[AC-108] Updated PolicyService to use IApplicationCacheService to det…

…ermine if an organization uses policies
bitwarden · Aug 9, 2023 · b98b107 · b98b107
1 parent dd82b8a
commit b98b107
Show file tree

Hide file tree

Showing 7 changed files with 40 additions and 3 deletions.
diff --git a/src/Core/Models/Data/Organizations/OrganizationAbility.cs b/src/Core/Models/Data/Organizations/OrganizationAbility.cs
@@ -20,6 +20,7 @@ public OrganizationAbility(Organization organization)
         UseScim = organization.UseScim;
         UseResetPassword = organization.UseResetPassword;
         UseCustomPermissions = organization.UseCustomPermissions;
+        UsePolicies = organization.UsePolicies;
     }
 
     public Guid Id { get; set; }
@@ -33,4 +34,5 @@ public OrganizationAbility(Organization organization)
     public bool UseScim { get; set; }
     public bool UseResetPassword { get; set; }
     public bool UseCustomPermissions { get; set; }
+    public bool UsePolicies { get; set; }
 }
diff --git a/src/Core/Services/Implementations/PolicyService.cs b/src/Core/Services/Implementations/PolicyService.cs
@@ -12,6 +12,7 @@ namespace Bit.Core.Services;
 
 public class PolicyService : IPolicyService
 {
+    private readonly IApplicationCacheService _applicationCacheService;
     private readonly IEventService _eventService;
     private readonly IOrganizationRepository _organizationRepository;
     private readonly IOrganizationUserRepository _organizationUserRepository;
@@ -23,6 +24,7 @@ public class PolicyService : IPolicyService
     private IEnumerable<OrganizationUserPolicyDetails> _cachedOrganizationUserPolicyDetails;
 
     public PolicyService(
+        IApplicationCacheService applicationCacheService,
         IEventService eventService,
         IOrganizationRepository organizationRepository,
         IOrganizationUserRepository organizationUserRepository,
@@ -31,6 +33,7 @@ public PolicyService(
         IMailService mailService,
         GlobalSettings globalSettings)
     {
+        _applicationCacheService = applicationCacheService;
         _eventService = eventService;
         _organizationRepository = organizationRepository;
         _organizationUserRepository = organizationUserRepository;
@@ -206,7 +209,9 @@ private async Task<IEnumerable<OrganizationUserPolicyDetails>> QueryOrganization
         }
 
         var excludedUserTypes = GetUserTypesExcludedFromPolicy(policyType);
+        var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync();
         return _cachedOrganizationUserPolicyDetails.Where(o =>
+            (!orgAbilities.ContainsKey(o.OrganizationId) || orgAbilities[o.OrganizationId].Enabled && orgAbilities[o.OrganizationId].UsePolicies) &&
             (policyType == null || o.PolicyType == policyType) &&
             o.PolicyEnabled &&
             !excludedUserTypes.Contains(o.OrganizationUserType) &&

diff --git a/src/Infrastructure.EntityFramework/Repositories/OrganizationRepository.cs b/src/Infrastructure.EntityFramework/Repositories/OrganizationRepository.cs
@@ -87,7 +87,8 @@ public async Task<ICollection<OrganizationAbility>> GetManyAbilitiesAsync()
                 UseKeyConnector = e.UseKeyConnector,
                 UseResetPassword = e.UseResetPassword,
                 UseScim = e.UseScim,
-                UseCustomPermissions = e.UseCustomPermissions
+                UseCustomPermissions = e.UseCustomPermissions,
+                UsePolicies = e.UsePolicies
             }).ToListAsync();
         }
     }

diff --git a/src/Sql/dbo/Stored Procedures/Organization_ReadAbilities.sql b/src/Sql/dbo/Stored Procedures/Organization_ReadAbilities.sql
@@ -19,6 +19,7 @@ BEGIN
         [UseKeyConnector],
         [UseScim],
         [UseResetPassword],
+        [UsePolicies],
         [Enabled]
     FROM
         [dbo].[Organization]

diff --git a/test/Identity.IntegrationTest/Endpoints/IdentityServerSsoTests.cs b/test/Identity.IntegrationTest/Endpoints/IdentityServerSsoTests.cs
@@ -367,7 +367,7 @@ private static async Task<IdentityApplicationFactory> CreateFactoryAsync(SsoConf
             RedirectUri = "https://localhost:8080/sso-connector.html",
             RequestedScopes = new[] { "api", "offline_access" },
             CodeChallenge = challenge.Sha256(),
-            CodeChallengeMethod = "plain", // 
+            CodeChallengeMethod = "plain", //
             Subject = null, // Temporarily set it to null
         };
 
@@ -397,6 +397,7 @@ private static async Task<IdentityApplicationFactory> CreateFactoryAsync(SsoConf
         var organization = await organizationRepository.CreateAsync(new Organization
         {
             Name = "Test Org",
+            UsePolicies = true
         });
 
         var organizationUserRepository = factory.Services.GetRequiredService<IOrganizationUserRepository>();

diff --git a/test/Identity.IntegrationTest/Endpoints/IdentityServerTests.cs b/test/Identity.IntegrationTest/Endpoints/IdentityServerTests.cs
@@ -556,7 +556,7 @@ private async Task CreateOrganizationWithSsoPolicyAsync(Guid organizationId, str
         var organizationUserRepository = _factory.Services.GetService<IOrganizationUserRepository>();
         var policyRepository = _factory.Services.GetService<IPolicyRepository>();
 
-        var organization = new Bit.Core.Entities.Organization { Id = organizationId, Enabled = true, UseSso = ssoPolicyEnabled };
+        var organization = new Bit.Core.Entities.Organization { Id = organizationId, Enabled = true, UseSso = ssoPolicyEnabled, UsePolicies = true };
         await organizationRepository.CreateAsync(organization);
 
         var user = await userRepository.GetByEmailAsync(username);

diff --git a/util/Migrator/DbScripts/2023-08-09_00_OrgAbilitiesUsePolicies.sql b/util/Migrator/DbScripts/2023-08-09_00_OrgAbilitiesUsePolicies.sql
@@ -0,0 +1,27 @@
+CREATE OR ALTER PROCEDURE [dbo].[Organization_ReadAbilities]
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        [Id],
+        [UseEvents],
+        [Use2fa],
+        CASE
+        WHEN [Use2fa] = 1 AND [TwoFactorProviders] IS NOT NULL AND [TwoFactorProviders] != '{}' THEN
+            1
+        ELSE
+            0
+        END AS [Using2fa],
+        [UsersGetPremium],
+        [UseCustomPermissions],
+        [UseSso],
+        [UseKeyConnector],
+        [UseScim],
+        [UseResetPassword],
+        [UsePolicies],
+        [Enabled]
+    FROM
+        [dbo].[Organization]
+END
+GO