mirror of
https://github.com/bitwarden/server.git
synced 2024-11-26 12:55:17 +01:00
admin subvault updates for cipher
This commit is contained in:
Kyle Spearrin
parent
0e5799f7c8
commit
f7aa6fadbf
@ -176,7 +176,22 @@ namespace Bit.Api.Controllers
|
|||||||
throw new NotFoundException();
|
throw new NotFoundException();
|
||||||
}
|
}
|
||||||
|
|
||||||
await _cipherService.SaveSubvaultsAsync(cipher, model.SubvaultIds.Select(s => new Guid(s)), userId);
|
await _cipherService.SaveSubvaultsAsync(cipher, model.SubvaultIds.Select(s => new Guid(s)), userId, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
[HttpPut("{id}/subvaults-admin")]
|
||||||
|
[HttpPost("{id}/subvaults-admin")]
|
||||||
|
public async Task PutSubvaultsAdmin(string id, [FromBody]CipherSubvaultsRequestModel model)
|
||||||
|
{
|
||||||
|
var userId = _userService.GetProperUserId(User).Value;
|
||||||
|
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id));
|
||||||
|
if(cipher == null || !cipher.OrganizationId.HasValue ||
|
||||||
|
!_currentContext.OrganizationAdmin(cipher.OrganizationId.Value))
|
||||||
|
{
|
||||||
|
throw new NotFoundException();
|
||||||
|
}
|
||||||
|
|
||||||
|
await _cipherService.SaveSubvaultsAsync(cipher, model.SubvaultIds.Select(s => new Guid(s)), userId, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
[HttpDelete("{id}")]
|
[HttpDelete("{id}")]
|
||||||
|
|||||||
@ -84,18 +84,9 @@ namespace Bit.Core.Models.Api
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public class CipherSubvaultsRequestModel : IValidatableObject
|
public class CipherSubvaultsRequestModel
|
||||||
{
|
{
|
||||||
[Required]
|
[Required]
|
||||||
public IEnumerable<string> SubvaultIds { get; set; }
|
public IEnumerable<string> SubvaultIds { get; set; }
|
||||||
|
|
||||||
public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
|
|
||||||
{
|
|
||||||
if(!SubvaultIds?.Any() ?? false)
|
|
||||||
{
|
|
||||||
yield return new ValidationResult("You must select at least one subvault.",
|
|
||||||
new string[] { nameof(SubvaultIds) });
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,10 +0,0 @@
|
|||||||
using System;
|
|
||||||
|
|
||||||
namespace Bit.Core.Models.Data
|
|
||||||
{
|
|
||||||
public class SubvaultUserPermissions
|
|
||||||
{
|
|
||||||
public Guid SubvaultId { get; set; }
|
|
||||||
public bool ReadOnly { get; set; }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@ -11,5 +11,6 @@ namespace Bit.Core.Repositories
|
|||||||
Task<ICollection<SubvaultCipher>> GetManyByOrganizationIdAsync(Guid organizationId);
|
Task<ICollection<SubvaultCipher>> GetManyByOrganizationIdAsync(Guid organizationId);
|
||||||
Task<ICollection<SubvaultCipher>> GetManyByUserIdCipherIdAsync(Guid userId, Guid cipherId);
|
Task<ICollection<SubvaultCipher>> GetManyByUserIdCipherIdAsync(Guid userId, Guid cipherId);
|
||||||
Task UpdateSubvaultsAsync(Guid cipherId, Guid userId, IEnumerable<Guid> subvaultIds);
|
Task UpdateSubvaultsAsync(Guid cipherId, Guid userId, IEnumerable<Guid> subvaultIds);
|
||||||
|
Task UpdateSubvaultsForAdminAsync(Guid cipherId, Guid organizationId, IEnumerable<Guid> subvaultIds);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -11,8 +11,6 @@ namespace Bit.Core.Repositories
|
|||||||
Task<ICollection<SubvaultUser>> GetManyByOrganizationUserIdAsync(Guid orgUserId);
|
Task<ICollection<SubvaultUser>> GetManyByOrganizationUserIdAsync(Guid orgUserId);
|
||||||
Task<ICollection<SubvaultUserSubvaultDetails>> GetManyDetailsByUserIdAsync(Guid userId);
|
Task<ICollection<SubvaultUserSubvaultDetails>> GetManyDetailsByUserIdAsync(Guid userId);
|
||||||
Task<ICollection<SubvaultUserUserDetails>> GetManyDetailsBySubvaultIdAsync(Guid subvaultId);
|
Task<ICollection<SubvaultUserUserDetails>> GetManyDetailsBySubvaultIdAsync(Guid subvaultId);
|
||||||
Task<ICollection<SubvaultUserPermissions>> GetPermissionsByUserIdAsync(Guid userId, IEnumerable<Guid> subvaultIds,
|
|
||||||
Guid organizationId);
|
|
||||||
Task<bool> GetCanEditByUserIdCipherIdAsync(Guid userId, Guid cipherId);
|
Task<bool> GetCanEditByUserIdCipherIdAsync(Guid userId, Guid cipherId);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -69,5 +69,16 @@ namespace Bit.Core.Repositories.SqlServer
|
|||||||
commandType: CommandType.StoredProcedure);
|
commandType: CommandType.StoredProcedure);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public async Task UpdateSubvaultsForAdminAsync(Guid cipherId, Guid organizationId, IEnumerable<Guid> subvaultIds)
|
||||||
|
{
|
||||||
|
using(var connection = new SqlConnection(ConnectionString))
|
||||||
|
{
|
||||||
|
var results = await connection.ExecuteAsync(
|
||||||
|
"[dbo].[SubvaultCipher_UpdateSubvaultsAdmin]",
|
||||||
|
new { CipherId = cipherId, OrganizationId = organizationId, SubvaultIds = subvaultIds.ToGuidIdArrayTVP() },
|
||||||
|
commandType: CommandType.StoredProcedure);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -7,7 +7,6 @@ using System.Data.SqlClient;
|
|||||||
using Dapper;
|
using Dapper;
|
||||||
using System.Linq;
|
using System.Linq;
|
||||||
using Bit.Core.Models.Data;
|
using Bit.Core.Models.Data;
|
||||||
using Bit.Core.Utilities;
|
|
||||||
|
|
||||||
namespace Bit.Core.Repositories.SqlServer
|
namespace Bit.Core.Repositories.SqlServer
|
||||||
{
|
{
|
||||||
@ -60,20 +59,6 @@ namespace Bit.Core.Repositories.SqlServer
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task<ICollection<SubvaultUserPermissions>> GetPermissionsByUserIdAsync(Guid userId,
|
|
||||||
IEnumerable<Guid> subvaultIds, Guid organizationId)
|
|
||||||
{
|
|
||||||
using(var connection = new SqlConnection(ConnectionString))
|
|
||||||
{
|
|
||||||
var results = await connection.QueryAsync<SubvaultUserPermissions>(
|
|
||||||
$"[{Schema}].[SubvaultUser_ReadPermissionsBySubvaultUserId]",
|
|
||||||
new { UserId = userId, SubvaultIds = subvaultIds.ToGuidIdArrayTVP(), OrganizationId = organizationId },
|
|
||||||
commandType: CommandType.StoredProcedure);
|
|
||||||
|
|
||||||
return results.ToList();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public async Task<bool> GetCanEditByUserIdCipherIdAsync(Guid userId, Guid cipherId)
|
public async Task<bool> GetCanEditByUserIdCipherIdAsync(Guid userId, Guid cipherId)
|
||||||
{
|
{
|
||||||
using(var connection = new SqlConnection(ConnectionString))
|
using(var connection = new SqlConnection(ConnectionString))
|
||||||
|
|||||||
@ -14,7 +14,7 @@ namespace Bit.Core.Services
|
|||||||
Task SaveFolderAsync(Folder folder);
|
Task SaveFolderAsync(Folder folder);
|
||||||
Task DeleteFolderAsync(Folder folder);
|
Task DeleteFolderAsync(Folder folder);
|
||||||
Task ShareAsync(Cipher cipher, Guid organizationId, IEnumerable<Guid> subvaultIds, Guid userId);
|
Task ShareAsync(Cipher cipher, Guid organizationId, IEnumerable<Guid> subvaultIds, Guid userId);
|
||||||
Task SaveSubvaultsAsync(Cipher cipher, IEnumerable<Guid> subvaultIds, Guid savingUserId);
|
Task SaveSubvaultsAsync(Cipher cipher, IEnumerable<Guid> subvaultIds, Guid savingUserId, bool orgAdmin);
|
||||||
Task ImportCiphersAsync(List<Folder> folders, List<CipherDetails> ciphers,
|
Task ImportCiphersAsync(List<Folder> folders, List<CipherDetails> ciphers,
|
||||||
IEnumerable<KeyValuePair<int, int>> folderRelationships);
|
IEnumerable<KeyValuePair<int, int>> folderRelationships);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -132,27 +132,17 @@ namespace Bit.Core.Services
|
|||||||
throw new NotFoundException();
|
throw new NotFoundException();
|
||||||
}
|
}
|
||||||
|
|
||||||
// We do not need to check if the user belongs to this organization since this call will return no subvaults
|
// Sproc will not save this UserId on the cipher. It is used limit scope of the subvaultIds.
|
||||||
// and therefore be caught by the .Any() check below.
|
cipher.UserId = sharingUserId;
|
||||||
var subvaultUserDetails = await _subvaultUserRepository.GetPermissionsByUserIdAsync(sharingUserId, subvaultIds,
|
|
||||||
organizationId);
|
|
||||||
|
|
||||||
var writeableSubvaults = subvaultUserDetails.Where(s => !s.ReadOnly).Select(s => s.SubvaultId);
|
|
||||||
if(!writeableSubvaults.Any())
|
|
||||||
{
|
|
||||||
throw new BadRequestException("No subvaults.");
|
|
||||||
}
|
|
||||||
|
|
||||||
cipher.UserId = null;
|
|
||||||
cipher.OrganizationId = organizationId;
|
cipher.OrganizationId = organizationId;
|
||||||
cipher.RevisionDate = DateTime.UtcNow;
|
cipher.RevisionDate = DateTime.UtcNow;
|
||||||
await _cipherRepository.ReplaceAsync(cipher, writeableSubvaults);
|
await _cipherRepository.ReplaceAsync(cipher, subvaultIds);
|
||||||
|
|
||||||
// push
|
// push
|
||||||
//await _pushService.PushSyncCipherUpdateAsync(cipher);
|
//await _pushService.PushSyncCipherUpdateAsync(cipher);
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task SaveSubvaultsAsync(Cipher cipher, IEnumerable<Guid> subvaultIds, Guid savingUserId)
|
public async Task SaveSubvaultsAsync(Cipher cipher, IEnumerable<Guid> subvaultIds, Guid savingUserId, bool orgAdmin)
|
||||||
{
|
{
|
||||||
if(cipher.Id == default(Guid))
|
if(cipher.Id == default(Guid))
|
||||||
{
|
{
|
||||||
@ -164,18 +154,16 @@ namespace Bit.Core.Services
|
|||||||
throw new BadRequestException("Cipher must belong to an organization.");
|
throw new BadRequestException("Cipher must belong to an organization.");
|
||||||
}
|
}
|
||||||
|
|
||||||
// We do not need to check if the user belongs to this organization since this call will return no subvaults
|
// The sprocs will validate that all subvaults belong to this org/user and that they have proper write permissions.
|
||||||
// and therefore be caught by the .Any() check below.
|
if(orgAdmin)
|
||||||
var subvaultUserDetails = await _subvaultUserRepository.GetPermissionsByUserIdAsync(savingUserId, subvaultIds,
|
|
||||||
cipher.OrganizationId.Value);
|
|
||||||
|
|
||||||
var writeableSubvaults = subvaultUserDetails.Where(s => !s.ReadOnly).Select(s => s.SubvaultId);
|
|
||||||
if(!writeableSubvaults.Any())
|
|
||||||
{
|
{
|
||||||
throw new BadRequestException("No subvaults.");
|
await _subvaultCipherRepository.UpdateSubvaultsForAdminAsync(cipher.Id, cipher.OrganizationId.Value,
|
||||||
|
subvaultIds);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
await _subvaultCipherRepository.UpdateSubvaultsAsync(cipher.Id, savingUserId, subvaultIds);
|
||||||
}
|
}
|
||||||
|
|
||||||
await _subvaultCipherRepository.UpdateSubvaultsAsync(cipher.Id, savingUserId, writeableSubvaults);
|
|
||||||
|
|
||||||
// push
|
// push
|
||||||
//await _pushService.PushSyncCipherUpdateAsync(cipher);
|
//await _pushService.PushSyncCipherUpdateAsync(cipher);
|
||||||
|
|||||||
@ -143,7 +143,6 @@
|
|||||||
<Build Include="dbo\Stored Procedures\Subvault_ReadById.sql" />
|
<Build Include="dbo\Stored Procedures\Subvault_ReadById.sql" />
|
||||||
<Build Include="dbo\Stored Procedures\User_UpdateEmailPassword.sql" />
|
<Build Include="dbo\Stored Procedures\User_UpdateEmailPassword.sql" />
|
||||||
<Build Include="dbo\Stored Procedures\Subvault_Update.sql" />
|
<Build Include="dbo\Stored Procedures\Subvault_Update.sql" />
|
||||||
<Build Include="dbo\Stored Procedures\SubvaultUser_ReadPermissionsBySubvaultUserId.sql" />
|
|
||||||
<Build Include="dbo\Stored Procedures\SubvaultCipher_Create.sql" />
|
<Build Include="dbo\Stored Procedures\SubvaultCipher_Create.sql" />
|
||||||
<Build Include="dbo\Stored Procedures\SubvaultCipher_Delete.sql" />
|
<Build Include="dbo\Stored Procedures\SubvaultCipher_Delete.sql" />
|
||||||
<Build Include="dbo\Stored Procedures\Cipher_UpdateWithSubvaults.sql" />
|
<Build Include="dbo\Stored Procedures\Cipher_UpdateWithSubvaults.sql" />
|
||||||
@ -176,5 +175,6 @@
|
|||||||
<Build Include="dbo\User Defined Types\GuidIdArray.sql" />
|
<Build Include="dbo\User Defined Types\GuidIdArray.sql" />
|
||||||
<Build Include="dbo\Stored Procedures\Cipher_ReadByOrganizationId.sql" />
|
<Build Include="dbo\Stored Procedures\Cipher_ReadByOrganizationId.sql" />
|
||||||
<Build Include="dbo\Stored Procedures\SubvaultCipher_ReadByOrganizationId.sql" />
|
<Build Include="dbo\Stored Procedures\SubvaultCipher_ReadByOrganizationId.sql" />
|
||||||
|
<Build Include="dbo\Stored Procedures\SubvaultCipher_UpdateSubvaultsAdmin.sql" />
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
</Project>
|
</Project>
|
||||||
@ -24,21 +24,32 @@ BEGIN
|
|||||||
WHERE
|
WHERE
|
||||||
[Id] = @Id
|
[Id] = @Id
|
||||||
|
|
||||||
MERGE
|
|
||||||
[dbo].[SubvaultCipher] AS [Target]
|
;WITH [AvailableSubvaultsCTE] AS(
|
||||||
USING
|
SELECT
|
||||||
@SubvaultIds AS [Source]
|
SU.SubvaultId
|
||||||
ON
|
FROM
|
||||||
[Target].[SubvaultId] = [Source].[Id]
|
[dbo].[SubvaultUser] SU
|
||||||
AND [Target].[CipherId] = @Id
|
INNER JOIN
|
||||||
WHEN NOT MATCHED BY TARGET THEN
|
[dbo].[OrganizationUser] OU ON OU.[Id] = SU.[OrganizationUserId]
|
||||||
INSERT VALUES
|
INNER JOIN
|
||||||
(
|
[dbo].[Organization] O ON O.[Id] = OU.[OrganizationId]
|
||||||
[Source].[Id],
|
WHERE
|
||||||
@Id
|
OU.[UserId] = @UserId
|
||||||
)
|
AND SU.[ReadOnly] = 0
|
||||||
WHEN NOT MATCHED BY SOURCE
|
AND OU.[Status] = 2 -- Confirmed
|
||||||
AND [Target].[CipherId] = @Id THEN
|
AND O.[Enabled] = 1
|
||||||
DELETE
|
)
|
||||||
;
|
INSERT INTO [dbo].[SubvaultCipher]
|
||||||
|
(
|
||||||
|
[SubvaultId],
|
||||||
|
[CipherId]
|
||||||
|
)
|
||||||
|
SELECT
|
||||||
|
Id,
|
||||||
|
@Id
|
||||||
|
FROM
|
||||||
|
@SubvaultIds
|
||||||
|
WHERE
|
||||||
|
Id IN (SELECT SubvaultId FROM [AvailableSubvaultsCTE])
|
||||||
END
|
END
|
||||||
@ -0,0 +1,35 @@
|
|||||||
|
CREATE PROCEDURE [dbo].[SubvaultCipher_UpdateSubvaultsAdmin]
|
||||||
|
@CipherId UNIQUEIDENTIFIER,
|
||||||
|
@OrganizationId UNIQUEIDENTIFIER,
|
||||||
|
@SubvaultIds AS [dbo].[GuidIdArray] READONLY
|
||||||
|
AS
|
||||||
|
BEGIN
|
||||||
|
SET NOCOUNT ON
|
||||||
|
|
||||||
|
;WITH [AvailableSubvaultsCTE] AS(
|
||||||
|
SELECT
|
||||||
|
Id
|
||||||
|
FROM
|
||||||
|
[dbo].[Subvault]
|
||||||
|
WHERE
|
||||||
|
OrganizationId = @OrganizationId
|
||||||
|
)
|
||||||
|
MERGE
|
||||||
|
[dbo].[SubvaultCipher] AS [Target]
|
||||||
|
USING
|
||||||
|
@SubvaultIds AS [Source]
|
||||||
|
ON
|
||||||
|
[Target].[SubvaultId] = [Source].[Id]
|
||||||
|
AND [Target].[CipherId] = @CipherId
|
||||||
|
WHEN NOT MATCHED BY TARGET
|
||||||
|
AND [Source].[Id] IN (SELECT [SubvaultId] FROM [AvailableSubvaultsCTE]) THEN
|
||||||
|
INSERT VALUES
|
||||||
|
(
|
||||||
|
[Source].[Id],
|
||||||
|
@CipherId
|
||||||
|
)
|
||||||
|
WHEN NOT MATCHED BY SOURCE
|
||||||
|
AND [Target].[CipherId] = @CipherId THEN
|
||||||
|
DELETE
|
||||||
|
;
|
||||||
|
END
|
||||||
@ -1,21 +0,0 @@
|
|||||||
CREATE PROCEDURE [dbo].[SubvaultUser_ReadPermissionsBySubvaultUserId]
|
|
||||||
@UserId UNIQUEIDENTIFIER,
|
|
||||||
@SubvaultIds AS [dbo].[GuidIdArray] READONLY,
|
|
||||||
@OrganizationId UNIQUEIDENTIFIER
|
|
||||||
AS
|
|
||||||
BEGIN
|
|
||||||
SET NOCOUNT ON
|
|
||||||
|
|
||||||
SELECT
|
|
||||||
SU.[SubvaultId],
|
|
||||||
SU.[ReadOnly]
|
|
||||||
FROM
|
|
||||||
[dbo].[SubvaultUser] SU
|
|
||||||
INNER JOIN
|
|
||||||
[dbo].[OrganizationUser] OU ON OU.Id = SU.OrganizationUserId
|
|
||||||
WHERE
|
|
||||||
OU.[UserId] = @UserId
|
|
||||||
AND OU.[OrganizationId] = @OrganizationId
|
|
||||||
AND OU.[Status] = 2 -- 2 = Confirmed
|
|
||||||
AND SU.[SubvaultId] IN (SELECT [Id] FROM @SubvaultIds)
|
|
||||||
END
|
|
||||||
Loading…
Reference in New Issue
Block a user