src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/GetOrganizationUsersManagementStatusQuery.cs

using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
using Bit.Core.Repositories;
using Bit.Core.Services;

namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers;

public class GetOrganizationUsersManagementStatusQuery : IGetOrganizationUsersManagementStatusQuery
{
    private readonly IApplicationCacheService _applicationCacheService;
    private readonly IOrganizationUserRepository _organizationUserRepository;

    public GetOrganizationUsersManagementStatusQuery(
        IApplicationCacheService applicationCacheService,
        IOrganizationUserRepository organizationUserRepository)
    {
        _applicationCacheService = applicationCacheService;
        _organizationUserRepository = organizationUserRepository;
    }

    public async Task<IDictionary<Guid, bool>> GetUsersOrganizationManagementStatusAsync(Guid organizationId, IEnumerable<Guid> organizationUserIds)
    {
        if (organizationUserIds.Any())
        {
            // Users can only be managed by an Organization that is enabled and can have organization domains
            var organizationAbility = await _applicationCacheService.GetOrganizationAbilityAsync(organizationId);

            // TODO: Replace "UseSso" with a new organization ability like "UseOrganizationDomains" (PM-11622).
            // Verified domains were tied to SSO, so we currently check the "UseSso" organization ability.
            if (organizationAbility is { Enabled: true, UseSso: true })
            {
                // Get all organization users with claimed domains by the organization
                var organizationUsersWithClaimedDomain = await _organizationUserRepository.GetManyByOrganizationWithClaimedDomainsAsync(organizationId);

                // Create a dictionary with the OrganizationUserId and a boolean indicating if the user is managed by the organization
                return organizationUserIds.ToDictionary(ouId => ouId, ouId => organizationUsersWithClaimedDomain.Any(ou => ou.Id == ouId));
            }
        }

        return organizationUserIds.ToDictionary(ouId => ouId, _ => false);
    }
}
-												[PM-10311] Account Management: Create helper methods for checking against verified domains (#4636)

* Add HasVerifiedDomainsAsync method to IOrganizationDomainService

* Add GetManagedUserIdsByOrganizationIdAsync method to IOrganizationUserRepository and the corresponding queries

* Fix case on the sproc OrganizationUser_ReadManagedIdsByOrganizationId parameter

* Update the EF query to use the Email from the User table

* dotnet format

* Fix IOrganizationDomainService.HasVerifiedDomainsAsync by checking that domains have been Verified and add unit tests

* Rename IOrganizationUserRepository.GetManagedUserIdsByOrganizationAsync

* Fix domain queries

* Add OrganizationUserRepository integration tests

* Add summary to IOrganizationDomainService.HasVerifiedDomainsAsync

* chore: Rename IOrganizationUserRepository.GetManagedUserIdsByOrganizationAsync to GetManyIdsManagedByOrganizationIdAsync

* Add IsManagedByAnyOrganizationAsync method to IUserRepository

* Add integration tests for UserRepository.IsManagedByAnyOrganizationAsync

* Refactor to IUserService.IsManagedByAnyOrganizationAsync and IOrganizationService.GetUsersOrganizationManagementStatusAsync

* chore: Refactor IsManagedByAnyOrganizationAsync method in UserService

* Refactor IOrganizationService.GetUsersOrganizationManagementStatusAsync to return IDictionary<Guid, bool>

* Extract IOrganizationService.GetUsersOrganizationManagementStatusAsync into a query

* Update comments in OrganizationDomainService to use proper capitalization

* Move OrganizationDomainService to AdminConsole ownership and update namespace

* feat: Add support for organization domains in enterprise plans

* feat: Add HasOrganizationDomains property to OrganizationAbility class

* refactor: Update GetOrganizationUsersManagementStatusQuery to use IApplicationCacheService

* Remove HasOrganizationDomains and use UseSso to check if Organization can have Verified Domains

* Refactor UserService.IsManagedByAnyOrganizationAsync to simply check the UseSso flag

* Add TODO comment for replacing 'UseSso' organization ability on user verified domain checks

* Bump date on migration script

* Add indexes to OrganizationDomain table

* Bump script migration date; Remove WITH ONLINE = ON from data migration.
											
										
										
											2024-09-11 11:29:57 +01:00
+								using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
 								using Bit.Core.Repositories;
 								using Bit.Core.Services;
 								namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers;
 								public class GetOrganizationUsersManagementStatusQuery : IGetOrganizationUsersManagementStatusQuery
 								{
 								    private readonly IApplicationCacheService _applicationCacheService;
 								    private readonly IOrganizationUserRepository _organizationUserRepository;
 								    public GetOrganizationUsersManagementStatusQuery(
 								        IApplicationCacheService applicationCacheService,
 								        IOrganizationUserRepository organizationUserRepository)
 								    {
 								        _applicationCacheService = applicationCacheService;
 								        _organizationUserRepository = organizationUserRepository;
 								    }
 								    public async Task<IDictionary<Guid, bool>> GetUsersOrganizationManagementStatusAsync(Guid organizationId, IEnumerable<Guid> organizationUserIds)
 								    {
 								        if (organizationUserIds.Any())
 								        {
 								            // Users can only be managed by an Organization that is enabled and can have organization domains
 								            var organizationAbility = await _applicationCacheService.GetOrganizationAbilityAsync(organizationId);
 								            // TODO: Replace "UseSso" with a new organization ability like "UseOrganizationDomains" (PM-11622).
 								            // Verified domains were tied to SSO, so we currently check the "UseSso" organization ability.
 								            if (organizationAbility is { Enabled: true, UseSso: true })
 								            {
 								                // Get all organization users with claimed domains by the organization
 								                var organizationUsersWithClaimedDomain = await _organizationUserRepository.GetManyByOrganizationWithClaimedDomainsAsync(organizationId);
 								                // Create a dictionary with the OrganizationUserId and a boolean indicating if the user is managed by the organization
 								                return organizationUserIds.ToDictionary(ouId => ouId, ouId => organizationUsersWithClaimedDomain.Any(ou => ou.Id == ouId));
 								            }
 								        }
 								        return organizationUserIds.ToDictionary(ouId => ouId, _ => false);
 								    }
 								}