mirror of
https://github.com/bitwarden/server.git
synced 2026-02-01 22:53:12 +08:00
da4a86c643
* [AC-1117] Add manage permission (#3126) * Update sql files to add Manage permission * Add migration script * Rename collection manage migration file to remove duplicate migration date * Migrations * Add manage to models * Add manage to repository * Add constraint to Manage columns * Migration lint fixes * Add manage to OrganizationUserUserDetails_ReadWithCollectionsById * Add missing manage fields * Add 'Manage' to UserCollectionDetails * Use CREATE OR ALTER where possible * [AC-1374] Limit collection creation/deletion to Owner/Admin (#3145) * feat: update org table with new column, write migration, refs AC-1374 * feat: update views with new column, refs AC-1374 * feat: Alter sprocs (org create/update) to include new column, refs AC-1374 * feat: update entity/data/request/response models to handle new column, refs AC-1374 * feat: update necessary Provider related views during migration, refs AC-1374 * fix: update org create to default new column to false, refs AC-1374 * feat: added new API/request model for collection management and removed property from update request model, refs AC-1374 * fix: renamed migration script to be after secrets manage beta column changes, refs AC-1374 * fix: dotnet format, refs AC-1374 * feat: add ef migrations to reflect mssql changes, refs AC-1374 * fix: dotnet format, refs AC-1374 * feat: update API signature to accept Guid and explain Cd verbiage, refs AC-1374 * fix: merge conflict resolution * [AC-1174] CollectionUser and CollectionGroup authorization handlers (#3194) * [AC-1174] Introduce BulkAuthorizationHandler.cs * [AC-1174] Introduce CollectionUserAuthorizationHandler * [AC-1174] Add CreateForNewCollection CollectionUser requirement * [AC-1174] Add some more details to CollectionCustomization * [AC-1174] Formatting * [AC-1174] Add CollectionGroupOperation.cs * [AC-1174] Introduce CollectionGroupAuthorizationHandler.cs * [AC-1174] Cleanup CollectionFixture customization Implement and use re-usable extension method to support seeded Guids * [AC-1174] Introduce WithValueFromList AutoFixtureExtensions Modify CollectionCustomization to use multiple organization Ids for auto generated test data * [AC-1174] Simplify CollectionUserAuthorizationHandler.cs Modify the authorization handler to only perform authorization logic. Validation logic will need to be handled by any calling commands/controllers instead. * [AC-1174] Introduce shared CollectionAccessAuthorizationHandlerBase A shared base authorization handler was created for both CollectionUser and CollectionGroup resources, as they share the same underlying management authorization logic. * [AC-1174] Update CollectionUserAuthorizationHandler and CollectionGroupAuthorizationHandler to use the new CollectionAccessAuthorizationHandlerBase class * [AC-1174] Formatting * [AC-1174] Cleanup typo and redundant ToList() call * [AC-1174] Add check for provider users * [AC-1174] Reduce nested loops * [AC-1174] Introduce ICollectionAccess.cs * [AC-1174] Remove individual CollectionGroup and CollectionUser auth handlers and use base class instead * [AC-1174] Tweak unit test to fail minimally * [AC-1174] Reorganize authorization handlers in Core project * [AC-1174] Introduce new AddCoreAuthorizationHandlers() extension method * [AC-1174] Move CollectionAccessAuthorizationHandler into Api project * [AC-1174] Move CollectionFixture to Vault folder * [AC-1174] Rename operation to CreateUpdateDelete * [AC-1174] Require single organization for collection access authorization handler - Add requirement that all target collections must belong to the same organization - Simplify logic related to multiple organizations - Update tests and helpers - Use ToHashSet to improve lookup time * [AC-1174] Fix null reference exception * [AC-1174] Throw bad request exception when collections belong to different organizations * [AC-1174] Switch to CollectionAuthorizationHandler instead of CollectionAccessAuthorizationHandler to reduce complexity * Fix improper merge conflict resolution * fix: add permission check for collection management api, refs AC-1647 (#3252) * [AC-1125] Enforce org setting for creating/deleting collections (#3241) * [AC-1117] Add manage permission (#3126) * Update sql files to add Manage permission * Add migration script * Rename collection manage migration file to remove duplicate migration date * Migrations * Add manage to models * Add manage to repository * Add constraint to Manage columns * Migration lint fixes * Add manage to OrganizationUserUserDetails_ReadWithCollectionsById * Add missing manage fields * Add 'Manage' to UserCollectionDetails * Use CREATE OR ALTER where possible * [AC-1374] Limit collection creation/deletion to Owner/Admin (#3145) * feat: update org table with new column, write migration, refs AC-1374 * feat: update views with new column, refs AC-1374 * feat: Alter sprocs (org create/update) to include new column, refs AC-1374 * feat: update entity/data/request/response models to handle new column, refs AC-1374 * feat: update necessary Provider related views during migration, refs AC-1374 * fix: update org create to default new column to false, refs AC-1374 * feat: added new API/request model for collection management and removed property from update request model, refs AC-1374 * fix: renamed migration script to be after secrets manage beta column changes, refs AC-1374 * fix: dotnet format, refs AC-1374 * feat: add ef migrations to reflect mssql changes, refs AC-1374 * fix: dotnet format, refs AC-1374 * feat: update API signature to accept Guid and explain Cd verbiage, refs AC-1374 * feat: created collection auth handler/operations, added LimitCollectionCdOwnerAdmin to CurrentContentOrganization, refs AC-1125 * feat: create vault service collection extensions and register with base services, refs AC-1125 * feat: deprecated CurrentContext.CreateNewCollections, refs AC-1125 * feat: deprecate DeleteAnyCollection for single resource usages, refs AC-1125 * feat: move service registration to api, update references, refs AC-1125 * feat: add bulk delete authorization handler, refs AC-1125 * feat: always assign user and give manage access on create, refs AC-1125 * fix: updated CurrentContextOrganization type, refs AC-1125 * feat: combined existing collection authorization handlers/operations, refs AC-1125 * fix: OrganizationServiceTests -> CurrentContentOrganization typo, refs AC-1125 * fix: format, refs AC-1125 * fix: update collection controller tests, refs AC-1125 * fix: dotnet format, refs AC-1125 * feat: removed extra BulkAuthorizationHandler, refs AC-1125 * fix: dotnet format, refs AC-1125 * fix: change string to guid for org id, update bulk delete request model, refs AC-1125 * fix: remove delete many collection check, refs AC-1125 * fix: clean up collection auth handler, refs AC-1125 * fix: format fix for CollectionOperations, refs AC-1125 * fix: removed unnecessary owner check, add org null check to custom permission validation, refs AC-1125 * fix: remove unused methods in CurrentContext, refs AC-1125 * fix: removed obsolete test, fixed failling delete many test, refs AC-1125 * fix: CollectionAuthorizationHandlerTests fixes, refs AC-1125 * fix: OrganizationServiceTests fix broken test by mocking GetOrganization, refs AC-1125 * fix: CollectionAuthorizationHandler - remove unused repository, refs AC-1125 * feat: moved UserId null check to common method, refs AC-1125 * fix: updated auth handler tests to remove dependency on requirement for common code checks, refs AC-1125 * feat: updated conditionals/comments for create/delete methods within colleciton auth handler, refs AC-1125 * feat: added create/delete collection auth handler success methods, refs AC-1125 * fix: new up permissions to prevent excessive null checks, refs AC-1125 * fix: remove old reference to CreateNewCollections, refs AC-1125 * fix: typo within ViewAssignedCollections method, refs AC-1125 --------- Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com> * refactor: remove organizationId from CollectionBulkDeleteRequestModel, refs AC-1649 (#3282) * [AC-1174] Bulk Collection Management (#3229) * [AC-1174] Update SelectionReadOnlyRequestModel to use Guid for Id property * [AC-1174] Introduce initial bulk-access collection endpoint * [AC-1174] Introduce BulkAddCollectionAccessCommand and validation logic/tests * [AC-1174] Add CreateOrUpdateAccessMany method to CollectionRepository * [AC-1174] Add event logs for bulk add collection access command * [AC-1174] Add User_BumpAccountRevisionDateByCollectionIds and database migration script * [AC-1174] Implement EF repository method * [AC-1174] Improve null checks * [AC-1174] Remove unnecessary BulkCollectionAccessRequestModel helpers * [AC-1174] Add unit tests for new controller endpoint * [AC-1174] Fix formatting * [AC-1174] Remove comment * [AC-1174] Remove redundant organizationId parameter * [AC-1174] Ensure user and group Ids are distinct * [AC-1174] Cleanup tests based on PR feedback * [AC-1174] Formatting * [AC-1174] Update CollectionGroup alias in the sproc * [AC-1174] Add some additional comments to SQL sproc * [AC-1174] Add comment explaining additional SaveChangesAsync call --------- Co-authored-by: Thomas Rittson <trittson@bitwarden.com> * [AC-1646] Rename LimitCollectionCdOwnerAdmin column (#3300) * Rename LimitCollectionCdOwnerAdmin -> LimitCollectionCreationDeletion * Rename and bump migration script * [AC-1666] Removed EditAnyCollection from Create/Delete permission checks (#3301) * fix: remove EditAnyCollection from Create/Delete permission check, refs AC-1666 * fix: updated comment, refs AC-1666 * [AC-1669] Bug - Remove obsolete assignUserId from CollectionService.SaveAsync(...) (#3312) * fix: remove AssignUserId from CollectionService.SaveAsync, refs AC-1669 * fix: add manage access conditional before creating collection, refs AC-1669 * fix: move access logic for create/update, fix all tests, refs AC-1669 * fix: add CollectionAccessSelection fixture, update tests, update bad reqeuest message, refs AC-1669 * fix: format, refs AC-1669 * fix: update null params with specific arg.is null checks, refs Ac-1669 * fix: update attribute class name, refs AC-1669 * [AC-1713] [Flexible collections] Add feature flags to server (#3334) * Add feature flags for FlexibleCollections and BulkCollectionAccess * Flag new routes and behaviour --------- Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com> * Add joint codeownership for auth handlers (#3346) * [AC-1717] Update default values for LimitCollectionCreationDeletion (#3365) * Change default value in organization create sproc to 1 * Drop old column name still present in some QA instances * Set LimitCollectionCreationDeletion value in code based on feature flag * Fix: add missing namespace after merging in master * Fix: add missing namespace after merging in master * [AC-1683] Fix DB migrations for new Manage permission (#3307) * [AC-1683] Update migration script and introduce V2 procedures and types * [AC-1683] Update repository calls to use new V2 procedures / types * [AC-1684] Update bulk add collection migration script to use new V2 type * [AC-1683] Undo Manage changes to more original procedures * [AC-1683] Restore whitespace changes * [AC-1683] Clarify comments regarding explicit column lists * [AC-1683] Update migration script dates * [AC-1683] Split the migration script for readability * [AC-1683] Re-name SelectReadOnlyArray_V2 to CollectionAccessSelectionType * [AC-1648] [Flexible Collections] Bump migration scripts before feature branch merge (#3371) * Bump dates on sql migration scripts * Bump date on ef migrations --------- Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com> Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com> Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com> Co-authored-by: Shane Melton <smelton@bitwarden.com> Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
643 lines
27 KiB
C#
643 lines
27 KiB
C#
using AutoMapper;
|
|
using Bit.Core.Enums;
|
|
using Bit.Core.Models.Data;
|
|
using Bit.Core.Models.Data.Organizations.OrganizationUsers;
|
|
using Bit.Core.Repositories;
|
|
using Bit.Infrastructure.EntityFramework.Models;
|
|
using Bit.Infrastructure.EntityFramework.Repositories.Queries;
|
|
using Microsoft.EntityFrameworkCore;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
|
|
namespace Bit.Infrastructure.EntityFramework.Repositories;
|
|
|
|
public class OrganizationUserRepository : Repository<Core.Entities.OrganizationUser, OrganizationUser, Guid>, IOrganizationUserRepository
|
|
{
|
|
public OrganizationUserRepository(IServiceScopeFactory serviceScopeFactory, IMapper mapper)
|
|
: base(serviceScopeFactory, mapper, (DatabaseContext context) => context.OrganizationUsers)
|
|
{ }
|
|
|
|
public async Task<Guid> CreateAsync(Core.Entities.OrganizationUser obj, IEnumerable<CollectionAccessSelection> collections)
|
|
{
|
|
var organizationUser = await base.CreateAsync(obj);
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
var availableCollections = await (
|
|
from c in dbContext.Collections
|
|
where c.OrganizationId == organizationUser.OrganizationId
|
|
select c).ToListAsync();
|
|
var filteredCollections = collections.Where(c => availableCollections.Any(a => c.Id == a.Id));
|
|
var collectionUsers = filteredCollections.Select(y => new CollectionUser
|
|
{
|
|
CollectionId = y.Id,
|
|
OrganizationUserId = organizationUser.Id,
|
|
ReadOnly = y.ReadOnly,
|
|
HidePasswords = y.HidePasswords,
|
|
Manage = y.Manage
|
|
});
|
|
await dbContext.CollectionUsers.AddRangeAsync(collectionUsers);
|
|
await dbContext.SaveChangesAsync();
|
|
}
|
|
|
|
return organizationUser.Id;
|
|
}
|
|
|
|
public async Task<ICollection<Guid>> CreateManyAsync(IEnumerable<Core.Entities.OrganizationUser> organizationUsers)
|
|
{
|
|
if (!organizationUsers.Any())
|
|
{
|
|
return new List<Guid>();
|
|
}
|
|
|
|
foreach (var organizationUser in organizationUsers)
|
|
{
|
|
organizationUser.SetNewId();
|
|
}
|
|
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
var entities = Mapper.Map<List<OrganizationUser>>(organizationUsers);
|
|
await dbContext.AddRangeAsync(entities);
|
|
await dbContext.SaveChangesAsync();
|
|
}
|
|
|
|
return organizationUsers.Select(u => u.Id).ToList();
|
|
}
|
|
|
|
public override async Task DeleteAsync(Core.Entities.OrganizationUser organizationUser) => await DeleteAsync(organizationUser.Id);
|
|
public async Task DeleteAsync(Guid organizationUserId)
|
|
{
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
await dbContext.UserBumpAccountRevisionDateByOrganizationUserIdAsync(organizationUserId);
|
|
var orgUser = await dbContext.OrganizationUsers
|
|
.Where(ou => ou.Id == organizationUserId)
|
|
.FirstAsync();
|
|
|
|
var organizationId = orgUser?.OrganizationId;
|
|
var userId = orgUser?.UserId;
|
|
|
|
if (orgUser?.OrganizationId != null && orgUser?.UserId != null)
|
|
{
|
|
var ssoUsers = dbContext.SsoUsers
|
|
.Where(su => su.UserId == userId && su.OrganizationId == organizationId);
|
|
dbContext.SsoUsers.RemoveRange(ssoUsers);
|
|
}
|
|
|
|
var collectionUsers = dbContext.CollectionUsers
|
|
.Where(cu => cu.OrganizationUserId == organizationUserId);
|
|
dbContext.CollectionUsers.RemoveRange(collectionUsers);
|
|
|
|
var groupUsers = dbContext.GroupUsers
|
|
.Where(gu => gu.OrganizationUserId == organizationUserId);
|
|
dbContext.GroupUsers.RemoveRange(groupUsers);
|
|
|
|
dbContext.UserProjectAccessPolicy.RemoveRange(
|
|
dbContext.UserProjectAccessPolicy.Where(ap => ap.OrganizationUserId == organizationUserId));
|
|
dbContext.UserServiceAccountAccessPolicy.RemoveRange(
|
|
dbContext.UserServiceAccountAccessPolicy.Where(ap => ap.OrganizationUserId == organizationUserId));
|
|
|
|
var orgSponsorships = await dbContext.OrganizationSponsorships
|
|
.Where(os => os.SponsoringOrganizationUserId == organizationUserId)
|
|
.ToListAsync();
|
|
|
|
foreach (var orgSponsorship in orgSponsorships)
|
|
{
|
|
orgSponsorship.ToDelete = true;
|
|
}
|
|
|
|
dbContext.OrganizationUsers.Remove(orgUser);
|
|
await dbContext.SaveChangesAsync();
|
|
}
|
|
}
|
|
|
|
public async Task DeleteManyAsync(IEnumerable<Guid> organizationUserIds)
|
|
{
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
await dbContext.UserBumpAccountRevisionDateByOrganizationUserIdsAsync(organizationUserIds);
|
|
var entities = await dbContext.OrganizationUsers
|
|
// TODO: Does this work?
|
|
.Where(ou => organizationUserIds.Contains(ou.Id))
|
|
.ToListAsync();
|
|
|
|
dbContext.OrganizationUsers.RemoveRange(entities);
|
|
await dbContext.SaveChangesAsync();
|
|
}
|
|
}
|
|
|
|
public async Task<Tuple<Core.Entities.OrganizationUser, ICollection<CollectionAccessSelection>>> GetByIdWithCollectionsAsync(Guid id)
|
|
{
|
|
var organizationUser = await base.GetByIdAsync(id);
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
var query = await (
|
|
from ou in dbContext.OrganizationUsers
|
|
join cu in dbContext.CollectionUsers
|
|
on ou.Id equals cu.OrganizationUserId
|
|
where !ou.AccessAll &&
|
|
ou.Id == id
|
|
select cu).ToListAsync();
|
|
var collections = query.Select(cu => new CollectionAccessSelection
|
|
{
|
|
Id = cu.CollectionId,
|
|
ReadOnly = cu.ReadOnly,
|
|
HidePasswords = cu.HidePasswords,
|
|
Manage = cu.Manage,
|
|
});
|
|
return new Tuple<Core.Entities.OrganizationUser, ICollection<CollectionAccessSelection>>(
|
|
organizationUser, collections.ToList());
|
|
}
|
|
}
|
|
|
|
public async Task<Core.Entities.OrganizationUser> GetByOrganizationAsync(Guid organizationId, Guid userId)
|
|
{
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
var entity = await GetDbSet(dbContext)
|
|
.FirstOrDefaultAsync(e => e.OrganizationId == organizationId && e.UserId == userId);
|
|
return entity;
|
|
}
|
|
}
|
|
|
|
public async Task<Core.Entities.OrganizationUser> GetByOrganizationEmailAsync(Guid organizationId, string email)
|
|
{
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
var entity = await GetDbSet(dbContext)
|
|
.FirstOrDefaultAsync(ou => ou.OrganizationId == organizationId &&
|
|
!string.IsNullOrWhiteSpace(ou.Email) &&
|
|
ou.Email == email);
|
|
return entity;
|
|
}
|
|
}
|
|
|
|
public async Task<int> GetCountByFreeOrganizationAdminUserAsync(Guid userId)
|
|
{
|
|
var query = new OrganizationUserReadCountByFreeOrganizationAdminUserQuery(userId);
|
|
return await GetCountFromQuery(query);
|
|
}
|
|
|
|
public async Task<int> GetCountByOnlyOwnerAsync(Guid userId)
|
|
{
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
return await dbContext.OrganizationUsers
|
|
.Where(ou => ou.Type == OrganizationUserType.Owner && ou.Status == OrganizationUserStatusType.Confirmed)
|
|
.GroupBy(ou => ou.UserId)
|
|
.Select(g => new { UserId = g.Key, ConfirmedOwnerCount = g.Count() })
|
|
.Where(oc => oc.UserId == userId && oc.ConfirmedOwnerCount == 1)
|
|
.CountAsync();
|
|
}
|
|
}
|
|
|
|
public async Task<int> GetCountByOrganizationAsync(Guid organizationId, string email, bool onlyRegisteredUsers)
|
|
{
|
|
var query = new OrganizationUserReadCountByOrganizationIdEmailQuery(organizationId, email, onlyRegisteredUsers);
|
|
return await GetCountFromQuery(query);
|
|
}
|
|
|
|
public async Task<int> GetOccupiedSeatCountByOrganizationIdAsync(Guid organizationId)
|
|
{
|
|
var query = new OrganizationUserReadOccupiedSeatCountByOrganizationIdQuery(organizationId);
|
|
return await GetCountFromQuery(query);
|
|
}
|
|
|
|
public async Task<int> GetCountByOrganizationIdAsync(Guid organizationId)
|
|
{
|
|
var query = new OrganizationUserReadCountByOrganizationIdQuery(organizationId);
|
|
return await GetCountFromQuery(query);
|
|
}
|
|
|
|
public async Task<OrganizationUserUserDetails> GetDetailsByIdAsync(Guid id)
|
|
{
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
var view = new OrganizationUserUserDetailsViewQuery();
|
|
var entity = await view.Run(dbContext).FirstOrDefaultAsync(ou => ou.Id == id);
|
|
return entity;
|
|
}
|
|
}
|
|
|
|
public async Task<Tuple<OrganizationUserUserDetails, ICollection<CollectionAccessSelection>>> GetDetailsByIdWithCollectionsAsync(Guid id)
|
|
{
|
|
var organizationUserUserDetails = await GetDetailsByIdAsync(id);
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
var query = from ou in dbContext.OrganizationUsers
|
|
join cu in dbContext.CollectionUsers on ou.Id equals cu.OrganizationUserId
|
|
where !ou.AccessAll && ou.Id == id
|
|
select cu;
|
|
var collections = await query.Select(cu => new CollectionAccessSelection
|
|
{
|
|
Id = cu.CollectionId,
|
|
ReadOnly = cu.ReadOnly,
|
|
HidePasswords = cu.HidePasswords,
|
|
Manage = cu.Manage
|
|
}).ToListAsync();
|
|
return new Tuple<OrganizationUserUserDetails, ICollection<CollectionAccessSelection>>(organizationUserUserDetails, collections);
|
|
}
|
|
}
|
|
|
|
public async Task<OrganizationUserOrganizationDetails> GetDetailsByUserAsync(Guid userId, Guid organizationId, OrganizationUserStatusType? status = null)
|
|
{
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
var view = new OrganizationUserOrganizationDetailsViewQuery();
|
|
var t = await (view.Run(dbContext)).ToArrayAsync();
|
|
var entity = await view.Run(dbContext)
|
|
.FirstOrDefaultAsync(o => o.UserId == userId &&
|
|
o.OrganizationId == organizationId &&
|
|
(status == null || o.Status == status));
|
|
return entity;
|
|
}
|
|
}
|
|
|
|
public async Task<ICollection<Core.Entities.OrganizationUser>> GetManyAsync(IEnumerable<Guid> Ids)
|
|
{
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
var query = from ou in dbContext.OrganizationUsers
|
|
where Ids.Contains(ou.Id)
|
|
select ou;
|
|
var data = await query.ToArrayAsync();
|
|
return data;
|
|
}
|
|
}
|
|
|
|
public async Task<ICollection<Core.Entities.OrganizationUser>> GetManyByManyUsersAsync(IEnumerable<Guid> userIds)
|
|
{
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
var query = from ou in dbContext.OrganizationUsers
|
|
where userIds.Contains(ou.Id)
|
|
select ou;
|
|
return Mapper.Map<List<Core.Entities.OrganizationUser>>(await query.ToListAsync());
|
|
}
|
|
}
|
|
|
|
public async Task<ICollection<Core.Entities.OrganizationUser>> GetManyByOrganizationAsync(Guid organizationId, OrganizationUserType? type)
|
|
{
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
var query = from ou in dbContext.OrganizationUsers
|
|
where ou.OrganizationId == organizationId &&
|
|
(type == null || ou.Type == type)
|
|
select ou;
|
|
return Mapper.Map<List<Core.Entities.OrganizationUser>>(await query.ToListAsync());
|
|
}
|
|
}
|
|
|
|
public async Task<ICollection<Core.Entities.OrganizationUser>> GetManyByUserAsync(Guid userId)
|
|
{
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
var query = from ou in dbContext.OrganizationUsers
|
|
where ou.UserId == userId
|
|
select ou;
|
|
return Mapper.Map<List<Core.Entities.OrganizationUser>>(await query.ToListAsync());
|
|
}
|
|
}
|
|
|
|
public async Task<ICollection<OrganizationUserUserDetails>> GetManyDetailsByOrganizationAsync(Guid organizationId, bool includeGroups, bool includeCollections)
|
|
{
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
var view = new OrganizationUserUserDetailsViewQuery();
|
|
var users = await (from ou in view.Run(dbContext)
|
|
where ou.OrganizationId == organizationId
|
|
select ou).ToListAsync();
|
|
|
|
if (!includeCollections && !includeGroups)
|
|
{
|
|
return users;
|
|
}
|
|
|
|
List<IGrouping<Guid, GroupUser>> groups = null;
|
|
List<IGrouping<Guid, CollectionUser>> collections = null;
|
|
var userIds = users.Select(u => u.Id);
|
|
var userIdEntities = dbContext.OrganizationUsers.Where(x => userIds.Contains(x.Id));
|
|
|
|
// Query groups/collections separately to avoid cartesian explosion
|
|
if (includeGroups)
|
|
{
|
|
groups = (await (from gu in dbContext.GroupUsers
|
|
join ou in userIdEntities on gu.OrganizationUserId equals ou.Id
|
|
select gu).ToListAsync())
|
|
.GroupBy(g => g.OrganizationUserId).ToList();
|
|
}
|
|
|
|
if (includeCollections)
|
|
{
|
|
collections = (await (from cu in dbContext.CollectionUsers
|
|
join ou in userIdEntities on cu.OrganizationUserId equals ou.Id
|
|
select cu).ToListAsync())
|
|
.GroupBy(c => c.OrganizationUserId).ToList();
|
|
}
|
|
|
|
// Map any queried collections and groups to their respective users
|
|
foreach (var user in users)
|
|
{
|
|
if (groups != null)
|
|
{
|
|
user.Groups = groups
|
|
.FirstOrDefault(g => g.Key == user.Id)?
|
|
.Select(g => g.GroupId).ToList() ?? new List<Guid>();
|
|
}
|
|
|
|
if (collections != null)
|
|
{
|
|
user.Collections = collections
|
|
.FirstOrDefault(c => c.Key == user.Id)?
|
|
.Select(cu => new CollectionAccessSelection
|
|
{
|
|
Id = cu.CollectionId,
|
|
ReadOnly = cu.ReadOnly,
|
|
HidePasswords = cu.HidePasswords,
|
|
Manage = cu.Manage,
|
|
}).ToList() ?? new List<CollectionAccessSelection>();
|
|
}
|
|
}
|
|
|
|
return users;
|
|
}
|
|
}
|
|
|
|
public async Task<ICollection<OrganizationUserOrganizationDetails>> GetManyDetailsByUserAsync(Guid userId,
|
|
OrganizationUserStatusType? status = null)
|
|
{
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
var view = new OrganizationUserOrganizationDetailsViewQuery();
|
|
var query = from ou in view.Run(dbContext)
|
|
where ou.UserId == userId &&
|
|
(status == null || ou.Status == status)
|
|
select ou;
|
|
var organizationUsers = await query.ToListAsync();
|
|
return organizationUsers;
|
|
}
|
|
}
|
|
|
|
public async Task<IEnumerable<OrganizationUserPublicKey>> GetManyPublicKeysByOrganizationUserAsync(Guid organizationId, IEnumerable<Guid> Ids)
|
|
{
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
var query = from ou in dbContext.OrganizationUsers
|
|
where Ids.Contains(ou.Id) && ou.Status == OrganizationUserStatusType.Accepted
|
|
join u in dbContext.Users
|
|
on ou.UserId equals u.Id
|
|
where ou.OrganizationId == organizationId
|
|
select new { ou, u };
|
|
var data = await query
|
|
.Select(x => new OrganizationUserPublicKey()
|
|
{
|
|
Id = x.ou.Id,
|
|
PublicKey = x.u.PublicKey,
|
|
}).ToListAsync();
|
|
return data;
|
|
}
|
|
}
|
|
|
|
public async override Task ReplaceAsync(Core.Entities.OrganizationUser organizationUser)
|
|
{
|
|
await base.ReplaceAsync(organizationUser);
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
await dbContext.UserBumpAccountRevisionDateAsync(organizationUser.UserId.GetValueOrDefault());
|
|
await dbContext.SaveChangesAsync();
|
|
}
|
|
}
|
|
|
|
public async Task ReplaceAsync(Core.Entities.OrganizationUser obj, IEnumerable<CollectionAccessSelection> requestedCollections)
|
|
{
|
|
await ReplaceAsync(obj);
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
|
|
var existingCollectionUsers = await dbContext.CollectionUsers
|
|
.Where(cu => cu.OrganizationUserId == obj.Id)
|
|
.ToListAsync();
|
|
|
|
foreach (var requestedCollection in requestedCollections)
|
|
{
|
|
var existingCollectionUser = existingCollectionUsers.FirstOrDefault(cu => cu.CollectionId == requestedCollection.Id);
|
|
if (existingCollectionUser == null)
|
|
{
|
|
// This is a brand new entry
|
|
dbContext.CollectionUsers.Add(new CollectionUser
|
|
{
|
|
CollectionId = requestedCollection.Id,
|
|
OrganizationUserId = obj.Id,
|
|
HidePasswords = requestedCollection.HidePasswords,
|
|
ReadOnly = requestedCollection.ReadOnly,
|
|
Manage = requestedCollection.Manage
|
|
});
|
|
continue;
|
|
}
|
|
|
|
// It already exists, update it
|
|
existingCollectionUser.HidePasswords = requestedCollection.HidePasswords;
|
|
existingCollectionUser.ReadOnly = requestedCollection.ReadOnly;
|
|
existingCollectionUser.Manage = requestedCollection.Manage;
|
|
dbContext.CollectionUsers.Update(existingCollectionUser);
|
|
}
|
|
|
|
// Remove all existing ones that are no longer requested
|
|
var requestedCollectionIds = requestedCollections.Select(c => c.Id).ToList();
|
|
dbContext.CollectionUsers.RemoveRange(existingCollectionUsers.Where(cu => !requestedCollectionIds.Contains(cu.CollectionId)));
|
|
await dbContext.SaveChangesAsync();
|
|
}
|
|
}
|
|
|
|
public async Task ReplaceManyAsync(IEnumerable<Core.Entities.OrganizationUser> organizationUsers)
|
|
{
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
dbContext.UpdateRange(organizationUsers);
|
|
await dbContext.SaveChangesAsync();
|
|
await dbContext.UserBumpManyAccountRevisionDatesAsync(organizationUsers
|
|
.Where(ou => ou.UserId.HasValue)
|
|
.Select(ou => ou.UserId.Value).ToArray());
|
|
}
|
|
}
|
|
|
|
public async Task<ICollection<string>> SelectKnownEmailsAsync(Guid organizationId, IEnumerable<string> emails, bool onlyRegisteredUsers)
|
|
{
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
var usersQuery = from ou in dbContext.OrganizationUsers
|
|
join u in dbContext.Users
|
|
on ou.UserId equals u.Id into u_g
|
|
from u in u_g
|
|
where ou.OrganizationId == organizationId
|
|
select new { ou, u };
|
|
var ouu = await usersQuery.ToListAsync();
|
|
var ouEmails = ouu.Select(x => x.ou.Email);
|
|
var uEmails = ouu.Select(x => x.u.Email);
|
|
var knownEmails = from e in emails
|
|
where (ouEmails.Contains(e) || uEmails.Contains(e)) &&
|
|
(!onlyRegisteredUsers && (uEmails.Contains(e) || ouEmails.Contains(e))) ||
|
|
(onlyRegisteredUsers && uEmails.Contains(e))
|
|
select e;
|
|
return knownEmails.ToList();
|
|
}
|
|
}
|
|
|
|
public async Task UpdateGroupsAsync(Guid orgUserId, IEnumerable<Guid> groupIds)
|
|
{
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
|
|
var procedure = new GroupUserUpdateGroupsQuery(orgUserId, groupIds);
|
|
|
|
var insert = procedure.Insert.Run(dbContext);
|
|
var data = await insert.ToListAsync();
|
|
await dbContext.AddRangeAsync(data);
|
|
|
|
var delete = procedure.Delete.Run(dbContext);
|
|
var deleteData = await delete.ToListAsync();
|
|
dbContext.RemoveRange(deleteData);
|
|
await dbContext.UserBumpAccountRevisionDateByOrganizationUserIdAsync(orgUserId);
|
|
await dbContext.SaveChangesAsync();
|
|
}
|
|
}
|
|
|
|
public async Task UpsertManyAsync(IEnumerable<Core.Entities.OrganizationUser> organizationUsers)
|
|
{
|
|
var createUsers = new List<Core.Entities.OrganizationUser>();
|
|
var replaceUsers = new List<Core.Entities.OrganizationUser>();
|
|
foreach (var organizationUser in organizationUsers)
|
|
{
|
|
if (organizationUser.Id.Equals(default))
|
|
{
|
|
createUsers.Add(organizationUser);
|
|
}
|
|
else
|
|
{
|
|
replaceUsers.Add(organizationUser);
|
|
}
|
|
}
|
|
|
|
await CreateManyAsync(createUsers);
|
|
await ReplaceManyAsync(replaceUsers);
|
|
}
|
|
|
|
public async Task<IEnumerable<OrganizationUserUserDetails>> GetManyByMinimumRoleAsync(Guid organizationId, OrganizationUserType minRole)
|
|
{
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
var query = dbContext.OrganizationUsers
|
|
.Include(e => e.User)
|
|
.Where(e => e.OrganizationId.Equals(organizationId) &&
|
|
e.Type <= minRole &&
|
|
e.Status == OrganizationUserStatusType.Confirmed)
|
|
.Select(e => new OrganizationUserUserDetails()
|
|
{
|
|
Id = e.Id,
|
|
Email = e.Email ?? e.User.Email
|
|
});
|
|
return await query.ToListAsync();
|
|
}
|
|
}
|
|
|
|
public async Task RevokeAsync(Guid id)
|
|
{
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
var orgUser = await dbContext.OrganizationUsers.FindAsync(id);
|
|
if (orgUser == null)
|
|
{
|
|
return;
|
|
}
|
|
|
|
orgUser.Status = OrganizationUserStatusType.Revoked;
|
|
await dbContext.UserBumpAccountRevisionDateByOrganizationUserIdAsync(id);
|
|
await dbContext.SaveChangesAsync();
|
|
}
|
|
}
|
|
|
|
public async Task RestoreAsync(Guid id, OrganizationUserStatusType status)
|
|
{
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
var orgUser = await dbContext.OrganizationUsers
|
|
.FirstOrDefaultAsync(ou => ou.Id == id && ou.Status == OrganizationUserStatusType.Revoked);
|
|
|
|
if (orgUser == null)
|
|
{
|
|
return;
|
|
}
|
|
|
|
orgUser.Status = status;
|
|
await dbContext.UserBumpAccountRevisionDateByOrganizationUserIdAsync(id);
|
|
await dbContext.SaveChangesAsync();
|
|
}
|
|
}
|
|
|
|
public async Task<IEnumerable<OrganizationUserPolicyDetails>> GetByUserIdWithPolicyDetailsAsync(Guid userId, PolicyType policyType)
|
|
{
|
|
using (var scope = ServiceScopeFactory.CreateScope())
|
|
{
|
|
var dbContext = GetDatabaseContext(scope);
|
|
|
|
var providerOrganizations = from pu in dbContext.ProviderUsers
|
|
where pu.UserId == userId
|
|
join po in dbContext.ProviderOrganizations
|
|
on pu.ProviderId equals po.ProviderId
|
|
select po;
|
|
|
|
var query = from p in dbContext.Policies
|
|
join ou in dbContext.OrganizationUsers
|
|
on p.OrganizationId equals ou.OrganizationId
|
|
let email = dbContext.Users.Find(userId).Email // Invited orgUsers do not have a UserId associated with them, so we have to match up their email
|
|
where p.Type == policyType &&
|
|
(ou.UserId == userId || ou.Email == email)
|
|
select new OrganizationUserPolicyDetails
|
|
{
|
|
OrganizationUserId = ou.Id,
|
|
OrganizationId = p.OrganizationId,
|
|
PolicyType = p.Type,
|
|
PolicyEnabled = p.Enabled,
|
|
PolicyData = p.Data,
|
|
OrganizationUserType = ou.Type,
|
|
OrganizationUserStatus = ou.Status,
|
|
OrganizationUserPermissionsData = ou.Permissions,
|
|
IsProvider = providerOrganizations.Any(po => po.OrganizationId == p.OrganizationId)
|
|
};
|
|
return await query.ToListAsync();
|
|
}
|
|
}
|
|
|
|
public async Task<int> GetOccupiedSmSeatCountByOrganizationIdAsync(Guid organizationId)
|
|
{
|
|
var query = new OrganizationUserReadOccupiedSmSeatCountByOrganizationIdQuery(organizationId);
|
|
return await GetCountFromQuery(query);
|
|
}
|
|
|
|
}
|