Disable policies for organization when plan no longer supports it or policy checkbox is deselected (#4763)

2024-11-21 12:05:42 +01:00 · 2024-09-23 07:51:36 -04:00 · 2024-09-23 07:51:36 -04:00 · fd8c1aae02
commit fd8c1aae02
parent 917658520c
1 changed files with 26 additions and 1 deletions
--- a/src/Admin/AdminConsole/Controllers/OrganizationsController.cs
+++ b/src/Admin/AdminConsole/Controllers/OrganizationsController.cs
@ -7,6 +7,7 @@ using Bit.Core;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Providers.Interfaces;
 using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.AdminConsole.Services;
 using Bit.Core.Billing.Extensions;
 using Bit.Core.Billing.Services;
 using Bit.Core.Context;
@ -56,6 +57,7 @@ public class OrganizationsController : Controller
    private readonly IRemoveOrganizationFromProviderCommand _removeOrganizationFromProviderCommand;
    private readonly IFeatureService _featureService;
    private readonly IProviderBillingService _providerBillingService;
+    private readonly IPolicyService _policyService;

    public OrganizationsController(
        IOrganizationService organizationService,
@ -82,7 +84,8 @@ public class OrganizationsController : Controller
        IProviderOrganizationRepository providerOrganizationRepository,
        IRemoveOrganizationFromProviderCommand removeOrganizationFromProviderCommand,
        IFeatureService featureService,
-        IProviderBillingService providerBillingService)
+        IProviderBillingService providerBillingService,
+        IPolicyService policyService)
    {
        _organizationService = organizationService;
        _organizationRepository = organizationRepository;
@ -109,6 +112,7 @@ public class OrganizationsController : Controller
        _removeOrganizationFromProviderCommand = removeOrganizationFromProviderCommand;
        _featureService = featureService;
        _providerBillingService = providerBillingService;
+        _policyService = policyService;
    }

    [RequirePermission(Permission.Org_List_View)]
@ -436,6 +440,13 @@ public class OrganizationsController : Controller
            organization.MaxAutoscaleSmServiceAccounts = model.MaxAutoscaleSmServiceAccounts;
        }

+        var plan = StaticStore.GetPlan(organization.PlanType);
+
+        if (!organization.UsePolicies || !plan.HasPolicies)
+        {
+            await DisableOrganizationPoliciesAsync(organization.Id);
+        }
+
        if (_accessControlService.UserHasPermission(Permission.Org_Licensing_Edit))
        {
            organization.LicenseKey = model.LicenseKey;
@ -452,4 +463,18 @@ public class OrganizationsController : Controller

        return organization;
    }
+
+    private async Task DisableOrganizationPoliciesAsync(Guid organizationId)
+    {
+        var policies = await _policyRepository.GetManyByOrganizationIdAsync(organizationId);
+
+        if (policies.Count != 0)
+        {
+            await Task.WhenAll(policies.Select(async policy =>
+            {
+                policy.Enabled = false;
+                await _policyService.SaveAsync(policy, _userService, _organizationService, null);
+            }));
+        }
+    }
 }