Skip to content

Commit

Permalink
[AC-1374] Limit collection creation/deletion to Owner/Admin (#3145)
Browse files Browse the repository at this point in the history
* feat: update org table with new column, write migration, refs AC-1374

* feat: update views with new column, refs AC-1374

* feat: Alter sprocs (org create/update) to include new column, refs AC-1374

* feat: update entity/data/request/response models to handle new column, refs AC-1374

* feat: update necessary Provider related views during migration, refs AC-1374

* fix: update org create to default new column to false, refs AC-1374

* feat: added new API/request model for collection management and removed property from update request model, refs AC-1374

* fix: renamed migration script to be after secrets manage beta column changes, refs AC-1374

* fix: dotnet format, refs AC-1374

* feat: add ef migrations to reflect mssql changes, refs AC-1374

* fix: dotnet format, refs AC-1374

* feat: update API signature to accept Guid and explain Cd verbiage, refs AC-1374
  • Loading branch information
vincentsalucci committed Aug 16, 2023
1 parent 4e9d9db commit ccb35db
Show file tree
Hide file tree
Showing 22 changed files with 7,265 additions and 6 deletions.
13 changes: 13 additions & 0 deletions src/Api/Controllers/OrganizationsController.cs
Original file line number Diff line number Diff line change
Expand Up @@ -796,4 +796,17 @@ public async Task EnrollSecretsManager(Guid id, [FromBody] OrganizationEnrollSec
}
}
}

[HttpPut("{id}/collection-management")]
public async Task<OrganizationResponseModel> PutCollectionManagement(Guid id, [FromBody] OrganizationCollectionManagementUpdateRequestModel model)
{
var organization = await _organizationRepository.GetByIdAsync(id);
if (organization == null)
{
throw new NotFoundException();
}

await _organizationService.UpdateAsync(model.ToOrganization(organization));
return new OrganizationResponseModel(organization);
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
using Bit.Core.Entities;

namespace Bit.Api.Models.Request.Organizations;

public class OrganizationCollectionManagementUpdateRequestModel
{
public bool LimitCreateDeleteOwnerAdmin { get; set; }

public virtual Organization ToOrganization(Organization existingOrganization)
{
existingOrganization.LimitCollectionCdOwnerAdmin = LimitCreateDeleteOwnerAdmin;
return existingOrganization;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ public OrganizationResponseModel(Organization organization, string obj = "organi
SmServiceAccounts = organization.SmServiceAccounts;
MaxAutoscaleSmSeats = organization.MaxAutoscaleSmSeats;
MaxAutoscaleSmServiceAccounts = organization.MaxAutoscaleSmServiceAccounts;
LimitCollectionCdOwnerAdmin = organization.LimitCollectionCdOwnerAdmin;
}

public Guid Id { get; set; }
Expand Down Expand Up @@ -97,6 +98,7 @@ public OrganizationResponseModel(Organization organization, string obj = "organi
public int? SmServiceAccounts { get; set; }
public int? MaxAutoscaleSmSeats { get; set; }
public int? MaxAutoscaleSmServiceAccounts { get; set; }
public bool LimitCollectionCdOwnerAdmin { get; set; }
}

public class OrganizationSubscriptionResponseModel : OrganizationResponseModel
Expand Down
2 changes: 2 additions & 0 deletions src/Api/Models/Response/ProfileOrganizationResponseModel.cs
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ public ProfileOrganizationResponseModel(OrganizationUserOrganizationDetails orga
FamilySponsorshipToDelete = organization.FamilySponsorshipToDelete;
FamilySponsorshipValidUntil = organization.FamilySponsorshipValidUntil;
AccessSecretsManager = organization.AccessSecretsManager;
LimitCollectionCdOwnerAdmin = organization.LimitCollectionCdOwnerAdmin;

if (organization.SsoConfig != null)
{
Expand Down Expand Up @@ -113,4 +114,5 @@ public ProfileOrganizationResponseModel(OrganizationUserOrganizationDetails orga
public DateTime? FamilySponsorshipValidUntil { get; set; }
public bool? FamilySponsorshipToDelete { get; set; }
public bool AccessSecretsManager { get; set; }
public bool LimitCollectionCdOwnerAdmin { get; set; }
}
4 changes: 4 additions & 0 deletions src/Core/Entities/Organization.cs
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,10 @@ public class Organization : ITableObject<Guid>, ISubscriber, IStorable, IStorabl
public int? MaxAutoscaleSmSeats { get; set; }
public int? MaxAutoscaleSmServiceAccounts { get; set; }
public bool SecretsManagerBeta { get; set; }
/// <summary>
/// Refers to the ability for an organization to limit collection creation and deletion to owners and admins only
/// </summary>
public bool LimitCollectionCdOwnerAdmin { get; set; }

public void SetNewId()
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -48,4 +48,5 @@ public class OrganizationUserOrganizationDetails
public bool UsePasswordManager { get; set; }
public int? SmSeats { get; set; }
public int? SmServiceAccounts { get; set; }
public bool LimitCollectionCdOwnerAdmin { get; set; }
}
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,7 @@ public Organization ToOrganization()
RevisionDate = RevisionDate,
MaxAutoscaleSeats = MaxAutoscaleSeats,
OwnersNotifiedOfAutoscaling = OwnersNotifiedOfAutoscaling,
LimitCollectionCdOwnerAdmin = LimitCollectionCdOwnerAdmin,
};
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,9 @@ protected override void OnModelCreating(ModelBuilder builder)
eGroup.Property(c => c.Id).ValueGeneratedNever();
eInstallation.Property(c => c.Id).ValueGeneratedNever();
eOrganization.Property(c => c.Id).ValueGeneratedNever();
eOrganization.Property(c => c.LimitCollectionCdOwnerAdmin)
.ValueGeneratedNever()
.HasDefaultValue(true);
eOrganizationSponsorship.Property(c => c.Id).ValueGeneratedNever();
eOrganizationUser.Property(c => c.Id).ValueGeneratedNever();
ePolicy.Property(c => c.Id).ValueGeneratedNever();
Expand Down
9 changes: 6 additions & 3 deletions src/Sql/dbo/Stored Procedures/Organization_Create.sql
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,8 @@
@SmServiceAccounts INT = null,
@MaxAutoscaleSmSeats INT= null,
@MaxAutoscaleSmServiceAccounts INT = null,
@SecretsManagerBeta BIT = 0
@SecretsManagerBeta BIT = 0,
@LimitCollectionCdOwnerAdmin BIT = 0
AS
BEGIN
SET NOCOUNT ON
Expand Down Expand Up @@ -108,7 +109,8 @@ BEGIN
[SmServiceAccounts],
[MaxAutoscaleSmSeats],
[MaxAutoscaleSmServiceAccounts],
[SecretsManagerBeta]
[SecretsManagerBeta],
[LimitCollectionCdOwnerAdmin]
)
VALUES
(
Expand Down Expand Up @@ -163,6 +165,7 @@ BEGIN
@SmServiceAccounts,
@MaxAutoscaleSmSeats,
@MaxAutoscaleSmServiceAccounts,
@SecretsManagerBeta
@SecretsManagerBeta,
@LimitCollectionCdOwnerAdmin
)
END
6 changes: 4 additions & 2 deletions src/Sql/dbo/Stored Procedures/Organization_Update.sql
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,8 @@
@SmServiceAccounts INT = null,
@MaxAutoscaleSmSeats INT = null,
@MaxAutoscaleSmServiceAccounts INT = null,
@SecretsManagerBeta BIT = 0
@SecretsManagerBeta BIT = 0,
@LimitCollectionCdOwnerAdmin BIT = 1
AS
BEGIN
SET NOCOUNT ON
Expand Down Expand Up @@ -108,7 +109,8 @@ BEGIN
[SmServiceAccounts] = @SmServiceAccounts,
[MaxAutoscaleSmSeats] = @MaxAutoscaleSmSeats,
[MaxAutoscaleSmServiceAccounts] = @MaxAutoscaleSmServiceAccounts,
[SecretsManagerBeta] = @SecretsManagerBeta
[SecretsManagerBeta] = @SecretsManagerBeta,
[LimitCollectionCdOwnerAdmin] = @LimitCollectionCdOwnerAdmin
WHERE
[Id] = @Id
END
1 change: 1 addition & 0 deletions src/Sql/dbo/Tables/Organization.sql
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
[MaxAutoscaleSmSeats] INT NULL,
[MaxAutoscaleSmServiceAccounts] INT NULL,
[SecretsManagerBeta] BIT NOT NULL CONSTRAINT [DF_Organization_SecretsManagerBeta] DEFAULT (0),
[LimitCollectionCdOwnerAdmin] BIT NOT NULL CONSTRAINT [DF_Organization_LimitCollectionCdOwnerAdmin] DEFAULT (1),
CONSTRAINT [PK_Organization] PRIMARY KEY CLUSTERED ([Id] ASC)
);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,8 @@ SELECT
OU.[AccessSecretsManager],
O.[UsePasswordManager],
O.[SmSeats],
O.[SmServiceAccounts]
O.[SmServiceAccounts],
O.[LimitCollectionCdOwnerAdmin]
FROM
[dbo].[OrganizationUser] OU
LEFT JOIN
Expand Down
Loading

0 comments on commit ccb35db

Please sign in to comment.