[AC-108] Updated PolicyService to use IApplicationCacheService to determine if an organization uses policies

2024-11-21 12:05:42 +01:00 · 2023-08-09 12:48:03 +01:00 · 2023-08-09 12:48:03 +01:00 · b98b107c4b
commit b98b107c4b
parent dd82b8a56f
7 changed files with 40 additions and 3 deletions
--- a/src/Core/Models/Data/Organizations/OrganizationAbility.cs
+++ b/src/Core/Models/Data/Organizations/OrganizationAbility.cs
@ -20,6 +20,7 @@ public class OrganizationAbility
        UseScim = organization.UseScim;
        UseResetPassword = organization.UseResetPassword;
        UseCustomPermissions = organization.UseCustomPermissions;
+        UsePolicies = organization.UsePolicies;
    }

    public Guid Id { get; set; }
@ -33,4 +34,5 @@ public class OrganizationAbility
    public bool UseScim { get; set; }
    public bool UseResetPassword { get; set; }
    public bool UseCustomPermissions { get; set; }
+    public bool UsePolicies { get; set; }
 }
--- a/src/Core/Services/Implementations/PolicyService.cs
+++ b/src/Core/Services/Implementations/PolicyService.cs
@ -12,6 +12,7 @@ namespace Bit.Core.Services;

 public class PolicyService : IPolicyService
 {
+    private readonly IApplicationCacheService _applicationCacheService;
    private readonly IEventService _eventService;
    private readonly IOrganizationRepository _organizationRepository;
    private readonly IOrganizationUserRepository _organizationUserRepository;
@ -23,6 +24,7 @@ public class PolicyService : IPolicyService
    private IEnumerable<OrganizationUserPolicyDetails> _cachedOrganizationUserPolicyDetails;

    public PolicyService(
+        IApplicationCacheService applicationCacheService,
        IEventService eventService,
        IOrganizationRepository organizationRepository,
        IOrganizationUserRepository organizationUserRepository,
@ -31,6 +33,7 @@ public class PolicyService : IPolicyService
        IMailService mailService,
        GlobalSettings globalSettings)
    {
+        _applicationCacheService = applicationCacheService;
        _eventService = eventService;
        _organizationRepository = organizationRepository;
        _organizationUserRepository = organizationUserRepository;
@ -206,7 +209,9 @@ public class PolicyService : IPolicyService
        }

        var excludedUserTypes = GetUserTypesExcludedFromPolicy(policyType);
+        var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync();
        return _cachedOrganizationUserPolicyDetails.Where(o =>
+            (!orgAbilities.ContainsKey(o.OrganizationId) || orgAbilities[o.OrganizationId].Enabled && orgAbilities[o.OrganizationId].UsePolicies) &&
            (policyType == null || o.PolicyType == policyType) &&
            o.PolicyEnabled &&
            !excludedUserTypes.Contains(o.OrganizationUserType) &&
--- a/src/Infrastructure.EntityFramework/Repositories/OrganizationRepository.cs
+++ b/src/Infrastructure.EntityFramework/Repositories/OrganizationRepository.cs
@ -87,7 +87,8 @@ public class OrganizationRepository : Repository<Core.Entities.Organization, Org
                UseKeyConnector = e.UseKeyConnector,
                UseResetPassword = e.UseResetPassword,
                UseScim = e.UseScim,
-                UseCustomPermissions = e.UseCustomPermissions
+                UseCustomPermissions = e.UseCustomPermissions,
+                UsePolicies = e.UsePolicies
            }).ToListAsync();
        }
    }
--- a/Procedures/Organization_ReadAbilities.sql
+++ b/Procedures/Organization_ReadAbilities.sql
@ -19,6 +19,7 @@ BEGIN
        [UseKeyConnector],
        [UseScim],
        [UseResetPassword],
+        [UsePolicies],
        [Enabled]
    FROM
        [dbo].[Organization]
--- a/test/Identity.IntegrationTest/Endpoints/IdentityServerSsoTests.cs
+++ b/test/Identity.IntegrationTest/Endpoints/IdentityServerSsoTests.cs
@ -397,6 +397,7 @@ public class IdentityServerSsoTests
        var organization = await organizationRepository.CreateAsync(new Organization
        {
            Name = "Test Org",
+            UsePolicies = true
        });

        var organizationUserRepository = factory.Services.GetRequiredService<IOrganizationUserRepository>();
--- a/test/Identity.IntegrationTest/Endpoints/IdentityServerTests.cs
+++ b/test/Identity.IntegrationTest/Endpoints/IdentityServerTests.cs
@ -556,7 +556,7 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
        var organizationUserRepository = _factory.Services.GetService<IOrganizationUserRepository>();
        var policyRepository = _factory.Services.GetService<IPolicyRepository>();

-        var organization = new Bit.Core.Entities.Organization { Id = organizationId, Enabled = true, UseSso = ssoPolicyEnabled };
+        var organization = new Bit.Core.Entities.Organization { Id = organizationId, Enabled = true, UseSso = ssoPolicyEnabled, UsePolicies = true };
        await organizationRepository.CreateAsync(organization);

        var user = await userRepository.GetByEmailAsync(username);
--- a/util/Migrator/DbScripts/2023-08-09_00_OrgAbilitiesUsePolicies.sql
+++ b/util/Migrator/DbScripts/2023-08-09_00_OrgAbilitiesUsePolicies.sql
@ -0,0 +1,27 @@
+CREATE OR ALTER PROCEDURE [dbo].[Organization_ReadAbilities]
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        [Id],
+        [UseEvents],
+        [Use2fa],
+        CASE
+        WHEN [Use2fa] = 1 AND [TwoFactorProviders] IS NOT NULL AND [TwoFactorProviders] != '{}' THEN
+            1
+        ELSE
+            0
+        END AS [Using2fa],
+        [UsersGetPremium],
+        [UseCustomPermissions],
+        [UseSso],
+        [UseKeyConnector],
+        [UseScim],
+        [UseResetPassword],
+        [UsePolicies],
+        [Enabled]
+    FROM
+        [dbo].[Organization]
+END
+GO