org members public api

src/Api/Public/Controllers/MembersController.cs

@@ -0,0 +1,158 @@
+using System;
+using System.Linq;
+using System.Net;
+using System.Threading.Tasks;
+using Bit.Core;
+using Bit.Core.Models.Api.Public;
+using Bit.Core.Repositories;
+using Bit.Core.Services;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Bit.Api.Public.Controllers
+{
+    [Route("public/members")]
+    [Authorize("Organization")]
+    public class MembersController : Controller
+    {
+        private readonly IOrganizationUserRepository _organizationUserRepository;
+        private readonly IOrganizationService _organizationService;
+        private readonly IUserService _userService;
+        private readonly CurrentContext _currentContext;
+
+        public MembersController(
+            IOrganizationUserRepository organizationUserRepository,
+            IOrganizationService organizationService,
+            IUserService userService,
+            CurrentContext currentContext)
+        {
+            _organizationUserRepository = organizationUserRepository;
+            _organizationService = organizationService;
+            _userService = userService;
+            _currentContext = currentContext;
+        }
+
+        /// <summary>
+        /// Retrieve a member.
+        /// </summary>
+        /// <remarks>
+        /// Retrieves the details of an existing member of the organization. You need only supply the
+        /// unique member identifier that was returned upon member creation.
+        /// </remarks>
+        /// <param name="id">The identifier of the member to be retrieved.</param>
+        [HttpGet("{id}")]
+        [ProducesResponseType(typeof(MemberResponseModel), (int)HttpStatusCode.OK)]
+        [ProducesResponseType((int)HttpStatusCode.NotFound)]
+        public async Task<IActionResult> Get(Guid id)
+        {
+            var userDetails = await _organizationUserRepository.GetDetailsByIdWithCollectionsAsync(id);
+            var orgUser = userDetails?.Item1;
+            if(orgUser == null || orgUser.OrganizationId != _currentContext.OrganizationId)
+            {
+                return new NotFoundResult();
+            }
+            var response = new MemberResponseModel(orgUser, await _userService.TwoFactorIsEnabledAsync(orgUser),
+                userDetails.Item2);
+            return new JsonResult(response);
+        }
+
+        /// <summary>
+        /// List all members.
+        /// </summary>
+        /// <remarks>
+        /// Returns a list of your organization's members.
+        /// Member objects listed in this call do not include information about their associated collections.
+        /// </remarks>
+        [HttpGet]
+        [ProducesResponseType(typeof(ListResponseModel<MemberResponseModel>), (int)HttpStatusCode.OK)]
+        public async Task<IActionResult> List()
+        {
+            var users = await _organizationUserRepository.GetManyDetailsByOrganizationAsync(
+                _currentContext.OrganizationId.Value);
+            // TODO: Get all CollectionUser associations for the organization and marry them up here for the response.
+            var memberResponsesTasks = users.Select(async u => new MemberResponseModel(u,
+                await _userService.TwoFactorIsEnabledAsync(u), null));
+            var memberResponses = await Task.WhenAll(memberResponsesTasks);
+            var response = new ListResponseModel<MemberResponseModel>(memberResponses);
+            return new JsonResult(response);
+        }
+
+        /// <summary>
+        /// Create a member.
+        /// </summary>
+        /// <remarks>
+        /// Creates a new member object by inviting a user to the organization.
+        /// </remarks>
+        /// <param name="model">The request model.</param>
+        [HttpPost]
+        [ProducesResponseType(typeof(MemberResponseModel), (int)HttpStatusCode.OK)]
+        [ProducesResponseType(typeof(ErrorResponseModel), (int)HttpStatusCode.BadRequest)]
+        public async Task<IActionResult> Post([FromBody]MemberCreateRequestModel model)
+        {
+            var associations = model.Collections?.Select(c => c.ToSelectionReadOnly());
+            var user = await _organizationService.InviteUserAsync(_currentContext.OrganizationId.Value, null,
+                model.Email, model.Type.Value, model.AccessAll.Value, model.ExternalId, associations);
+            var response = new MemberResponseModel(user, associations);
+            return new JsonResult(response);
+        }
+
+        /// <summary>
+        /// Update a member.
+        /// </summary>
+        /// <remarks>
+        /// Updates the specified member object. If a property is not provided,
+        /// the value of the existing property will be reset.
+        /// </remarks>
+        /// <param name="id">The identifier of the member to be updated.</param>
+        /// <param name="model">The request model.</param>
+        [HttpPut("{id}")]
+        [ProducesResponseType(typeof(MemberResponseModel), (int)HttpStatusCode.OK)]
+        [ProducesResponseType(typeof(ErrorResponseModel), (int)HttpStatusCode.BadRequest)]
+        [ProducesResponseType((int)HttpStatusCode.NotFound)]
+        public async Task<IActionResult> Put(Guid id, [FromBody]MemberUpdateRequestModel model)
+        {
+            var existingUser = await _organizationUserRepository.GetByIdAsync(id);
+            if(existingUser == null || existingUser.OrganizationId != _currentContext.OrganizationId)
+            {
+                return new NotFoundResult();
+            }
+            var updatedUser = model.ToOrganizationUser(existingUser);
+            var associations = model.Collections?.Select(c => c.ToSelectionReadOnly());
+            await _organizationService.SaveUserAsync(updatedUser, null, associations);
+            MemberResponseModel response = null;
+            if(existingUser.UserId.HasValue)
+            {
+                var existingUserDetails = await _organizationUserRepository.GetDetailsByIdAsync(id);
+                response = new MemberResponseModel(existingUserDetails,
+                    await _userService.TwoFactorIsEnabledAsync(existingUserDetails), associations);
+            }
+            else
+            {
+                response = new MemberResponseModel(updatedUser, associations);
+            }
+            return new JsonResult(response);
+        }
+
+        /// <summary>
+        /// Delete a member.
+        /// </summary>
+        /// <remarks>
+        /// Permanently deletes a member from the organization. This cannot be undone.
+        /// The user account will still remain. The user is only removed from the organization.
+        /// </remarks>
+        /// <param name="id">The identifier of the member to be deleted.</param>
+        [HttpDelete("{id}")]
+        [ProducesResponseType((int)HttpStatusCode.OK)]
+        [ProducesResponseType((int)HttpStatusCode.NotFound)]
+        public async Task<IActionResult> Delete(Guid id)
+        {
+            var user = await _organizationUserRepository.GetByIdAsync(id);
+            if(user == null || user.OrganizationId != _currentContext.OrganizationId)
+            {
+                return new NotFoundResult();
+            }
+            await _organizationService.DeleteUserAsync(_currentContext.OrganizationId.Value, id, null);
+            return new OkResult();
+        }
+    }
+}

src/Core/Models/Api/Public/AssociationWithPermissionsBaseModel.cs

@@ -4,7 +4,7 @@ using Newtonsoft.Json;
 
 namespace Bit.Core.Models.Api.Public
 {
-    public abstract class BaseAssociationWithPermissionsModel
+    public abstract class AssociationWithPermissionsBaseModel
     {
         /// <summary>
         /// The associated object's unique identifier.

src/Core/Models/Api/Public/MemberBaseModel.cs

@@ -0,0 +1,55 @@
+using System;
+using System.ComponentModel.DataAnnotations;
+using Bit.Core.Enums;
+using Bit.Core.Models.Data;
+using Bit.Core.Models.Table;
+
+namespace Bit.Core.Models.Api.Public
+{
+    public abstract class MemberBaseModel
+    {
+        public MemberBaseModel() { }
+
+        public MemberBaseModel(OrganizationUser user)
+        {
+            if(user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+            
+            Type = user.Type;
+            AccessAll = user.AccessAll;
+            ExternalId = user.ExternalId;
+        }
+
+        public MemberBaseModel(OrganizationUserUserDetails user)
+        {
+            if(user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+            
+            Type = user.Type;
+            AccessAll = user.AccessAll;
+            ExternalId = user.ExternalId;
+        }
+
+        /// <summary>
+        /// The member's type (or role) within the organization.
+        /// </summary>
+        [Required]
+        public OrganizationUserType? Type { get; set; }
+        /// <summary>
+        /// Determines if this member can access all collections within the organization, or only the associated
+        /// collections. If set to <c>true</c>, this option overrides any collection assignments.
+        /// </summary>
+        [Required]
+        public bool? AccessAll { get; set; }
+        /// <summary>
+        /// External identifier linking this member to another system, such as a user directory.
+        /// </summary>
+        /// <example>external_id_123456</example>
+        [StringLength(300)]
+        public string ExternalId { get; set; }
+    }
+}

src/Core/Models/Api/Public/Request/AssociationWithPermissionsRequestModel.cs

@@ -2,7 +2,7 @@
 
 namespace Bit.Core.Models.Api.Public
 {
-    public class AssociationWithPermissionsRequestModel : BaseAssociationWithPermissionsModel
+    public class AssociationWithPermissionsRequestModel : AssociationWithPermissionsBaseModel
     {
         public SelectionReadOnly ToSelectionReadOnly()
         {

src/Core/Models/Api/Public/Request/MemberCreateRequestModel.cs

@@ -0,0 +1,22 @@
+using System;
+using System.ComponentModel.DataAnnotations;
+using Bit.Core.Models.Table;
+
+namespace Bit.Core.Models.Api.Public
+{
+    public class MemberCreateRequestModel : MemberUpdateRequestModel
+    {
+        /// <summary>
+        /// The member's email address.
+        /// </summary>
+        /// <example>jsmith@company.com</example>
+        [Required]
+        [EmailAddress]
+        public string Email { get; set; }
+
+        public override OrganizationUser ToOrganizationUser(OrganizationUser existingUser)
+        {
+            throw new NotImplementedException();
+        }
+    }
+}

src/Core/Models/Api/Public/Request/MemberUpdateRequestModel.cs

@@ -0,0 +1,21 @@
+using System.Collections.Generic;
+using Bit.Core.Models.Table;
+
+namespace Bit.Core.Models.Api.Public
+{
+    public class MemberUpdateRequestModel : MemberBaseModel
+    {
+        /// <summary>
+        /// The associated collections that this member can access.
+        /// </summary>
+        public IEnumerable<AssociationWithPermissionsRequestModel> Collections { get; set; }
+
+        public virtual OrganizationUser ToOrganizationUser(OrganizationUser existingUser)
+        {
+            existingUser.Type = Type.Value;
+            existingUser.AccessAll = AccessAll.Value;
+            existingUser.ExternalId = ExternalId;
+            return existingUser;
+        }
+    }
+}

src/Core/Models/Api/Public/Response/AssociationWithPermissionsResponseModel.cs

@@ -3,7 +3,7 @@ using Bit.Core.Models.Data;
 
 namespace Bit.Core.Models.Api.Public
 {
-    public class AssociationWithPermissionsResponseModel : BaseAssociationWithPermissionsModel
+    public class AssociationWithPermissionsResponseModel : AssociationWithPermissionsBaseModel
     {
         public AssociationWithPermissionsResponseModel(SelectionReadOnly selection)
         {

src/Core/Models/Api/Public/Response/MemberResponseModel.cs

@@ -0,0 +1,88 @@
+using System;
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
+using System.Linq;
+using Bit.Core.Enums;
+using Bit.Core.Models.Data;
+using Bit.Core.Models.Table;
+
+namespace Bit.Core.Models.Api.Public
+{
+    /// <summary>
+    /// An organization member.
+    /// </summary>
+    public class MemberResponseModel : MemberBaseModel, IResponseModel
+    {
+        public MemberResponseModel(OrganizationUser user, IEnumerable<SelectionReadOnly> collections)
+            : base(user)
+        {
+            if(user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            Id = user.Id;
+            Email = user.Email;
+            Status = user.Status;
+            Collections = collections?.Select(c => new AssociationWithPermissionsResponseModel(c));
+        }
+
+        public MemberResponseModel(OrganizationUserUserDetails user, bool twoFactorEnabled,
+            IEnumerable<SelectionReadOnly> collections)
+            : base(user)
+        {
+            if(user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            Id = user.Id;
+            Name = user.Name;
+            Email = user.Email;
+            TwoFactorEnabled = twoFactorEnabled;
+            Status = user.Status;
+            Collections = collections?.Select(c => new AssociationWithPermissionsResponseModel(c));
+        }
+
+        /// <summary>
+        /// String representing the object's type. Objects of the same type share the same properties.
+        /// </summary>
+        /// <example>member</example>
+        [Required]
+        public string Object => "member";
+        /// <summary>
+        /// The member's unique identifier.
+        /// </summary>
+        /// <example>539a36c5-e0d2-4cf9-979e-51ecf5cf6593</example>
+        [Required]
+        public Guid Id { get; set; }
+        /// <summary>
+        /// The member's name, set from their user account profile.
+        /// </summary>
+        /// <example>John Smith</example>
+        public string Name { get; set; }
+        /// <summary>
+        /// The member's email address.
+        /// </summary>
+        /// <example>jsmith@company.com</example>
+        [Required]
+        public string Email { get; set; }
+        /// <summary>
+        /// Returns <c>true</c> if the member has a two-step login method enabled on their user account.
+        /// </summary>
+        [Required]
+        public bool TwoFactorEnabled { get; set; }
+        /// <summary>
+        /// The member's status within the organization. All created members start with a status of "Invited".
+        /// Once a member accept's their invitation to join the organization, their status changes to "Accepted".
+        /// Accepted members are then "Confirmed" by an organization administrator. Once a member is "Confirmed",
+        /// their status can no longer change.
+        /// </summary>
+        [Required]
+        public OrganizationUserStatusType Status { get; set; }
+        /// <summary>
+        /// The associated collections that this member can access.
+        /// </summary>
+        public IEnumerable<AssociationWithPermissionsResponseModel> Collections { get; set; }
+    }
+}

src/Core/Services/IOrganizationService.cs

@@ -35,7 +35,7 @@ namespace Bit.Core.Services
         Task ResendInviteAsync(Guid organizationId, Guid invitingUserId, Guid organizationUserId);
         Task<OrganizationUser> AcceptUserAsync(Guid organizationUserId, User user, string token);
         Task<OrganizationUser> ConfirmUserAsync(Guid organizationId, Guid organizationUserId, string key, Guid confirmingUserId);
-        Task SaveUserAsync(OrganizationUser user, Guid savingUserId, IEnumerable<SelectionReadOnly> collections);
+        Task SaveUserAsync(OrganizationUser user, Guid? savingUserId, IEnumerable<SelectionReadOnly> collections);
         Task DeleteUserAsync(Guid organizationId, Guid organizationUserId, Guid? deletingUserId);
         Task DeleteUserAsync(Guid organizationId, Guid userId);
         Task UpdateUserGroupsAsync(OrganizationUser organizationUser, IEnumerable<Guid> groupIds);

src/Core/Services/Implementations/OrganizationService.cs

@@ -871,9 +871,14 @@ namespace Bit.Core.Services
         public async Task<OrganizationUser> InviteUserAsync(Guid organizationId, Guid? invitingUserId, string email,
             OrganizationUserType type, bool accessAll, string externalId, IEnumerable<SelectionReadOnly> collections)
         {
-            var result = await InviteUserAsync(organizationId, invitingUserId, new List<string> { email }, type, accessAll,
+            var results = await InviteUserAsync(organizationId, invitingUserId, new List<string> { email }, type, accessAll,
                 externalId, collections);
-            return result.FirstOrDefault();
+            var result = results.FirstOrDefault();
+            if(result == null)
+            {
+                throw new BadRequestException("This user has already been invited.");
+            }
+            return result;
         }
 
         public async Task<List<OrganizationUser>> InviteUserAsync(Guid organizationId, Guid? invitingUserId,
@@ -1062,16 +1067,17 @@ namespace Bit.Core.Services
             return orgUser;
         }
 
-        public async Task SaveUserAsync(OrganizationUser user, Guid savingUserId, IEnumerable<SelectionReadOnly> collections)
+        public async Task SaveUserAsync(OrganizationUser user, Guid? savingUserId,
+            IEnumerable<SelectionReadOnly> collections)
         {
             if(user.Id.Equals(default(Guid)))
             {
                 throw new BadRequestException("Invite the user first.");
             }
 
-            if(user.Type == OrganizationUserType.Owner)
+            if(savingUserId.HasValue && user.Type == OrganizationUserType.Owner)
             {
-                var savingUserOrgs = await _organizationUserRepository.GetManyByUserAsync(savingUserId);
+                var savingUserOrgs = await _organizationUserRepository.GetManyByUserAsync(savingUserId.Value);
                 if(!savingUserOrgs.Any(u => u.OrganizationId == user.OrganizationId && u.Type == OrganizationUserType.Owner))
                 {
                     throw new BadRequestException("Only owners can update other owners.");