, UsePolicies = true }; await organizationRepository.CreateAsync(organization); var user = await userRepository.GetByEmailAsync(username); diff --git a/util/Migrator/DbScripts/2023-08-09_00_OrgAbilitiesUsePolicies.sql b/util/Migrator/DbScripts/2023-08-09_00_OrgAbilitiesUsePolicies.sql new file mode 100644 index 000000000..f19c189fd --- /dev/null +++ b/util/Migrator/DbScripts/2023-08-09_00_OrgAbilitiesUsePolicies.sql @@ -0,0 +1,27 @@ +CREATE OR ALTER PROCEDURE [dbo].[Organization_ReadAbilities] +AS +BEGIN + SET NOCOUNT ON + + SELECT + [Id], + [UseEvents], + [Use2fa], + CASE + WHEN [Use2fa] = 1 AND [TwoFactorProviders] IS NOT NULL AND [TwoFactorProviders] != '{}' THEN + 1 + ELSE + 0 + END AS [Using2fa], + [UsersGetPremium], + [UseCustomPermissions], + [UseSso], + [UseKeyConnector], + [UseScim], + [UseResetPassword], + [UsePolicies], + [Enabled] + FROM + [dbo].[Organization] +END +GO