mirror of
https://github.com/bitwarden/server.git
synced 2024-11-25 12:45:18 +01:00
org members public api
This commit is contained in:
parent
00f3c476ae
commit
de1b00533f
158
src/Api/Public/Controllers/MembersController.cs
Normal file
158
src/Api/Public/Controllers/MembersController.cs
Normal file
@ -0,0 +1,158 @@
|
||||
using System;
|
||||
using System.Linq;
|
||||
using System.Net;
|
||||
using System.Threading.Tasks;
|
||||
using Bit.Core;
|
||||
using Bit.Core.Models.Api.Public;
|
||||
using Bit.Core.Repositories;
|
||||
using Bit.Core.Services;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
namespace Bit.Api.Public.Controllers
|
||||
{
|
||||
[Route("public/members")]
|
||||
[Authorize("Organization")]
|
||||
public class MembersController : Controller
|
||||
{
|
||||
private readonly IOrganizationUserRepository _organizationUserRepository;
|
||||
private readonly IOrganizationService _organizationService;
|
||||
private readonly IUserService _userService;
|
||||
private readonly CurrentContext _currentContext;
|
||||
|
||||
public MembersController(
|
||||
IOrganizationUserRepository organizationUserRepository,
|
||||
IOrganizationService organizationService,
|
||||
IUserService userService,
|
||||
CurrentContext currentContext)
|
||||
{
|
||||
_organizationUserRepository = organizationUserRepository;
|
||||
_organizationService = organizationService;
|
||||
_userService = userService;
|
||||
_currentContext = currentContext;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Retrieve a member.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Retrieves the details of an existing member of the organization. You need only supply the
|
||||
/// unique member identifier that was returned upon member creation.
|
||||
/// </remarks>
|
||||
/// <param name="id">The identifier of the member to be retrieved.</param>
|
||||
[HttpGet("{id}")]
|
||||
[ProducesResponseType(typeof(MemberResponseModel), (int)HttpStatusCode.OK)]
|
||||
[ProducesResponseType((int)HttpStatusCode.NotFound)]
|
||||
public async Task<IActionResult> Get(Guid id)
|
||||
{
|
||||
var userDetails = await _organizationUserRepository.GetDetailsByIdWithCollectionsAsync(id);
|
||||
var orgUser = userDetails?.Item1;
|
||||
if(orgUser == null || orgUser.OrganizationId != _currentContext.OrganizationId)
|
||||
{
|
||||
return new NotFoundResult();
|
||||
}
|
||||
var response = new MemberResponseModel(orgUser, await _userService.TwoFactorIsEnabledAsync(orgUser),
|
||||
userDetails.Item2);
|
||||
return new JsonResult(response);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// List all members.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Returns a list of your organization's members.
|
||||
/// Member objects listed in this call do not include information about their associated collections.
|
||||
/// </remarks>
|
||||
[HttpGet]
|
||||
[ProducesResponseType(typeof(ListResponseModel<MemberResponseModel>), (int)HttpStatusCode.OK)]
|
||||
public async Task<IActionResult> List()
|
||||
{
|
||||
var users = await _organizationUserRepository.GetManyDetailsByOrganizationAsync(
|
||||
_currentContext.OrganizationId.Value);
|
||||
// TODO: Get all CollectionUser associations for the organization and marry them up here for the response.
|
||||
var memberResponsesTasks = users.Select(async u => new MemberResponseModel(u,
|
||||
await _userService.TwoFactorIsEnabledAsync(u), null));
|
||||
var memberResponses = await Task.WhenAll(memberResponsesTasks);
|
||||
var response = new ListResponseModel<MemberResponseModel>(memberResponses);
|
||||
return new JsonResult(response);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Create a member.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Creates a new member object by inviting a user to the organization.
|
||||
/// </remarks>
|
||||
/// <param name="model">The request model.</param>
|
||||
[HttpPost]
|
||||
[ProducesResponseType(typeof(MemberResponseModel), (int)HttpStatusCode.OK)]
|
||||
[ProducesResponseType(typeof(ErrorResponseModel), (int)HttpStatusCode.BadRequest)]
|
||||
public async Task<IActionResult> Post([FromBody]MemberCreateRequestModel model)
|
||||
{
|
||||
var associations = model.Collections?.Select(c => c.ToSelectionReadOnly());
|
||||
var user = await _organizationService.InviteUserAsync(_currentContext.OrganizationId.Value, null,
|
||||
model.Email, model.Type.Value, model.AccessAll.Value, model.ExternalId, associations);
|
||||
var response = new MemberResponseModel(user, associations);
|
||||
return new JsonResult(response);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Update a member.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Updates the specified member object. If a property is not provided,
|
||||
/// the value of the existing property will be reset.
|
||||
/// </remarks>
|
||||
/// <param name="id">The identifier of the member to be updated.</param>
|
||||
/// <param name="model">The request model.</param>
|
||||
[HttpPut("{id}")]
|
||||
[ProducesResponseType(typeof(MemberResponseModel), (int)HttpStatusCode.OK)]
|
||||
[ProducesResponseType(typeof(ErrorResponseModel), (int)HttpStatusCode.BadRequest)]
|
||||
[ProducesResponseType((int)HttpStatusCode.NotFound)]
|
||||
public async Task<IActionResult> Put(Guid id, [FromBody]MemberUpdateRequestModel model)
|
||||
{
|
||||
var existingUser = await _organizationUserRepository.GetByIdAsync(id);
|
||||
if(existingUser == null || existingUser.OrganizationId != _currentContext.OrganizationId)
|
||||
{
|
||||
return new NotFoundResult();
|
||||
}
|
||||
var updatedUser = model.ToOrganizationUser(existingUser);
|
||||
var associations = model.Collections?.Select(c => c.ToSelectionReadOnly());
|
||||
await _organizationService.SaveUserAsync(updatedUser, null, associations);
|
||||
MemberResponseModel response = null;
|
||||
if(existingUser.UserId.HasValue)
|
||||
{
|
||||
var existingUserDetails = await _organizationUserRepository.GetDetailsByIdAsync(id);
|
||||
response = new MemberResponseModel(existingUserDetails,
|
||||
await _userService.TwoFactorIsEnabledAsync(existingUserDetails), associations);
|
||||
}
|
||||
else
|
||||
{
|
||||
response = new MemberResponseModel(updatedUser, associations);
|
||||
}
|
||||
return new JsonResult(response);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Delete a member.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Permanently deletes a member from the organization. This cannot be undone.
|
||||
/// The user account will still remain. The user is only removed from the organization.
|
||||
/// </remarks>
|
||||
/// <param name="id">The identifier of the member to be deleted.</param>
|
||||
[HttpDelete("{id}")]
|
||||
[ProducesResponseType((int)HttpStatusCode.OK)]
|
||||
[ProducesResponseType((int)HttpStatusCode.NotFound)]
|
||||
public async Task<IActionResult> Delete(Guid id)
|
||||
{
|
||||
var user = await _organizationUserRepository.GetByIdAsync(id);
|
||||
if(user == null || user.OrganizationId != _currentContext.OrganizationId)
|
||||
{
|
||||
return new NotFoundResult();
|
||||
}
|
||||
await _organizationService.DeleteUserAsync(_currentContext.OrganizationId.Value, id, null);
|
||||
return new OkResult();
|
||||
}
|
||||
}
|
||||
}
|
@ -4,7 +4,7 @@ using Newtonsoft.Json;
|
||||
|
||||
namespace Bit.Core.Models.Api.Public
|
||||
{
|
||||
public abstract class BaseAssociationWithPermissionsModel
|
||||
public abstract class AssociationWithPermissionsBaseModel
|
||||
{
|
||||
/// <summary>
|
||||
/// The associated object's unique identifier.
|
55
src/Core/Models/Api/Public/MemberBaseModel.cs
Normal file
55
src/Core/Models/Api/Public/MemberBaseModel.cs
Normal file
@ -0,0 +1,55 @@
|
||||
using System;
|
||||
using System.ComponentModel.DataAnnotations;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Models.Data;
|
||||
using Bit.Core.Models.Table;
|
||||
|
||||
namespace Bit.Core.Models.Api.Public
|
||||
{
|
||||
public abstract class MemberBaseModel
|
||||
{
|
||||
public MemberBaseModel() { }
|
||||
|
||||
public MemberBaseModel(OrganizationUser user)
|
||||
{
|
||||
if(user == null)
|
||||
{
|
||||
throw new ArgumentNullException(nameof(user));
|
||||
}
|
||||
|
||||
Type = user.Type;
|
||||
AccessAll = user.AccessAll;
|
||||
ExternalId = user.ExternalId;
|
||||
}
|
||||
|
||||
public MemberBaseModel(OrganizationUserUserDetails user)
|
||||
{
|
||||
if(user == null)
|
||||
{
|
||||
throw new ArgumentNullException(nameof(user));
|
||||
}
|
||||
|
||||
Type = user.Type;
|
||||
AccessAll = user.AccessAll;
|
||||
ExternalId = user.ExternalId;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// The member's type (or role) within the organization.
|
||||
/// </summary>
|
||||
[Required]
|
||||
public OrganizationUserType? Type { get; set; }
|
||||
/// <summary>
|
||||
/// Determines if this member can access all collections within the organization, or only the associated
|
||||
/// collections. If set to <c>true</c>, this option overrides any collection assignments.
|
||||
/// </summary>
|
||||
[Required]
|
||||
public bool? AccessAll { get; set; }
|
||||
/// <summary>
|
||||
/// External identifier linking this member to another system, such as a user directory.
|
||||
/// </summary>
|
||||
/// <example>external_id_123456</example>
|
||||
[StringLength(300)]
|
||||
public string ExternalId { get; set; }
|
||||
}
|
||||
}
|
@ -2,7 +2,7 @@
|
||||
|
||||
namespace Bit.Core.Models.Api.Public
|
||||
{
|
||||
public class AssociationWithPermissionsRequestModel : BaseAssociationWithPermissionsModel
|
||||
public class AssociationWithPermissionsRequestModel : AssociationWithPermissionsBaseModel
|
||||
{
|
||||
public SelectionReadOnly ToSelectionReadOnly()
|
||||
{
|
||||
|
@ -0,0 +1,22 @@
|
||||
using System;
|
||||
using System.ComponentModel.DataAnnotations;
|
||||
using Bit.Core.Models.Table;
|
||||
|
||||
namespace Bit.Core.Models.Api.Public
|
||||
{
|
||||
public class MemberCreateRequestModel : MemberUpdateRequestModel
|
||||
{
|
||||
/// <summary>
|
||||
/// The member's email address.
|
||||
/// </summary>
|
||||
/// <example>jsmith@company.com</example>
|
||||
[Required]
|
||||
[EmailAddress]
|
||||
public string Email { get; set; }
|
||||
|
||||
public override OrganizationUser ToOrganizationUser(OrganizationUser existingUser)
|
||||
{
|
||||
throw new NotImplementedException();
|
||||
}
|
||||
}
|
||||
}
|
@ -0,0 +1,21 @@
|
||||
using System.Collections.Generic;
|
||||
using Bit.Core.Models.Table;
|
||||
|
||||
namespace Bit.Core.Models.Api.Public
|
||||
{
|
||||
public class MemberUpdateRequestModel : MemberBaseModel
|
||||
{
|
||||
/// <summary>
|
||||
/// The associated collections that this member can access.
|
||||
/// </summary>
|
||||
public IEnumerable<AssociationWithPermissionsRequestModel> Collections { get; set; }
|
||||
|
||||
public virtual OrganizationUser ToOrganizationUser(OrganizationUser existingUser)
|
||||
{
|
||||
existingUser.Type = Type.Value;
|
||||
existingUser.AccessAll = AccessAll.Value;
|
||||
existingUser.ExternalId = ExternalId;
|
||||
return existingUser;
|
||||
}
|
||||
}
|
||||
}
|
@ -3,7 +3,7 @@ using Bit.Core.Models.Data;
|
||||
|
||||
namespace Bit.Core.Models.Api.Public
|
||||
{
|
||||
public class AssociationWithPermissionsResponseModel : BaseAssociationWithPermissionsModel
|
||||
public class AssociationWithPermissionsResponseModel : AssociationWithPermissionsBaseModel
|
||||
{
|
||||
public AssociationWithPermissionsResponseModel(SelectionReadOnly selection)
|
||||
{
|
||||
|
88
src/Core/Models/Api/Public/Response/MemberResponseModel.cs
Normal file
88
src/Core/Models/Api/Public/Response/MemberResponseModel.cs
Normal file
@ -0,0 +1,88 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.ComponentModel.DataAnnotations;
|
||||
using System.Linq;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Models.Data;
|
||||
using Bit.Core.Models.Table;
|
||||
|
||||
namespace Bit.Core.Models.Api.Public
|
||||
{
|
||||
/// <summary>
|
||||
/// An organization member.
|
||||
/// </summary>
|
||||
public class MemberResponseModel : MemberBaseModel, IResponseModel
|
||||
{
|
||||
public MemberResponseModel(OrganizationUser user, IEnumerable<SelectionReadOnly> collections)
|
||||
: base(user)
|
||||
{
|
||||
if(user == null)
|
||||
{
|
||||
throw new ArgumentNullException(nameof(user));
|
||||
}
|
||||
|
||||
Id = user.Id;
|
||||
Email = user.Email;
|
||||
Status = user.Status;
|
||||
Collections = collections?.Select(c => new AssociationWithPermissionsResponseModel(c));
|
||||
}
|
||||
|
||||
public MemberResponseModel(OrganizationUserUserDetails user, bool twoFactorEnabled,
|
||||
IEnumerable<SelectionReadOnly> collections)
|
||||
: base(user)
|
||||
{
|
||||
if(user == null)
|
||||
{
|
||||
throw new ArgumentNullException(nameof(user));
|
||||
}
|
||||
|
||||
Id = user.Id;
|
||||
Name = user.Name;
|
||||
Email = user.Email;
|
||||
TwoFactorEnabled = twoFactorEnabled;
|
||||
Status = user.Status;
|
||||
Collections = collections?.Select(c => new AssociationWithPermissionsResponseModel(c));
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// String representing the object's type. Objects of the same type share the same properties.
|
||||
/// </summary>
|
||||
/// <example>member</example>
|
||||
[Required]
|
||||
public string Object => "member";
|
||||
/// <summary>
|
||||
/// The member's unique identifier.
|
||||
/// </summary>
|
||||
/// <example>539a36c5-e0d2-4cf9-979e-51ecf5cf6593</example>
|
||||
[Required]
|
||||
public Guid Id { get; set; }
|
||||
/// <summary>
|
||||
/// The member's name, set from their user account profile.
|
||||
/// </summary>
|
||||
/// <example>John Smith</example>
|
||||
public string Name { get; set; }
|
||||
/// <summary>
|
||||
/// The member's email address.
|
||||
/// </summary>
|
||||
/// <example>jsmith@company.com</example>
|
||||
[Required]
|
||||
public string Email { get; set; }
|
||||
/// <summary>
|
||||
/// Returns <c>true</c> if the member has a two-step login method enabled on their user account.
|
||||
/// </summary>
|
||||
[Required]
|
||||
public bool TwoFactorEnabled { get; set; }
|
||||
/// <summary>
|
||||
/// The member's status within the organization. All created members start with a status of "Invited".
|
||||
/// Once a member accept's their invitation to join the organization, their status changes to "Accepted".
|
||||
/// Accepted members are then "Confirmed" by an organization administrator. Once a member is "Confirmed",
|
||||
/// their status can no longer change.
|
||||
/// </summary>
|
||||
[Required]
|
||||
public OrganizationUserStatusType Status { get; set; }
|
||||
/// <summary>
|
||||
/// The associated collections that this member can access.
|
||||
/// </summary>
|
||||
public IEnumerable<AssociationWithPermissionsResponseModel> Collections { get; set; }
|
||||
}
|
||||
}
|
@ -35,7 +35,7 @@ namespace Bit.Core.Services
|
||||
Task ResendInviteAsync(Guid organizationId, Guid invitingUserId, Guid organizationUserId);
|
||||
Task<OrganizationUser> AcceptUserAsync(Guid organizationUserId, User user, string token);
|
||||
Task<OrganizationUser> ConfirmUserAsync(Guid organizationId, Guid organizationUserId, string key, Guid confirmingUserId);
|
||||
Task SaveUserAsync(OrganizationUser user, Guid savingUserId, IEnumerable<SelectionReadOnly> collections);
|
||||
Task SaveUserAsync(OrganizationUser user, Guid? savingUserId, IEnumerable<SelectionReadOnly> collections);
|
||||
Task DeleteUserAsync(Guid organizationId, Guid organizationUserId, Guid? deletingUserId);
|
||||
Task DeleteUserAsync(Guid organizationId, Guid userId);
|
||||
Task UpdateUserGroupsAsync(OrganizationUser organizationUser, IEnumerable<Guid> groupIds);
|
||||
|
@ -871,9 +871,14 @@ namespace Bit.Core.Services
|
||||
public async Task<OrganizationUser> InviteUserAsync(Guid organizationId, Guid? invitingUserId, string email,
|
||||
OrganizationUserType type, bool accessAll, string externalId, IEnumerable<SelectionReadOnly> collections)
|
||||
{
|
||||
var result = await InviteUserAsync(organizationId, invitingUserId, new List<string> { email }, type, accessAll,
|
||||
var results = await InviteUserAsync(organizationId, invitingUserId, new List<string> { email }, type, accessAll,
|
||||
externalId, collections);
|
||||
return result.FirstOrDefault();
|
||||
var result = results.FirstOrDefault();
|
||||
if(result == null)
|
||||
{
|
||||
throw new BadRequestException("This user has already been invited.");
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
public async Task<List<OrganizationUser>> InviteUserAsync(Guid organizationId, Guid? invitingUserId,
|
||||
@ -1062,16 +1067,17 @@ namespace Bit.Core.Services
|
||||
return orgUser;
|
||||
}
|
||||
|
||||
public async Task SaveUserAsync(OrganizationUser user, Guid savingUserId, IEnumerable<SelectionReadOnly> collections)
|
||||
public async Task SaveUserAsync(OrganizationUser user, Guid? savingUserId,
|
||||
IEnumerable<SelectionReadOnly> collections)
|
||||
{
|
||||
if(user.Id.Equals(default(Guid)))
|
||||
{
|
||||
throw new BadRequestException("Invite the user first.");
|
||||
}
|
||||
|
||||
if(user.Type == OrganizationUserType.Owner)
|
||||
if(savingUserId.HasValue && user.Type == OrganizationUserType.Owner)
|
||||
{
|
||||
var savingUserOrgs = await _organizationUserRepository.GetManyByUserAsync(savingUserId);
|
||||
var savingUserOrgs = await _organizationUserRepository.GetManyByUserAsync(savingUserId.Value);
|
||||
if(!savingUserOrgs.Any(u => u.OrganizationId == user.OrganizationId && u.Type == OrganizationUserType.Owner))
|
||||
{
|
||||
throw new BadRequestException("Only owners can update other owners.");
|
||||
|
Loading…
Reference in New Issue
Block a user