src/Api/Vault/Controllers/SecurityTaskController.cs

using Bit.Api.Models.Response;
using Bit.Api.Vault.Models.Response;
using Bit.Core;
using Bit.Core.Services;
using Bit.Core.Utilities;
using Bit.Core.Vault.Commands.Interfaces;
using Bit.Core.Vault.Enums;
using Bit.Core.Vault.Queries;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

namespace Bit.Api.Vault.Controllers;

[Route("tasks")]
[Authorize("Application")]
[RequireFeature(FeatureFlagKeys.SecurityTasks)]
public class SecurityTaskController : Controller
{
    private readonly IUserService _userService;
    private readonly IGetTaskDetailsForUserQuery _getTaskDetailsForUserQuery;
    private readonly IMarkTaskAsCompleteCommand _markTaskAsCompleteCommand;
    private readonly IGetTasksForOrganizationQuery _getTasksForOrganizationQuery;

    public SecurityTaskController(
        IUserService userService,
        IGetTaskDetailsForUserQuery getTaskDetailsForUserQuery,
        IMarkTaskAsCompleteCommand markTaskAsCompleteCommand,
        IGetTasksForOrganizationQuery getTasksForOrganizationQuery)
    {
        _userService = userService;
        _getTaskDetailsForUserQuery = getTaskDetailsForUserQuery;
        _markTaskAsCompleteCommand = markTaskAsCompleteCommand;
        _getTasksForOrganizationQuery = getTasksForOrganizationQuery;
    }

    /// <summary>
    /// Retrieves security tasks for the current user.
    /// </summary>
    /// <param name="status">Optional filter for task status. If not provided returns tasks of all statuses.</param>
    /// <returns>A list response model containing the security tasks for the user.</returns>
    [HttpGet("")]
    public async Task<ListResponseModel<SecurityTasksResponseModel>> Get([FromQuery] SecurityTaskStatus? status)
    {
        var userId = _userService.GetProperUserId(User).Value;
        var securityTasks = await _getTaskDetailsForUserQuery.GetTaskDetailsForUserAsync(userId, status);
        var response = securityTasks.Select(x => new SecurityTasksResponseModel(x)).ToList();
        return new ListResponseModel<SecurityTasksResponseModel>(response);
    }

    /// <summary>
    /// Marks a task as complete. The user must have edit permission on the cipher associated with the task.
    /// </summary>
    /// <param name="taskId">The unique identifier of the task to complete</param>
    [HttpPatch("{taskId:guid}/complete")]
    public async Task<IActionResult> Complete(Guid taskId)
    {
        await _markTaskAsCompleteCommand.CompleteAsync(taskId);
        return NoContent();
    }

    /// <summary>
    /// Retrieves security tasks for an organization. Restricted to organization administrators.
    /// </summary>
    /// <param name="organizationId">The organization Id</param>
    /// <param name="status">Optional filter for task status. If not provided, returns tasks of all statuses.</param>
    [HttpGet("organization")]
    public async Task<ListResponseModel<SecurityTasksResponseModel>> ListForOrganization(
        [FromQuery] Guid organizationId, [FromQuery] SecurityTaskStatus? status)
    {
        var securityTasks = await _getTasksForOrganizationQuery.GetTasksAsync(organizationId, status);
        var response = securityTasks.Select(x => new SecurityTasksResponseModel(x)).ToList();
        return new ListResponseModel<SecurityTasksResponseModel>(response);
    }
}
-												[PM-14376] Add GET tasks endpoint (#5089)

* Added CQRS pattern

* Added the GetManyByUserIdAsync signature to the repositiory

* Added sql sproc

Created user defined type to hold status

Created migration file

* Added ef core query

* Added absract and concrete implementation for GetManyByUserIdStatusAsync

* Added integration tests

* Updated params to status

* Implemented new query to utilize repository method

* Added controller for the security task endpoint

* Fixed lint issues

* Added documentation

* simplified to require single status

modified script to check for users with edit rights

* Updated ef core query

* Added new assertions

* simplified to require single status

* fixed formatting

* Fixed sql script

* Removed default null

* Added security tasks feature flag
											
										
										
											2024-12-12 14:27:31 -05:00
+								using Bit.Api.Models.Response;
 								using Bit.Api.Vault.Models.Response;
 								using Bit.Core;
 								using Bit.Core.Services;
 								using Bit.Core.Utilities;
-												[PM-14377] Add PATCH complete endpoint (#5100)

* Added CQRS pattern

* Added the GetManyByUserIdAsync signature to the repositiory

* Added sql sproc

Created user defined type to hold status

Created migration file

* Added ef core query

* Added absract and concrete implementation for GetManyByUserIdStatusAsync

* Added integration tests

* Updated params to status

* Implemented new query to utilize repository method

* Added controller for the security task endpoint

* Fixed lint issues

* Added documentation

* simplified to require single status

modified script to check for users with edit rights

* Updated ef core query

* Added new assertions

* simplified to require single status

* fixed formatting

* Fixed sql script

* Removed default null

* Added OperationAuthorizationRequirement for secruity task

* Added and registered MarkTaskAsCompletedCommand

* Added unit tests for the command

* Added complete endpoint

* removed false value
											
										
										
											2024-12-13 14:50:20 -05:00
+								using Bit.Core.Vault.Commands.Interfaces;
-												[PM-14376] Add GET tasks endpoint (#5089)

* Added CQRS pattern

* Added the GetManyByUserIdAsync signature to the repositiory

* Added sql sproc

Created user defined type to hold status

Created migration file

* Added ef core query

* Added absract and concrete implementation for GetManyByUserIdStatusAsync

* Added integration tests

* Updated params to status

* Implemented new query to utilize repository method

* Added controller for the security task endpoint

* Fixed lint issues

* Added documentation

* simplified to require single status

modified script to check for users with edit rights

* Updated ef core query

* Added new assertions

* simplified to require single status

* fixed formatting

* Fixed sql script

* Removed default null

* Added security tasks feature flag
											
										
										
											2024-12-12 14:27:31 -05:00
+								using Bit.Core.Vault.Enums;
 								using Bit.Core.Vault.Queries;
 								using Microsoft.AspNetCore.Authorization;
 								using Microsoft.AspNetCore.Mvc;
 								namespace Bit.Api.Vault.Controllers;
 								[Route("tasks")]
 								[Authorize("Application")]
 								[RequireFeature(FeatureFlagKeys.SecurityTasks)]
 								public class SecurityTaskController : Controller
 								{
 								    private readonly IUserService _userService;
 								    private readonly IGetTaskDetailsForUserQuery _getTaskDetailsForUserQuery;
-												[PM-14377] Add PATCH complete endpoint (#5100)

* Added CQRS pattern

* Added the GetManyByUserIdAsync signature to the repositiory

* Added sql sproc

Created user defined type to hold status

Created migration file

* Added ef core query

* Added absract and concrete implementation for GetManyByUserIdStatusAsync

* Added integration tests

* Updated params to status

* Implemented new query to utilize repository method

* Added controller for the security task endpoint

* Fixed lint issues

* Added documentation

* simplified to require single status

modified script to check for users with edit rights

* Updated ef core query

* Added new assertions

* simplified to require single status

* fixed formatting

* Fixed sql script

* Removed default null

* Added OperationAuthorizationRequirement for secruity task

* Added and registered MarkTaskAsCompletedCommand

* Added unit tests for the command

* Added complete endpoint

* removed false value
											
										
										
											2024-12-13 14:50:20 -05:00
+								    private readonly IMarkTaskAsCompleteCommand _markTaskAsCompleteCommand;
-												[PM-14380] Add GET /tasks/organization endpoint (#5149)

* [PM-14380] Add GetManyByOrganizationIdStatusAsync to SecurityTaskRepository

* [PM-14380] Introduce IGetTasksForOrganizationQuery

* [PM-14380] Add /tasks/organization endpoint

* [PM-14380] Add unit tests

* [PM-14380] Formatting

* [PM-14380] Bump migration script date

* [PM-14380] Bump migration script date
											
										
										
											2025-01-09 12:40:12 -08:00
+								    private readonly IGetTasksForOrganizationQuery _getTasksForOrganizationQuery;
-												[PM-14376] Add GET tasks endpoint (#5089)

* Added CQRS pattern

* Added the GetManyByUserIdAsync signature to the repositiory

* Added sql sproc

Created user defined type to hold status

Created migration file

* Added ef core query

* Added absract and concrete implementation for GetManyByUserIdStatusAsync

* Added integration tests

* Updated params to status

* Implemented new query to utilize repository method

* Added controller for the security task endpoint

* Fixed lint issues

* Added documentation

* simplified to require single status

modified script to check for users with edit rights

* Updated ef core query

* Added new assertions

* simplified to require single status

* fixed formatting

* Fixed sql script

* Removed default null

* Added security tasks feature flag
											
										
										
											2024-12-12 14:27:31 -05:00
-												[PM-14377] Add PATCH complete endpoint (#5100)

* Added CQRS pattern

* Added the GetManyByUserIdAsync signature to the repositiory

* Added sql sproc

Created user defined type to hold status

Created migration file

* Added ef core query

* Added absract and concrete implementation for GetManyByUserIdStatusAsync

* Added integration tests

* Updated params to status

* Implemented new query to utilize repository method

* Added controller for the security task endpoint

* Fixed lint issues

* Added documentation

* simplified to require single status

modified script to check for users with edit rights

* Updated ef core query

* Added new assertions

* simplified to require single status

* fixed formatting

* Fixed sql script

* Removed default null

* Added OperationAuthorizationRequirement for secruity task

* Added and registered MarkTaskAsCompletedCommand

* Added unit tests for the command

* Added complete endpoint

* removed false value
											
										
										
											2024-12-13 14:50:20 -05:00
+								    public SecurityTaskController(
 								        IUserService userService,
 								        IGetTaskDetailsForUserQuery getTaskDetailsForUserQuery,
-												[PM-14380] Add GET /tasks/organization endpoint (#5149)

* [PM-14380] Add GetManyByOrganizationIdStatusAsync to SecurityTaskRepository

* [PM-14380] Introduce IGetTasksForOrganizationQuery

* [PM-14380] Add /tasks/organization endpoint

* [PM-14380] Add unit tests

* [PM-14380] Formatting

* [PM-14380] Bump migration script date

* [PM-14380] Bump migration script date
											
										
										
											2025-01-09 12:40:12 -08:00
+								        IMarkTaskAsCompleteCommand markTaskAsCompleteCommand,
 								        IGetTasksForOrganizationQuery getTasksForOrganizationQuery)
-												[PM-14376] Add GET tasks endpoint (#5089)

* Added CQRS pattern

* Added the GetManyByUserIdAsync signature to the repositiory

* Added sql sproc

Created user defined type to hold status

Created migration file

* Added ef core query

* Added absract and concrete implementation for GetManyByUserIdStatusAsync

* Added integration tests

* Updated params to status

* Implemented new query to utilize repository method

* Added controller for the security task endpoint

* Fixed lint issues

* Added documentation

* simplified to require single status

modified script to check for users with edit rights

* Updated ef core query

* Added new assertions

* simplified to require single status

* fixed formatting

* Fixed sql script

* Removed default null

* Added security tasks feature flag
											
										
										
											2024-12-12 14:27:31 -05:00
+								    {
 								        _userService = userService;
 								        _getTaskDetailsForUserQuery = getTaskDetailsForUserQuery;
-												[PM-14377] Add PATCH complete endpoint (#5100)

* Added CQRS pattern

* Added the GetManyByUserIdAsync signature to the repositiory

* Added sql sproc

Created user defined type to hold status

Created migration file

* Added ef core query

* Added absract and concrete implementation for GetManyByUserIdStatusAsync

* Added integration tests

* Updated params to status

* Implemented new query to utilize repository method

* Added controller for the security task endpoint

* Fixed lint issues

* Added documentation

* simplified to require single status

modified script to check for users with edit rights

* Updated ef core query

* Added new assertions

* simplified to require single status

* fixed formatting

* Fixed sql script

* Removed default null

* Added OperationAuthorizationRequirement for secruity task

* Added and registered MarkTaskAsCompletedCommand

* Added unit tests for the command

* Added complete endpoint

* removed false value
											
										
										
											2024-12-13 14:50:20 -05:00
+								        _markTaskAsCompleteCommand = markTaskAsCompleteCommand;
-												[PM-14380] Add GET /tasks/organization endpoint (#5149)

* [PM-14380] Add GetManyByOrganizationIdStatusAsync to SecurityTaskRepository

* [PM-14380] Introduce IGetTasksForOrganizationQuery

* [PM-14380] Add /tasks/organization endpoint

* [PM-14380] Add unit tests

* [PM-14380] Formatting

* [PM-14380] Bump migration script date

* [PM-14380] Bump migration script date
											
										
										
											2025-01-09 12:40:12 -08:00
+								        _getTasksForOrganizationQuery = getTasksForOrganizationQuery;
-												[PM-14376] Add GET tasks endpoint (#5089)

* Added CQRS pattern

* Added the GetManyByUserIdAsync signature to the repositiory

* Added sql sproc

Created user defined type to hold status

Created migration file

* Added ef core query

* Added absract and concrete implementation for GetManyByUserIdStatusAsync

* Added integration tests

* Updated params to status

* Implemented new query to utilize repository method

* Added controller for the security task endpoint

* Fixed lint issues

* Added documentation

* simplified to require single status

modified script to check for users with edit rights

* Updated ef core query

* Added new assertions

* simplified to require single status

* fixed formatting

* Fixed sql script

* Removed default null

* Added security tasks feature flag
											
										
										
											2024-12-12 14:27:31 -05:00
+								    }
 								    /// <summary>
 								    /// Retrieves security tasks for the current user.
 								    /// </summary>
 								    /// <param name="status">Optional filter for task status. If not provided returns tasks of all statuses.</param>
 								    /// <returns>A list response model containing the security tasks for the user.</returns>
 								    [HttpGet("")]
 								    public async Task<ListResponseModel<SecurityTasksResponseModel>> Get([FromQuery] SecurityTaskStatus? status)
 								    {
 								        var userId = _userService.GetProperUserId(User).Value;
 								        var securityTasks = await _getTaskDetailsForUserQuery.GetTaskDetailsForUserAsync(userId, status);
 								        var response = securityTasks.Select(x => new SecurityTasksResponseModel(x)).ToList();
 								        return new ListResponseModel<SecurityTasksResponseModel>(response);
 								    }
-												[PM-14377] Add PATCH complete endpoint (#5100)

* Added CQRS pattern

* Added the GetManyByUserIdAsync signature to the repositiory

* Added sql sproc

Created user defined type to hold status

Created migration file

* Added ef core query

* Added absract and concrete implementation for GetManyByUserIdStatusAsync

* Added integration tests

* Updated params to status

* Implemented new query to utilize repository method

* Added controller for the security task endpoint

* Fixed lint issues

* Added documentation

* simplified to require single status

modified script to check for users with edit rights

* Updated ef core query

* Added new assertions

* simplified to require single status

* fixed formatting

* Fixed sql script

* Removed default null

* Added OperationAuthorizationRequirement for secruity task

* Added and registered MarkTaskAsCompletedCommand

* Added unit tests for the command

* Added complete endpoint

* removed false value
											
										
										
											2024-12-13 14:50:20 -05:00
 								    /// <summary>
 								    /// Marks a task as complete. The user must have edit permission on the cipher associated with the task.
 								    /// </summary>
 								    /// <param name="taskId">The unique identifier of the task to complete</param>
 								    [HttpPatch("{taskId:guid}/complete")]
 								    public async Task<IActionResult> Complete(Guid taskId)
 								    {
 								        await _markTaskAsCompleteCommand.CompleteAsync(taskId);
 								        return NoContent();
 								    }
-												[PM-14380] Add GET /tasks/organization endpoint (#5149)

* [PM-14380] Add GetManyByOrganizationIdStatusAsync to SecurityTaskRepository

* [PM-14380] Introduce IGetTasksForOrganizationQuery

* [PM-14380] Add /tasks/organization endpoint

* [PM-14380] Add unit tests

* [PM-14380] Formatting

* [PM-14380] Bump migration script date

* [PM-14380] Bump migration script date
											
										
										
											2025-01-09 12:40:12 -08:00
 								    /// <summary>
 								    /// Retrieves security tasks for an organization. Restricted to organization administrators.
 								    /// </summary>
 								    /// <param name="organizationId">The organization Id</param>
 								    /// <param name="status">Optional filter for task status. If not provided, returns tasks of all statuses.</param>
 								    [HttpGet("organization")]
 								    public async Task<ListResponseModel<SecurityTasksResponseModel>> ListForOrganization(
 								        [FromQuery] Guid organizationId, [FromQuery] SecurityTaskStatus? status)
 								    {
 								        var securityTasks = await _getTasksForOrganizationQuery.GetTasksAsync(organizationId, status);
 								        var response = securityTasks.Select(x => new SecurityTasksResponseModel(x)).ToList();
 								        return new ListResponseModel<SecurityTasksResponseModel>(response);
 								    }
-												[PM-14376] Add GET tasks endpoint (#5089)

* Added CQRS pattern

* Added the GetManyByUserIdAsync signature to the repositiory

* Added sql sproc

Created user defined type to hold status

Created migration file

* Added ef core query

* Added absract and concrete implementation for GetManyByUserIdStatusAsync

* Added integration tests

* Updated params to status

* Implemented new query to utilize repository method

* Added controller for the security task endpoint

* Fixed lint issues

* Added documentation

* simplified to require single status

modified script to check for users with edit rights

* Updated ef core query

* Added new assertions

* simplified to require single status

* fixed formatting

* Fixed sql script

* Removed default null

* Added security tasks feature flag
											
										
										
											2024-12-12 14:27:31 -05:00
+								}