1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-29 13:25:17 +01:00

admin subvault updates for cipher

This commit is contained in:
Kyle Spearrin 2017-04-17 23:12:48 -04:00
parent 0e5799f7c8
commit f7aa6fadbf
13 changed files with 106 additions and 102 deletions

View File

@ -176,7 +176,22 @@ namespace Bit.Api.Controllers
throw new NotFoundException(); throw new NotFoundException();
} }
await _cipherService.SaveSubvaultsAsync(cipher, model.SubvaultIds.Select(s => new Guid(s)), userId); await _cipherService.SaveSubvaultsAsync(cipher, model.SubvaultIds.Select(s => new Guid(s)), userId, false);
}
[HttpPut("{id}/subvaults-admin")]
[HttpPost("{id}/subvaults-admin")]
public async Task PutSubvaultsAdmin(string id, [FromBody]CipherSubvaultsRequestModel model)
{
var userId = _userService.GetProperUserId(User).Value;
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id));
if(cipher == null || !cipher.OrganizationId.HasValue ||
!_currentContext.OrganizationAdmin(cipher.OrganizationId.Value))
{
throw new NotFoundException();
}
await _cipherService.SaveSubvaultsAsync(cipher, model.SubvaultIds.Select(s => new Guid(s)), userId, true);
} }
[HttpDelete("{id}")] [HttpDelete("{id}")]

View File

@ -84,18 +84,9 @@ namespace Bit.Core.Models.Api
} }
} }
public class CipherSubvaultsRequestModel : IValidatableObject public class CipherSubvaultsRequestModel
{ {
[Required] [Required]
public IEnumerable<string> SubvaultIds { get; set; } public IEnumerable<string> SubvaultIds { get; set; }
public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
{
if(!SubvaultIds?.Any() ?? false)
{
yield return new ValidationResult("You must select at least one subvault.",
new string[] { nameof(SubvaultIds) });
}
}
} }
} }

View File

@ -1,10 +0,0 @@
using System;
namespace Bit.Core.Models.Data
{
public class SubvaultUserPermissions
{
public Guid SubvaultId { get; set; }
public bool ReadOnly { get; set; }
}
}

View File

@ -11,5 +11,6 @@ namespace Bit.Core.Repositories
Task<ICollection<SubvaultCipher>> GetManyByOrganizationIdAsync(Guid organizationId); Task<ICollection<SubvaultCipher>> GetManyByOrganizationIdAsync(Guid organizationId);
Task<ICollection<SubvaultCipher>> GetManyByUserIdCipherIdAsync(Guid userId, Guid cipherId); Task<ICollection<SubvaultCipher>> GetManyByUserIdCipherIdAsync(Guid userId, Guid cipherId);
Task UpdateSubvaultsAsync(Guid cipherId, Guid userId, IEnumerable<Guid> subvaultIds); Task UpdateSubvaultsAsync(Guid cipherId, Guid userId, IEnumerable<Guid> subvaultIds);
Task UpdateSubvaultsForAdminAsync(Guid cipherId, Guid organizationId, IEnumerable<Guid> subvaultIds);
} }
} }

View File

@ -11,8 +11,6 @@ namespace Bit.Core.Repositories
Task<ICollection<SubvaultUser>> GetManyByOrganizationUserIdAsync(Guid orgUserId); Task<ICollection<SubvaultUser>> GetManyByOrganizationUserIdAsync(Guid orgUserId);
Task<ICollection<SubvaultUserSubvaultDetails>> GetManyDetailsByUserIdAsync(Guid userId); Task<ICollection<SubvaultUserSubvaultDetails>> GetManyDetailsByUserIdAsync(Guid userId);
Task<ICollection<SubvaultUserUserDetails>> GetManyDetailsBySubvaultIdAsync(Guid subvaultId); Task<ICollection<SubvaultUserUserDetails>> GetManyDetailsBySubvaultIdAsync(Guid subvaultId);
Task<ICollection<SubvaultUserPermissions>> GetPermissionsByUserIdAsync(Guid userId, IEnumerable<Guid> subvaultIds,
Guid organizationId);
Task<bool> GetCanEditByUserIdCipherIdAsync(Guid userId, Guid cipherId); Task<bool> GetCanEditByUserIdCipherIdAsync(Guid userId, Guid cipherId);
} }
} }

View File

@ -69,5 +69,16 @@ namespace Bit.Core.Repositories.SqlServer
commandType: CommandType.StoredProcedure); commandType: CommandType.StoredProcedure);
} }
} }
public async Task UpdateSubvaultsForAdminAsync(Guid cipherId, Guid organizationId, IEnumerable<Guid> subvaultIds)
{
using(var connection = new SqlConnection(ConnectionString))
{
var results = await connection.ExecuteAsync(
"[dbo].[SubvaultCipher_UpdateSubvaultsAdmin]",
new { CipherId = cipherId, OrganizationId = organizationId, SubvaultIds = subvaultIds.ToGuidIdArrayTVP() },
commandType: CommandType.StoredProcedure);
}
}
} }
} }

View File

@ -7,7 +7,6 @@ using System.Data.SqlClient;
using Dapper; using Dapper;
using System.Linq; using System.Linq;
using Bit.Core.Models.Data; using Bit.Core.Models.Data;
using Bit.Core.Utilities;
namespace Bit.Core.Repositories.SqlServer namespace Bit.Core.Repositories.SqlServer
{ {
@ -60,20 +59,6 @@ namespace Bit.Core.Repositories.SqlServer
} }
} }
public async Task<ICollection<SubvaultUserPermissions>> GetPermissionsByUserIdAsync(Guid userId,
IEnumerable<Guid> subvaultIds, Guid organizationId)
{
using(var connection = new SqlConnection(ConnectionString))
{
var results = await connection.QueryAsync<SubvaultUserPermissions>(
$"[{Schema}].[SubvaultUser_ReadPermissionsBySubvaultUserId]",
new { UserId = userId, SubvaultIds = subvaultIds.ToGuidIdArrayTVP(), OrganizationId = organizationId },
commandType: CommandType.StoredProcedure);
return results.ToList();
}
}
public async Task<bool> GetCanEditByUserIdCipherIdAsync(Guid userId, Guid cipherId) public async Task<bool> GetCanEditByUserIdCipherIdAsync(Guid userId, Guid cipherId)
{ {
using(var connection = new SqlConnection(ConnectionString)) using(var connection = new SqlConnection(ConnectionString))

View File

@ -14,7 +14,7 @@ namespace Bit.Core.Services
Task SaveFolderAsync(Folder folder); Task SaveFolderAsync(Folder folder);
Task DeleteFolderAsync(Folder folder); Task DeleteFolderAsync(Folder folder);
Task ShareAsync(Cipher cipher, Guid organizationId, IEnumerable<Guid> subvaultIds, Guid userId); Task ShareAsync(Cipher cipher, Guid organizationId, IEnumerable<Guid> subvaultIds, Guid userId);
Task SaveSubvaultsAsync(Cipher cipher, IEnumerable<Guid> subvaultIds, Guid savingUserId); Task SaveSubvaultsAsync(Cipher cipher, IEnumerable<Guid> subvaultIds, Guid savingUserId, bool orgAdmin);
Task ImportCiphersAsync(List<Folder> folders, List<CipherDetails> ciphers, Task ImportCiphersAsync(List<Folder> folders, List<CipherDetails> ciphers,
IEnumerable<KeyValuePair<int, int>> folderRelationships); IEnumerable<KeyValuePair<int, int>> folderRelationships);
} }

View File

@ -132,27 +132,17 @@ namespace Bit.Core.Services
throw new NotFoundException(); throw new NotFoundException();
} }
// We do not need to check if the user belongs to this organization since this call will return no subvaults // Sproc will not save this UserId on the cipher. It is used limit scope of the subvaultIds.
// and therefore be caught by the .Any() check below. cipher.UserId = sharingUserId;
var subvaultUserDetails = await _subvaultUserRepository.GetPermissionsByUserIdAsync(sharingUserId, subvaultIds,
organizationId);
var writeableSubvaults = subvaultUserDetails.Where(s => !s.ReadOnly).Select(s => s.SubvaultId);
if(!writeableSubvaults.Any())
{
throw new BadRequestException("No subvaults.");
}
cipher.UserId = null;
cipher.OrganizationId = organizationId; cipher.OrganizationId = organizationId;
cipher.RevisionDate = DateTime.UtcNow; cipher.RevisionDate = DateTime.UtcNow;
await _cipherRepository.ReplaceAsync(cipher, writeableSubvaults); await _cipherRepository.ReplaceAsync(cipher, subvaultIds);
// push // push
//await _pushService.PushSyncCipherUpdateAsync(cipher); //await _pushService.PushSyncCipherUpdateAsync(cipher);
} }
public async Task SaveSubvaultsAsync(Cipher cipher, IEnumerable<Guid> subvaultIds, Guid savingUserId) public async Task SaveSubvaultsAsync(Cipher cipher, IEnumerable<Guid> subvaultIds, Guid savingUserId, bool orgAdmin)
{ {
if(cipher.Id == default(Guid)) if(cipher.Id == default(Guid))
{ {
@ -164,18 +154,16 @@ namespace Bit.Core.Services
throw new BadRequestException("Cipher must belong to an organization."); throw new BadRequestException("Cipher must belong to an organization.");
} }
// We do not need to check if the user belongs to this organization since this call will return no subvaults // The sprocs will validate that all subvaults belong to this org/user and that they have proper write permissions.
// and therefore be caught by the .Any() check below. if(orgAdmin)
var subvaultUserDetails = await _subvaultUserRepository.GetPermissionsByUserIdAsync(savingUserId, subvaultIds,
cipher.OrganizationId.Value);
var writeableSubvaults = subvaultUserDetails.Where(s => !s.ReadOnly).Select(s => s.SubvaultId);
if(!writeableSubvaults.Any())
{ {
throw new BadRequestException("No subvaults."); await _subvaultCipherRepository.UpdateSubvaultsForAdminAsync(cipher.Id, cipher.OrganizationId.Value,
subvaultIds);
}
else
{
await _subvaultCipherRepository.UpdateSubvaultsAsync(cipher.Id, savingUserId, subvaultIds);
} }
await _subvaultCipherRepository.UpdateSubvaultsAsync(cipher.Id, savingUserId, writeableSubvaults);
// push // push
//await _pushService.PushSyncCipherUpdateAsync(cipher); //await _pushService.PushSyncCipherUpdateAsync(cipher);

View File

@ -143,7 +143,6 @@
<Build Include="dbo\Stored Procedures\Subvault_ReadById.sql" /> <Build Include="dbo\Stored Procedures\Subvault_ReadById.sql" />
<Build Include="dbo\Stored Procedures\User_UpdateEmailPassword.sql" /> <Build Include="dbo\Stored Procedures\User_UpdateEmailPassword.sql" />
<Build Include="dbo\Stored Procedures\Subvault_Update.sql" /> <Build Include="dbo\Stored Procedures\Subvault_Update.sql" />
<Build Include="dbo\Stored Procedures\SubvaultUser_ReadPermissionsBySubvaultUserId.sql" />
<Build Include="dbo\Stored Procedures\SubvaultCipher_Create.sql" /> <Build Include="dbo\Stored Procedures\SubvaultCipher_Create.sql" />
<Build Include="dbo\Stored Procedures\SubvaultCipher_Delete.sql" /> <Build Include="dbo\Stored Procedures\SubvaultCipher_Delete.sql" />
<Build Include="dbo\Stored Procedures\Cipher_UpdateWithSubvaults.sql" /> <Build Include="dbo\Stored Procedures\Cipher_UpdateWithSubvaults.sql" />
@ -176,5 +175,6 @@
<Build Include="dbo\User Defined Types\GuidIdArray.sql" /> <Build Include="dbo\User Defined Types\GuidIdArray.sql" />
<Build Include="dbo\Stored Procedures\Cipher_ReadByOrganizationId.sql" /> <Build Include="dbo\Stored Procedures\Cipher_ReadByOrganizationId.sql" />
<Build Include="dbo\Stored Procedures\SubvaultCipher_ReadByOrganizationId.sql" /> <Build Include="dbo\Stored Procedures\SubvaultCipher_ReadByOrganizationId.sql" />
<Build Include="dbo\Stored Procedures\SubvaultCipher_UpdateSubvaultsAdmin.sql" />
</ItemGroup> </ItemGroup>
</Project> </Project>

View File

@ -24,21 +24,32 @@ BEGIN
WHERE WHERE
[Id] = @Id [Id] = @Id
MERGE
[dbo].[SubvaultCipher] AS [Target] ;WITH [AvailableSubvaultsCTE] AS(
USING SELECT
@SubvaultIds AS [Source] SU.SubvaultId
ON FROM
[Target].[SubvaultId] = [Source].[Id] [dbo].[SubvaultUser] SU
AND [Target].[CipherId] = @Id INNER JOIN
WHEN NOT MATCHED BY TARGET THEN [dbo].[OrganizationUser] OU ON OU.[Id] = SU.[OrganizationUserId]
INSERT VALUES INNER JOIN
( [dbo].[Organization] O ON O.[Id] = OU.[OrganizationId]
[Source].[Id], WHERE
@Id OU.[UserId] = @UserId
AND SU.[ReadOnly] = 0
AND OU.[Status] = 2 -- Confirmed
AND O.[Enabled] = 1
) )
WHEN NOT MATCHED BY SOURCE INSERT INTO [dbo].[SubvaultCipher]
AND [Target].[CipherId] = @Id THEN (
DELETE [SubvaultId],
; [CipherId]
)
SELECT
Id,
@Id
FROM
@SubvaultIds
WHERE
Id IN (SELECT SubvaultId FROM [AvailableSubvaultsCTE])
END END

View File

@ -0,0 +1,35 @@
CREATE PROCEDURE [dbo].[SubvaultCipher_UpdateSubvaultsAdmin]
@CipherId UNIQUEIDENTIFIER,
@OrganizationId UNIQUEIDENTIFIER,
@SubvaultIds AS [dbo].[GuidIdArray] READONLY
AS
BEGIN
SET NOCOUNT ON
;WITH [AvailableSubvaultsCTE] AS(
SELECT
Id
FROM
[dbo].[Subvault]
WHERE
OrganizationId = @OrganizationId
)
MERGE
[dbo].[SubvaultCipher] AS [Target]
USING
@SubvaultIds AS [Source]
ON
[Target].[SubvaultId] = [Source].[Id]
AND [Target].[CipherId] = @CipherId
WHEN NOT MATCHED BY TARGET
AND [Source].[Id] IN (SELECT [SubvaultId] FROM [AvailableSubvaultsCTE]) THEN
INSERT VALUES
(
[Source].[Id],
@CipherId
)
WHEN NOT MATCHED BY SOURCE
AND [Target].[CipherId] = @CipherId THEN
DELETE
;
END

View File

@ -1,21 +0,0 @@
CREATE PROCEDURE [dbo].[SubvaultUser_ReadPermissionsBySubvaultUserId]
@UserId UNIQUEIDENTIFIER,
@SubvaultIds AS [dbo].[GuidIdArray] READONLY,
@OrganizationId UNIQUEIDENTIFIER
AS
BEGIN
SET NOCOUNT ON
SELECT
SU.[SubvaultId],
SU.[ReadOnly]
FROM
[dbo].[SubvaultUser] SU
INNER JOIN
[dbo].[OrganizationUser] OU ON OU.Id = SU.OrganizationUserId
WHERE
OU.[UserId] = @UserId
AND OU.[OrganizationId] = @OrganizationId
AND OU.[Status] = 2 -- 2 = Confirmed
AND SU.[SubvaultId] IN (SELECT [Id] FROM @SubvaultIds)
END