mirror of
https://github.com/bitwarden/server.git
synced 2024-11-21 12:05:42 +01:00
[PM-3478] Refactor OrganizationUser api (#4752)
* Add OrganizationUserMiniDetails endpoint, models and authorization * Restrict access to current OrganizationUserUserDetails endpoint Both are behind feature flags
This commit is contained in:
parent
7368e57b7b
commit
c94a084c86
@ -3,10 +3,10 @@ using Bit.Api.AdminConsole.Models.Response.Organizations;
|
|||||||
using Bit.Api.Models.Request.Organizations;
|
using Bit.Api.Models.Request.Organizations;
|
||||||
using Bit.Api.Models.Response;
|
using Bit.Api.Models.Response;
|
||||||
using Bit.Api.Vault.AuthorizationHandlers.Collections;
|
using Bit.Api.Vault.AuthorizationHandlers.Collections;
|
||||||
using Bit.Api.Vault.AuthorizationHandlers.OrganizationUsers;
|
|
||||||
using Bit.Core;
|
using Bit.Core;
|
||||||
using Bit.Core.AdminConsole.Enums;
|
using Bit.Core.AdminConsole.Enums;
|
||||||
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
|
using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
|
||||||
|
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Authorization;
|
||||||
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
|
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
|
||||||
using Bit.Core.AdminConsole.Repositories;
|
using Bit.Core.AdminConsole.Repositories;
|
||||||
using Bit.Core.Auth.Enums;
|
using Bit.Core.Auth.Enums;
|
||||||
@ -44,7 +44,6 @@ public class OrganizationUsersController : Controller
|
|||||||
private readonly ICountNewSmSeatsRequiredQuery _countNewSmSeatsRequiredQuery;
|
private readonly ICountNewSmSeatsRequiredQuery _countNewSmSeatsRequiredQuery;
|
||||||
private readonly IUpdateSecretsManagerSubscriptionCommand _updateSecretsManagerSubscriptionCommand;
|
private readonly IUpdateSecretsManagerSubscriptionCommand _updateSecretsManagerSubscriptionCommand;
|
||||||
private readonly IUpdateOrganizationUserCommand _updateOrganizationUserCommand;
|
private readonly IUpdateOrganizationUserCommand _updateOrganizationUserCommand;
|
||||||
private readonly IUpdateOrganizationUserGroupsCommand _updateOrganizationUserGroupsCommand;
|
|
||||||
private readonly IAcceptOrgUserCommand _acceptOrgUserCommand;
|
private readonly IAcceptOrgUserCommand _acceptOrgUserCommand;
|
||||||
private readonly IAuthorizationService _authorizationService;
|
private readonly IAuthorizationService _authorizationService;
|
||||||
private readonly IApplicationCacheService _applicationCacheService;
|
private readonly IApplicationCacheService _applicationCacheService;
|
||||||
@ -66,7 +65,6 @@ public class OrganizationUsersController : Controller
|
|||||||
ICountNewSmSeatsRequiredQuery countNewSmSeatsRequiredQuery,
|
ICountNewSmSeatsRequiredQuery countNewSmSeatsRequiredQuery,
|
||||||
IUpdateSecretsManagerSubscriptionCommand updateSecretsManagerSubscriptionCommand,
|
IUpdateSecretsManagerSubscriptionCommand updateSecretsManagerSubscriptionCommand,
|
||||||
IUpdateOrganizationUserCommand updateOrganizationUserCommand,
|
IUpdateOrganizationUserCommand updateOrganizationUserCommand,
|
||||||
IUpdateOrganizationUserGroupsCommand updateOrganizationUserGroupsCommand,
|
|
||||||
IAcceptOrgUserCommand acceptOrgUserCommand,
|
IAcceptOrgUserCommand acceptOrgUserCommand,
|
||||||
IAuthorizationService authorizationService,
|
IAuthorizationService authorizationService,
|
||||||
IApplicationCacheService applicationCacheService,
|
IApplicationCacheService applicationCacheService,
|
||||||
@ -86,7 +84,6 @@ public class OrganizationUsersController : Controller
|
|||||||
_countNewSmSeatsRequiredQuery = countNewSmSeatsRequiredQuery;
|
_countNewSmSeatsRequiredQuery = countNewSmSeatsRequiredQuery;
|
||||||
_updateSecretsManagerSubscriptionCommand = updateSecretsManagerSubscriptionCommand;
|
_updateSecretsManagerSubscriptionCommand = updateSecretsManagerSubscriptionCommand;
|
||||||
_updateOrganizationUserCommand = updateOrganizationUserCommand;
|
_updateOrganizationUserCommand = updateOrganizationUserCommand;
|
||||||
_updateOrganizationUserGroupsCommand = updateOrganizationUserGroupsCommand;
|
|
||||||
_acceptOrgUserCommand = acceptOrgUserCommand;
|
_acceptOrgUserCommand = acceptOrgUserCommand;
|
||||||
_authorizationService = authorizationService;
|
_authorizationService = authorizationService;
|
||||||
_applicationCacheService = applicationCacheService;
|
_applicationCacheService = applicationCacheService;
|
||||||
@ -115,11 +112,27 @@ public class OrganizationUsersController : Controller
|
|||||||
return response;
|
return response;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[HttpGet("mini-details")]
|
||||||
|
[RequireFeature(FeatureFlagKeys.Pm3478RefactorOrganizationUserApi)]
|
||||||
|
public async Task<ListResponseModel<OrganizationUserUserMiniDetailsResponseModel>> GetMiniDetails(Guid orgId)
|
||||||
|
{
|
||||||
|
var authorizationResult = await _authorizationService.AuthorizeAsync(User, new OrganizationScope(orgId),
|
||||||
|
OrganizationUserUserMiniDetailsOperations.ReadAll);
|
||||||
|
if (!authorizationResult.Succeeded)
|
||||||
|
{
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
|
||||||
|
var organizationUserUserDetails = await _organizationUserRepository.GetManyDetailsByOrganizationAsync(orgId);
|
||||||
|
return new ListResponseModel<OrganizationUserUserMiniDetailsResponseModel>(
|
||||||
|
organizationUserUserDetails.Select(ou => new OrganizationUserUserMiniDetailsResponseModel(ou)));
|
||||||
|
}
|
||||||
|
|
||||||
[HttpGet("")]
|
[HttpGet("")]
|
||||||
public async Task<ListResponseModel<OrganizationUserUserDetailsResponseModel>> Get(Guid orgId, bool includeGroups = false, bool includeCollections = false)
|
public async Task<ListResponseModel<OrganizationUserUserDetailsResponseModel>> Get(Guid orgId, bool includeGroups = false, bool includeCollections = false)
|
||||||
{
|
{
|
||||||
var authorized = (await _authorizationService.AuthorizeAsync(
|
var authorized = (await _authorizationService.AuthorizeAsync(
|
||||||
User, OrganizationUserOperations.ReadAll(orgId))).Succeeded;
|
User, new OrganizationScope(orgId), OrganizationUserUserDetailsOperations.ReadAll)).Succeeded;
|
||||||
if (!authorized)
|
if (!authorized)
|
||||||
{
|
{
|
||||||
throw new NotFoundException();
|
throw new NotFoundException();
|
||||||
|
@ -84,6 +84,29 @@ public class OrganizationUserDetailsResponseModel : OrganizationUserResponseMode
|
|||||||
public IEnumerable<Guid> Groups { get; set; }
|
public IEnumerable<Guid> Groups { get; set; }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#nullable enable
|
||||||
|
public class OrganizationUserUserMiniDetailsResponseModel : ResponseModel
|
||||||
|
{
|
||||||
|
public OrganizationUserUserMiniDetailsResponseModel(OrganizationUserUserDetails organizationUser)
|
||||||
|
: base("organizationUserUserMiniDetails")
|
||||||
|
{
|
||||||
|
Id = organizationUser.Id;
|
||||||
|
UserId = organizationUser.UserId;
|
||||||
|
Type = organizationUser.Type;
|
||||||
|
Status = organizationUser.Status;
|
||||||
|
Name = organizationUser.Name;
|
||||||
|
Email = organizationUser.Email;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Guid Id { get; }
|
||||||
|
public Guid? UserId { get; }
|
||||||
|
public OrganizationUserType Type { get; }
|
||||||
|
public OrganizationUserStatusType Status { get; }
|
||||||
|
public string? Name { get; }
|
||||||
|
public string Email { get; }
|
||||||
|
}
|
||||||
|
#nullable disable
|
||||||
|
|
||||||
public class OrganizationUserUserDetailsResponseModel : OrganizationUserResponseModel
|
public class OrganizationUserUserDetailsResponseModel : OrganizationUserResponseModel
|
||||||
{
|
{
|
||||||
public OrganizationUserUserDetailsResponseModel(OrganizationUserUserDetails organizationUser,
|
public OrganizationUserUserDetailsResponseModel(OrganizationUserUserDetails organizationUser,
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
using Bit.Api.Vault.AuthorizationHandlers.Collections;
|
using Bit.Api.Vault.AuthorizationHandlers.Collections;
|
||||||
using Bit.Api.Vault.AuthorizationHandlers.Groups;
|
using Bit.Api.Vault.AuthorizationHandlers.Groups;
|
||||||
using Bit.Api.Vault.AuthorizationHandlers.OrganizationUsers;
|
|
||||||
using Bit.Core.IdentityServer;
|
using Bit.Core.IdentityServer;
|
||||||
using Bit.Core.Settings;
|
using Bit.Core.Settings;
|
||||||
using Bit.Core.Utilities;
|
using Bit.Core.Utilities;
|
||||||
@ -100,6 +99,5 @@ public static class ServiceCollectionExtensions
|
|||||||
services.AddScoped<IAuthorizationHandler, BulkCollectionAuthorizationHandler>();
|
services.AddScoped<IAuthorizationHandler, BulkCollectionAuthorizationHandler>();
|
||||||
services.AddScoped<IAuthorizationHandler, CollectionAuthorizationHandler>();
|
services.AddScoped<IAuthorizationHandler, CollectionAuthorizationHandler>();
|
||||||
services.AddScoped<IAuthorizationHandler, GroupAuthorizationHandler>();
|
services.AddScoped<IAuthorizationHandler, GroupAuthorizationHandler>();
|
||||||
services.AddScoped<IAuthorizationHandler, OrganizationUserAuthorizationHandler>();
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,60 +0,0 @@
|
|||||||
#nullable enable
|
|
||||||
using Bit.Core.Context;
|
|
||||||
using Microsoft.AspNetCore.Authorization;
|
|
||||||
|
|
||||||
namespace Bit.Api.Vault.AuthorizationHandlers.OrganizationUsers;
|
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// Handles authorization logic for OrganizationUser objects.
|
|
||||||
/// This uses new logic implemented in the Flexible Collections initiative.
|
|
||||||
/// </summary>
|
|
||||||
public class OrganizationUserAuthorizationHandler : AuthorizationHandler<OrganizationUserOperationRequirement>
|
|
||||||
{
|
|
||||||
private readonly ICurrentContext _currentContext;
|
|
||||||
|
|
||||||
public OrganizationUserAuthorizationHandler(ICurrentContext currentContext)
|
|
||||||
{
|
|
||||||
_currentContext = currentContext;
|
|
||||||
}
|
|
||||||
|
|
||||||
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context,
|
|
||||||
OrganizationUserOperationRequirement requirement)
|
|
||||||
{
|
|
||||||
if (!_currentContext.UserId.HasValue)
|
|
||||||
{
|
|
||||||
context.Fail();
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (requirement.OrganizationId == default)
|
|
||||||
{
|
|
||||||
context.Fail();
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
var org = _currentContext.GetOrganization(requirement.OrganizationId);
|
|
||||||
|
|
||||||
switch (requirement)
|
|
||||||
{
|
|
||||||
case not null when requirement.Name == nameof(OrganizationUserOperations.ReadAll):
|
|
||||||
await CanReadAllAsync(context, requirement, org);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private async Task CanReadAllAsync(AuthorizationHandlerContext context, OrganizationUserOperationRequirement requirement,
|
|
||||||
CurrentContextOrganization? org)
|
|
||||||
{
|
|
||||||
// All users of an organization can read all other users of that organization for collection access management
|
|
||||||
if (org is not null)
|
|
||||||
{
|
|
||||||
context.Succeed(requirement);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Allow provider users to read all organization users if they are a provider for the target organization
|
|
||||||
if (await _currentContext.ProviderUserForOrgAsync(requirement.OrganizationId))
|
|
||||||
{
|
|
||||||
context.Succeed(requirement);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,22 +0,0 @@
|
|||||||
using Microsoft.AspNetCore.Authorization.Infrastructure;
|
|
||||||
|
|
||||||
namespace Bit.Api.Vault.AuthorizationHandlers.OrganizationUsers;
|
|
||||||
|
|
||||||
public class OrganizationUserOperationRequirement : OperationAuthorizationRequirement
|
|
||||||
{
|
|
||||||
public Guid OrganizationId { get; }
|
|
||||||
|
|
||||||
public OrganizationUserOperationRequirement(string name, Guid organizationId)
|
|
||||||
{
|
|
||||||
Name = name;
|
|
||||||
OrganizationId = organizationId;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public static class OrganizationUserOperations
|
|
||||||
{
|
|
||||||
public static OrganizationUserOperationRequirement ReadAll(Guid organizationId)
|
|
||||||
{
|
|
||||||
return new OrganizationUserOperationRequirement(nameof(ReadAll), organizationId);
|
|
||||||
}
|
|
||||||
}
|
|
@ -0,0 +1,23 @@
|
|||||||
|
#nullable enable
|
||||||
|
|
||||||
|
namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Authorization;
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// A typed wrapper for an organization Guid. This is used for authorization checks
|
||||||
|
/// scoped to an organization's resources (e.g. all users for an organization).
|
||||||
|
/// In these cases, AuthorizationService needs more than just a Guid, but we also don't want to fetch the
|
||||||
|
/// Organization object from the database each time when it's usually not needed.
|
||||||
|
/// This should not be used for operations on the organization itself.
|
||||||
|
/// It implicitly converts to a regular Guid.
|
||||||
|
/// </summary>
|
||||||
|
public record OrganizationScope
|
||||||
|
{
|
||||||
|
public OrganizationScope(Guid id)
|
||||||
|
{
|
||||||
|
Id = id;
|
||||||
|
}
|
||||||
|
private Guid Id { get; }
|
||||||
|
public static implicit operator Guid(OrganizationScope organizationScope) =>
|
||||||
|
organizationScope.Id;
|
||||||
|
public override string ToString() => Id.ToString();
|
||||||
|
}
|
@ -0,0 +1,77 @@
|
|||||||
|
#nullable enable
|
||||||
|
using Bit.Core.Context;
|
||||||
|
using Bit.Core.Enums;
|
||||||
|
using Bit.Core.Services;
|
||||||
|
using Microsoft.AspNetCore.Authorization;
|
||||||
|
|
||||||
|
namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Authorization;
|
||||||
|
|
||||||
|
public class OrganizationUserUserDetailsAuthorizationHandler
|
||||||
|
: AuthorizationHandler<OrganizationUserUserDetailsOperationRequirement, OrganizationScope>
|
||||||
|
{
|
||||||
|
private readonly ICurrentContext _currentContext;
|
||||||
|
private readonly IFeatureService _featureService;
|
||||||
|
|
||||||
|
public OrganizationUserUserDetailsAuthorizationHandler(ICurrentContext currentContext, IFeatureService featureService)
|
||||||
|
{
|
||||||
|
_currentContext = currentContext;
|
||||||
|
_featureService = featureService;
|
||||||
|
}
|
||||||
|
|
||||||
|
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context,
|
||||||
|
OrganizationUserUserDetailsOperationRequirement requirement, OrganizationScope organizationScope)
|
||||||
|
{
|
||||||
|
var authorized = false;
|
||||||
|
|
||||||
|
switch (requirement)
|
||||||
|
{
|
||||||
|
case not null when requirement.Name == nameof(OrganizationUserUserDetailsOperations.ReadAll):
|
||||||
|
authorized = await CanReadAllAsync(organizationScope);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (authorized)
|
||||||
|
{
|
||||||
|
context.Succeed(requirement!);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private async Task<bool> CanReadAllAsync(Guid organizationId)
|
||||||
|
{
|
||||||
|
if (_featureService.IsEnabled(FeatureFlagKeys.Pm3478RefactorOrganizationUserApi))
|
||||||
|
{
|
||||||
|
return await CanReadAllAsync_vNext(organizationId);
|
||||||
|
}
|
||||||
|
|
||||||
|
return await CanReadAllAsync_vCurrent(organizationId);
|
||||||
|
}
|
||||||
|
|
||||||
|
private async Task<bool> CanReadAllAsync_vCurrent(Guid organizationId)
|
||||||
|
{
|
||||||
|
// All users of an organization can read all other users of that organization for collection access management
|
||||||
|
var org = _currentContext.GetOrganization(organizationId);
|
||||||
|
if (org is not null)
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Allow provider users to read all organization users if they are a provider for the target organization
|
||||||
|
return await _currentContext.ProviderUserForOrgAsync(organizationId);
|
||||||
|
}
|
||||||
|
|
||||||
|
private async Task<bool> CanReadAllAsync_vNext(Guid organizationId)
|
||||||
|
{
|
||||||
|
// Admins can access this for general user management
|
||||||
|
var organization = _currentContext.GetOrganization(organizationId);
|
||||||
|
if (organization is
|
||||||
|
{ Type: OrganizationUserType.Owner } or
|
||||||
|
{ Type: OrganizationUserType.Admin } or
|
||||||
|
{ Permissions.ManageUsers: true })
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Allow provider users to read all organization users if they are a provider for the target organization
|
||||||
|
return await _currentContext.ProviderUserForOrgAsync(organizationId);
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,10 @@
|
|||||||
|
using Microsoft.AspNetCore.Authorization.Infrastructure;
|
||||||
|
|
||||||
|
namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Authorization;
|
||||||
|
|
||||||
|
public class OrganizationUserUserDetailsOperationRequirement : OperationAuthorizationRequirement;
|
||||||
|
|
||||||
|
public static class OrganizationUserUserDetailsOperations
|
||||||
|
{
|
||||||
|
public static OrganizationUserUserDetailsOperationRequirement ReadAll = new() { Name = nameof(ReadAll) };
|
||||||
|
}
|
@ -0,0 +1,51 @@
|
|||||||
|
using Bit.Core.Context;
|
||||||
|
using Bit.Core.Services;
|
||||||
|
using Microsoft.AspNetCore.Authorization;
|
||||||
|
|
||||||
|
namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Authorization;
|
||||||
|
|
||||||
|
public class OrganizationUserUserMiniDetailsAuthorizationHandler :
|
||||||
|
AuthorizationHandler<OrganizationUserUserMiniDetailsOperationRequirement, OrganizationScope>
|
||||||
|
{
|
||||||
|
private readonly IApplicationCacheService _applicationCacheService;
|
||||||
|
private readonly ICurrentContext _currentContext;
|
||||||
|
|
||||||
|
public OrganizationUserUserMiniDetailsAuthorizationHandler(
|
||||||
|
IApplicationCacheService applicationCacheService,
|
||||||
|
ICurrentContext currentContext)
|
||||||
|
{
|
||||||
|
_applicationCacheService = applicationCacheService;
|
||||||
|
_currentContext = currentContext;
|
||||||
|
}
|
||||||
|
|
||||||
|
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context,
|
||||||
|
OrganizationUserUserMiniDetailsOperationRequirement requirement, OrganizationScope organizationScope)
|
||||||
|
{
|
||||||
|
var authorized = false;
|
||||||
|
|
||||||
|
switch (requirement)
|
||||||
|
{
|
||||||
|
case not null when requirement.Name == nameof(OrganizationUserUserMiniDetailsOperations.ReadAll):
|
||||||
|
authorized = await CanReadAllAsync(organizationScope);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (authorized)
|
||||||
|
{
|
||||||
|
context.Succeed(requirement);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private async Task<bool> CanReadAllAsync(Guid organizationId)
|
||||||
|
{
|
||||||
|
// All organization users can access this data to manage collection access
|
||||||
|
var organization = _currentContext.GetOrganization(organizationId);
|
||||||
|
if (organization != null)
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Providers can also access this to manage the organization generally
|
||||||
|
return await _currentContext.ProviderUserForOrgAsync(organizationId);
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,10 @@
|
|||||||
|
using Microsoft.AspNetCore.Authorization.Infrastructure;
|
||||||
|
|
||||||
|
namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Authorization;
|
||||||
|
|
||||||
|
public class OrganizationUserUserMiniDetailsOperationRequirement : OperationAuthorizationRequirement;
|
||||||
|
|
||||||
|
public static class OrganizationUserUserMiniDetailsOperations
|
||||||
|
{
|
||||||
|
public static readonly OrganizationUserUserMiniDetailsOperationRequirement ReadAll = new() { Name = nameof(ReadAll) };
|
||||||
|
}
|
@ -143,6 +143,7 @@ public static class FeatureFlagKeys
|
|||||||
public const string EnableNewCardCombinedExpiryAutofill = "enable-new-card-combined-expiry-autofill";
|
public const string EnableNewCardCombinedExpiryAutofill = "enable-new-card-combined-expiry-autofill";
|
||||||
public const string StorageReseedRefactor = "storage-reseed-refactor";
|
public const string StorageReseedRefactor = "storage-reseed-refactor";
|
||||||
public const string TrialPayment = "PM-8163-trial-payment";
|
public const string TrialPayment = "PM-8163-trial-payment";
|
||||||
|
public const string Pm3478RefactorOrganizationUserApi = "pm-3478-refactor-organizationuser-api";
|
||||||
|
|
||||||
public static List<string> GetAllKeys()
|
public static List<string> GetAllKeys()
|
||||||
{
|
{
|
||||||
|
@ -9,6 +9,7 @@ using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationConnections.Interfa
|
|||||||
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationDomains;
|
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationDomains;
|
||||||
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationDomains.Interfaces;
|
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationDomains.Interfaces;
|
||||||
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers;
|
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers;
|
||||||
|
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Authorization;
|
||||||
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
|
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
|
||||||
using Bit.Core.Models.Business.Tokenables;
|
using Bit.Core.Models.Business.Tokenables;
|
||||||
using Bit.Core.OrganizationFeatures.OrganizationCollections;
|
using Bit.Core.OrganizationFeatures.OrganizationCollections;
|
||||||
@ -28,6 +29,7 @@ using Bit.Core.Settings;
|
|||||||
using Bit.Core.Tokens;
|
using Bit.Core.Tokens;
|
||||||
using Core.AdminConsole.OrganizationFeatures.OrganizationUsers;
|
using Core.AdminConsole.OrganizationFeatures.OrganizationUsers;
|
||||||
using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
|
using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
|
||||||
|
using Microsoft.AspNetCore.Authorization;
|
||||||
using Microsoft.AspNetCore.DataProtection;
|
using Microsoft.AspNetCore.DataProtection;
|
||||||
using Microsoft.Extensions.DependencyInjection;
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
using Microsoft.Extensions.Logging;
|
using Microsoft.Extensions.Logging;
|
||||||
@ -141,6 +143,9 @@ public static class OrganizationServiceCollectionExtensions
|
|||||||
services.AddScoped<IAcceptOrgUserCommand, AcceptOrgUserCommand>();
|
services.AddScoped<IAcceptOrgUserCommand, AcceptOrgUserCommand>();
|
||||||
services.AddScoped<IOrganizationUserUserDetailsQuery, OrganizationUserUserDetailsQuery>();
|
services.AddScoped<IOrganizationUserUserDetailsQuery, OrganizationUserUserDetailsQuery>();
|
||||||
services.AddScoped<IGetOrganizationUsersManagementStatusQuery, GetOrganizationUsersManagementStatusQuery>();
|
services.AddScoped<IGetOrganizationUsersManagementStatusQuery, GetOrganizationUsersManagementStatusQuery>();
|
||||||
|
|
||||||
|
services.AddScoped<IAuthorizationHandler, OrganizationUserUserMiniDetailsAuthorizationHandler>();
|
||||||
|
services.AddScoped<IAuthorizationHandler, OrganizationUserUserDetailsAuthorizationHandler>();
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: move to OrganizationSubscriptionServiceCollectionExtensions when OrganizationUser methods are moved out of
|
// TODO: move to OrganizationSubscriptionServiceCollectionExtensions when OrganizationUser methods are moved out of
|
||||||
|
@ -1,122 +0,0 @@
|
|||||||
using System.Security.Claims;
|
|
||||||
using Bit.Api.Vault.AuthorizationHandlers.OrganizationUsers;
|
|
||||||
using Bit.Core.Context;
|
|
||||||
using Bit.Core.Enums;
|
|
||||||
using Bit.Core.Models.Data;
|
|
||||||
using Bit.Test.Common.AutoFixture;
|
|
||||||
using Bit.Test.Common.AutoFixture.Attributes;
|
|
||||||
using Microsoft.AspNetCore.Authorization;
|
|
||||||
using NSubstitute;
|
|
||||||
using Xunit;
|
|
||||||
|
|
||||||
namespace Bit.Api.Test.Vault.AuthorizationHandlers;
|
|
||||||
|
|
||||||
[SutProviderCustomize]
|
|
||||||
public class OrganizationUserAuthorizationHandlerTests
|
|
||||||
{
|
|
||||||
[Theory]
|
|
||||||
[BitAutoData(OrganizationUserType.Admin)]
|
|
||||||
[BitAutoData(OrganizationUserType.Owner)]
|
|
||||||
[BitAutoData(OrganizationUserType.User)]
|
|
||||||
[BitAutoData(OrganizationUserType.Custom)]
|
|
||||||
public async Task CanReadAllAsync_WhenMemberOfOrg_Success(
|
|
||||||
OrganizationUserType userType,
|
|
||||||
Guid userId, SutProvider<OrganizationUserAuthorizationHandler> sutProvider,
|
|
||||||
CurrentContextOrganization organization)
|
|
||||||
{
|
|
||||||
organization.Type = userType;
|
|
||||||
organization.Permissions = new Permissions();
|
|
||||||
|
|
||||||
var context = new AuthorizationHandlerContext(
|
|
||||||
new[] { OrganizationUserOperations.ReadAll(organization.Id) },
|
|
||||||
new ClaimsPrincipal(),
|
|
||||||
null);
|
|
||||||
|
|
||||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
|
|
||||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
|
||||||
|
|
||||||
await sutProvider.Sut.HandleAsync(context);
|
|
||||||
|
|
||||||
Assert.True(context.HasSucceeded);
|
|
||||||
}
|
|
||||||
|
|
||||||
[Theory, BitAutoData]
|
|
||||||
public async Task CanReadAllAsync_WithProviderUser_Success(
|
|
||||||
Guid userId,
|
|
||||||
SutProvider<OrganizationUserAuthorizationHandler> sutProvider, CurrentContextOrganization organization)
|
|
||||||
{
|
|
||||||
organization.Type = OrganizationUserType.User;
|
|
||||||
organization.Permissions = new Permissions();
|
|
||||||
|
|
||||||
var context = new AuthorizationHandlerContext(
|
|
||||||
new[] { OrganizationUserOperations.ReadAll(organization.Id) },
|
|
||||||
new ClaimsPrincipal(),
|
|
||||||
null);
|
|
||||||
|
|
||||||
sutProvider.GetDependency<ICurrentContext>()
|
|
||||||
.UserId
|
|
||||||
.Returns(userId);
|
|
||||||
sutProvider.GetDependency<ICurrentContext>()
|
|
||||||
.ProviderUserForOrgAsync(organization.Id)
|
|
||||||
.Returns(true);
|
|
||||||
|
|
||||||
await sutProvider.Sut.HandleAsync(context);
|
|
||||||
|
|
||||||
Assert.True(context.HasSucceeded);
|
|
||||||
}
|
|
||||||
|
|
||||||
[Theory, BitAutoData]
|
|
||||||
public async Task HandleRequirementAsync_WhenMissingOrgAccess_NoSuccess(
|
|
||||||
Guid userId,
|
|
||||||
CurrentContextOrganization organization,
|
|
||||||
SutProvider<OrganizationUserAuthorizationHandler> sutProvider)
|
|
||||||
{
|
|
||||||
var context = new AuthorizationHandlerContext(
|
|
||||||
new[] { OrganizationUserOperations.ReadAll(organization.Id) },
|
|
||||||
new ClaimsPrincipal(),
|
|
||||||
null
|
|
||||||
);
|
|
||||||
|
|
||||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
|
|
||||||
sutProvider.GetDependency<ICurrentContext>().GetOrganization(Arg.Any<Guid>()).Returns((CurrentContextOrganization)null);
|
|
||||||
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(Arg.Any<Guid>()).Returns(false);
|
|
||||||
|
|
||||||
await sutProvider.Sut.HandleAsync(context);
|
|
||||||
Assert.False(context.HasSucceeded);
|
|
||||||
}
|
|
||||||
|
|
||||||
[Theory, BitAutoData]
|
|
||||||
public async Task HandleRequirementAsync_MissingUserId_Failure(
|
|
||||||
Guid organizationId,
|
|
||||||
SutProvider<OrganizationUserAuthorizationHandler> sutProvider)
|
|
||||||
{
|
|
||||||
var context = new AuthorizationHandlerContext(
|
|
||||||
new[] { OrganizationUserOperations.ReadAll(organizationId) },
|
|
||||||
new ClaimsPrincipal(),
|
|
||||||
null
|
|
||||||
);
|
|
||||||
|
|
||||||
// Simulate missing user id
|
|
||||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns((Guid?)null);
|
|
||||||
|
|
||||||
await sutProvider.Sut.HandleAsync(context);
|
|
||||||
Assert.True(context.HasFailed);
|
|
||||||
}
|
|
||||||
|
|
||||||
[Theory, BitAutoData]
|
|
||||||
public async Task HandleRequirementAsync_NoSpecifiedOrgId_Failure(
|
|
||||||
SutProvider<OrganizationUserAuthorizationHandler> sutProvider)
|
|
||||||
{
|
|
||||||
var context = new AuthorizationHandlerContext(
|
|
||||||
new[] { OrganizationUserOperations.ReadAll(default) },
|
|
||||||
new ClaimsPrincipal(),
|
|
||||||
null
|
|
||||||
);
|
|
||||||
|
|
||||||
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(new Guid());
|
|
||||||
|
|
||||||
await sutProvider.Sut.HandleAsync(context);
|
|
||||||
|
|
||||||
Assert.True(context.HasFailed);
|
|
||||||
}
|
|
||||||
}
|
|
@ -0,0 +1,176 @@
|
|||||||
|
using System.Security.Claims;
|
||||||
|
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Authorization;
|
||||||
|
using Bit.Core.Context;
|
||||||
|
using Bit.Core.Enums;
|
||||||
|
using Bit.Core.Services;
|
||||||
|
using Bit.Core.Test.AdminConsole.AutoFixture;
|
||||||
|
using Bit.Test.Common.AutoFixture;
|
||||||
|
using Bit.Test.Common.AutoFixture.Attributes;
|
||||||
|
using Microsoft.AspNetCore.Authorization;
|
||||||
|
using NSubstitute;
|
||||||
|
using Xunit;
|
||||||
|
|
||||||
|
namespace Bit.Core.Test.AdminConsole.Authorization;
|
||||||
|
|
||||||
|
[SutProviderCustomize]
|
||||||
|
public class OrganizationUserUserDetailsAuthorizationHandlerTests
|
||||||
|
{
|
||||||
|
[Theory, CurrentContextOrganizationCustomize]
|
||||||
|
[BitAutoData(OrganizationUserType.Admin)]
|
||||||
|
[BitAutoData(OrganizationUserType.Owner)]
|
||||||
|
[BitAutoData(OrganizationUserType.Custom)]
|
||||||
|
public async Task ReadAll_Admins_Success(
|
||||||
|
OrganizationUserType userType,
|
||||||
|
CurrentContextOrganization organization,
|
||||||
|
SutProvider<OrganizationUserUserDetailsAuthorizationHandler> sutProvider)
|
||||||
|
{
|
||||||
|
EnableFeatureFlag(sutProvider);
|
||||||
|
organization.Type = userType;
|
||||||
|
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||||
|
|
||||||
|
if (userType == OrganizationUserType.Custom)
|
||||||
|
{
|
||||||
|
organization.Permissions.ManageUsers = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
var context = new AuthorizationHandlerContext(
|
||||||
|
new[] { OrganizationUserUserDetailsOperations.ReadAll },
|
||||||
|
new ClaimsPrincipal(),
|
||||||
|
new OrganizationScope(organization.Id));
|
||||||
|
|
||||||
|
await sutProvider.Sut.HandleAsync(context);
|
||||||
|
|
||||||
|
Assert.True(context.HasSucceeded);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory, BitAutoData, CurrentContextOrganizationCustomize]
|
||||||
|
public async Task ReadAll_ProviderUser_Success(
|
||||||
|
CurrentContextOrganization organization,
|
||||||
|
SutProvider<OrganizationUserUserDetailsAuthorizationHandler> sutProvider)
|
||||||
|
{
|
||||||
|
EnableFeatureFlag(sutProvider);
|
||||||
|
organization.Type = OrganizationUserType.User;
|
||||||
|
sutProvider.GetDependency<ICurrentContext>()
|
||||||
|
.ProviderUserForOrgAsync(organization.Id)
|
||||||
|
.Returns(true);
|
||||||
|
|
||||||
|
var context = new AuthorizationHandlerContext(
|
||||||
|
new[] { OrganizationUserUserDetailsOperations.ReadAll },
|
||||||
|
new ClaimsPrincipal(),
|
||||||
|
new OrganizationScope(organization.Id));
|
||||||
|
|
||||||
|
await sutProvider.Sut.HandleAsync(context);
|
||||||
|
|
||||||
|
Assert.True(context.HasSucceeded);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory, BitAutoData, CurrentContextOrganizationCustomize]
|
||||||
|
public async Task ReadAll_User_NoSuccess(
|
||||||
|
CurrentContextOrganization organization,
|
||||||
|
SutProvider<OrganizationUserUserDetailsAuthorizationHandler> sutProvider)
|
||||||
|
{
|
||||||
|
EnableFeatureFlag(sutProvider);
|
||||||
|
organization.Type = OrganizationUserType.User;
|
||||||
|
sutProvider.GetDependency<ICurrentContext>().GetOrganization(Arg.Any<Guid>()).Returns(organization);
|
||||||
|
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(Arg.Any<Guid>()).Returns(false);
|
||||||
|
|
||||||
|
var context = new AuthorizationHandlerContext(
|
||||||
|
new[] { OrganizationUserUserDetailsOperations.ReadAll },
|
||||||
|
new ClaimsPrincipal(),
|
||||||
|
new OrganizationScope(organization.Id)
|
||||||
|
);
|
||||||
|
|
||||||
|
await sutProvider.Sut.HandleAsync(context);
|
||||||
|
Assert.False(context.HasSucceeded);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory, BitAutoData]
|
||||||
|
public async Task ReadAll_NotMember_NoSuccess(
|
||||||
|
CurrentContextOrganization organization,
|
||||||
|
SutProvider<OrganizationUserUserDetailsAuthorizationHandler> sutProvider)
|
||||||
|
{
|
||||||
|
EnableFeatureFlag(sutProvider);
|
||||||
|
var context = new AuthorizationHandlerContext(
|
||||||
|
new[] { OrganizationUserUserDetailsOperations.ReadAll },
|
||||||
|
new ClaimsPrincipal(),
|
||||||
|
new OrganizationScope(organization.Id)
|
||||||
|
);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<ICurrentContext>().GetOrganization(Arg.Any<Guid>()).Returns((CurrentContextOrganization)null);
|
||||||
|
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(Arg.Any<Guid>()).Returns(false);
|
||||||
|
|
||||||
|
await sutProvider.Sut.HandleAsync(context);
|
||||||
|
Assert.False(context.HasSucceeded);
|
||||||
|
}
|
||||||
|
|
||||||
|
private void EnableFeatureFlag(SutProvider<OrganizationUserUserDetailsAuthorizationHandler> sutProvider)
|
||||||
|
{
|
||||||
|
sutProvider.GetDependency<IFeatureService>().IsEnabled(FeatureFlagKeys.Pm3478RefactorOrganizationUserApi)
|
||||||
|
.Returns(true);
|
||||||
|
}
|
||||||
|
|
||||||
|
// TESTS WITH FLAG DISABLED - TO BE DELETED IN FLAG CLEANUP
|
||||||
|
|
||||||
|
[Theory, CurrentContextOrganizationCustomize]
|
||||||
|
[BitAutoData(OrganizationUserType.Admin)]
|
||||||
|
[BitAutoData(OrganizationUserType.Owner)]
|
||||||
|
[BitAutoData(OrganizationUserType.User)]
|
||||||
|
[BitAutoData(OrganizationUserType.Custom)]
|
||||||
|
public async Task FlagDisabled_ReadAll_AnyMemberOfOrg_Success(
|
||||||
|
OrganizationUserType userType,
|
||||||
|
Guid userId, SutProvider<OrganizationUserUserDetailsAuthorizationHandler> sutProvider,
|
||||||
|
CurrentContextOrganization organization)
|
||||||
|
{
|
||||||
|
organization.Type = userType;
|
||||||
|
|
||||||
|
var context = new AuthorizationHandlerContext(
|
||||||
|
new[] { OrganizationUserUserDetailsOperations.ReadAll },
|
||||||
|
new ClaimsPrincipal(),
|
||||||
|
new OrganizationScope(organization.Id));
|
||||||
|
|
||||||
|
sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
|
||||||
|
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||||
|
|
||||||
|
await sutProvider.Sut.HandleAsync(context);
|
||||||
|
|
||||||
|
Assert.True(context.HasSucceeded);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory, BitAutoData, CurrentContextOrganizationCustomize]
|
||||||
|
public async Task FlagDisabled_ReadAll_ProviderUser_Success(
|
||||||
|
CurrentContextOrganization organization,
|
||||||
|
SutProvider<OrganizationUserUserDetailsAuthorizationHandler> sutProvider)
|
||||||
|
{
|
||||||
|
organization.Type = OrganizationUserType.User;
|
||||||
|
sutProvider.GetDependency<ICurrentContext>()
|
||||||
|
.ProviderUserForOrgAsync(organization.Id)
|
||||||
|
.Returns(true);
|
||||||
|
|
||||||
|
var context = new AuthorizationHandlerContext(
|
||||||
|
new[] { OrganizationUserUserDetailsOperations.ReadAll },
|
||||||
|
new ClaimsPrincipal(),
|
||||||
|
new OrganizationScope(organization.Id));
|
||||||
|
|
||||||
|
await sutProvider.Sut.HandleAsync(context);
|
||||||
|
|
||||||
|
Assert.True(context.HasSucceeded);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory, BitAutoData]
|
||||||
|
public async Task FlagDisabled_ReadAll_NotMember_NoSuccess(
|
||||||
|
CurrentContextOrganization organization,
|
||||||
|
SutProvider<OrganizationUserUserDetailsAuthorizationHandler> sutProvider)
|
||||||
|
{
|
||||||
|
var context = new AuthorizationHandlerContext(
|
||||||
|
new[] { OrganizationUserUserDetailsOperations.ReadAll },
|
||||||
|
new ClaimsPrincipal(),
|
||||||
|
new OrganizationScope(organization.Id)
|
||||||
|
);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<ICurrentContext>().GetOrganization(Arg.Any<Guid>()).Returns((CurrentContextOrganization)null);
|
||||||
|
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(Arg.Any<Guid>()).Returns(false);
|
||||||
|
|
||||||
|
await sutProvider.Sut.HandleAsync(context);
|
||||||
|
Assert.False(context.HasSucceeded);
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,80 @@
|
|||||||
|
using System.Security.Claims;
|
||||||
|
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Authorization;
|
||||||
|
using Bit.Core.Context;
|
||||||
|
using Bit.Core.Enums;
|
||||||
|
using Bit.Core.Test.AdminConsole.AutoFixture;
|
||||||
|
using Bit.Test.Common.AutoFixture;
|
||||||
|
using Bit.Test.Common.AutoFixture.Attributes;
|
||||||
|
using Microsoft.AspNetCore.Authorization;
|
||||||
|
using NSubstitute;
|
||||||
|
using Xunit;
|
||||||
|
|
||||||
|
namespace Bit.Core.Test.AdminConsole.Authorization;
|
||||||
|
|
||||||
|
[SutProviderCustomize]
|
||||||
|
public class OrganizationUserUserMiniDetailsAuthorizationHandlerTests
|
||||||
|
{
|
||||||
|
[Theory, CurrentContextOrganizationCustomize]
|
||||||
|
[BitAutoData(OrganizationUserType.Admin)]
|
||||||
|
[BitAutoData(OrganizationUserType.Owner)]
|
||||||
|
[BitAutoData(OrganizationUserType.Custom)]
|
||||||
|
[BitAutoData(OrganizationUserType.User)]
|
||||||
|
public async Task ReadAll_AnyOrganizationMember_Success(
|
||||||
|
OrganizationUserType userType,
|
||||||
|
CurrentContextOrganization organization,
|
||||||
|
SutProvider<OrganizationUserUserMiniDetailsAuthorizationHandler> sutProvider)
|
||||||
|
{
|
||||||
|
organization.Type = userType;
|
||||||
|
sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
|
||||||
|
|
||||||
|
var context = new AuthorizationHandlerContext(
|
||||||
|
new[] { OrganizationUserUserMiniDetailsOperations.ReadAll },
|
||||||
|
new ClaimsPrincipal(),
|
||||||
|
new OrganizationScope(organization.Id));
|
||||||
|
|
||||||
|
await sutProvider.Sut.HandleAsync(context);
|
||||||
|
|
||||||
|
Assert.True(context.HasSucceeded);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory, BitAutoData, CurrentContextOrganizationCustomize]
|
||||||
|
public async Task ReadAll_ProviderUser_Success(
|
||||||
|
CurrentContextOrganization organization,
|
||||||
|
SutProvider<OrganizationUserUserMiniDetailsAuthorizationHandler> sutProvider)
|
||||||
|
{
|
||||||
|
organization.Type = OrganizationUserType.User;
|
||||||
|
sutProvider.GetDependency<ICurrentContext>()
|
||||||
|
.GetOrganization(organization.Id)
|
||||||
|
.Returns((CurrentContextOrganization)null);
|
||||||
|
sutProvider.GetDependency<ICurrentContext>()
|
||||||
|
.ProviderUserForOrgAsync(organization.Id)
|
||||||
|
.Returns(true);
|
||||||
|
|
||||||
|
var context = new AuthorizationHandlerContext(
|
||||||
|
new[] { OrganizationUserUserMiniDetailsOperations.ReadAll },
|
||||||
|
new ClaimsPrincipal(),
|
||||||
|
new OrganizationScope(organization.Id));
|
||||||
|
|
||||||
|
await sutProvider.Sut.HandleAsync(context);
|
||||||
|
|
||||||
|
Assert.True(context.HasSucceeded);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory, BitAutoData, CurrentContextOrganizationCustomize]
|
||||||
|
public async Task ReadAll_NotMember_NoSuccess(
|
||||||
|
CurrentContextOrganization organization,
|
||||||
|
SutProvider<OrganizationUserUserMiniDetailsAuthorizationHandler> sutProvider)
|
||||||
|
{
|
||||||
|
var context = new AuthorizationHandlerContext(
|
||||||
|
new[] { OrganizationUserUserMiniDetailsOperations.ReadAll },
|
||||||
|
new ClaimsPrincipal(),
|
||||||
|
new OrganizationScope(organization.Id)
|
||||||
|
);
|
||||||
|
|
||||||
|
sutProvider.GetDependency<ICurrentContext>().GetOrganization(Arg.Any<Guid>()).Returns((CurrentContextOrganization)null);
|
||||||
|
sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(Arg.Any<Guid>()).Returns(false);
|
||||||
|
|
||||||
|
await sutProvider.Sut.HandleAsync(context);
|
||||||
|
Assert.False(context.HasSucceeded);
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,40 @@
|
|||||||
|
using AutoFixture;
|
||||||
|
using Bit.Core.Context;
|
||||||
|
using Bit.Core.Enums;
|
||||||
|
using Bit.Core.Models.Data;
|
||||||
|
using Bit.Test.Common.AutoFixture.Attributes;
|
||||||
|
|
||||||
|
namespace Bit.Core.Test.AdminConsole.AutoFixture;
|
||||||
|
|
||||||
|
public class CurrentContextOrganizationCustomization : ICustomization
|
||||||
|
{
|
||||||
|
public Guid Id { get; set; }
|
||||||
|
public OrganizationUserType Type { get; set; }
|
||||||
|
public Permissions Permissions { get; set; } = new();
|
||||||
|
public bool AccessSecretsManager { get; set; }
|
||||||
|
|
||||||
|
public void Customize(IFixture fixture)
|
||||||
|
{
|
||||||
|
fixture.Customize<CurrentContextOrganization>(composer => composer
|
||||||
|
.With(o => o.Id, Id)
|
||||||
|
.With(o => o.Type, Type)
|
||||||
|
.With(o => o.Permissions, Permissions)
|
||||||
|
.With(o => o.AccessSecretsManager, AccessSecretsManager));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public class CurrentContextOrganizationCustomizeAttribute : BitCustomizeAttribute
|
||||||
|
{
|
||||||
|
public Guid Id { get; set; }
|
||||||
|
public OrganizationUserType Type { get; set; } = OrganizationUserType.User;
|
||||||
|
public Permissions Permissions { get; set; } = new();
|
||||||
|
public bool AccessSecretsManager { get; set; } = false;
|
||||||
|
|
||||||
|
public override ICustomization GetCustomization() => new CurrentContextOrganizationCustomization()
|
||||||
|
{
|
||||||
|
Id = Id,
|
||||||
|
Type = Type,
|
||||||
|
Permissions = Permissions,
|
||||||
|
AccessSecretsManager = AccessSecretsManager
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user