Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[AC-1741] Include owners/admins can manage all collections setting in license file #3458

Merged
merged 69 commits into from
Dec 21, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
69 commits
Select commit Hold shift + click to select a range
4f08039
[AC-1117] Add manage permission (#3126)
differsthecat Aug 11, 2023
cf78f12
[AC-1374] Limit collection creation/deletion to Owner/Admin (#3145)
vincentsalucci Aug 14, 2023
78bdd51
Merge branch 'master' into feature/flexible-collections
vincentsalucci Aug 14, 2023
2f45726
Merge branch 'master' into feature/flexible-collections
vincentsalucci Aug 24, 2023
d5da5bb
fix: merge conflict resolution
vincentsalucci Aug 24, 2023
e87c20c
Merge branch 'master' into feature/flexible-collections
vincentsalucci Aug 30, 2023
5dc3ca8
[AC-1174] CollectionUser and CollectionGroup authorization handlers (…
shane-melton Aug 30, 2023
e8053e2
Fix improper merge conflict resolution
shane-melton Aug 30, 2023
3dfd38c
Merge branch 'master' into feature/flexible-collections
vincentsalucci Sep 1, 2023
3c9c8ac
Merge remote-tracking branch 'origin/master' into feature/flexible-co…
eliykat Sep 4, 2023
4ac1b10
Merge branch 'master' into feature/flexible-collections
vincentsalucci Sep 12, 2023
064a28c
fix: add permission check for collection management api, refs AC-1647…
vincentsalucci Sep 12, 2023
acd3997
Merge branch 'master' into feature/flexible-collections
vincentsalucci Sep 13, 2023
34dfdc5
[AC-1125] Enforce org setting for creating/deleting collections (#3241)
vincentsalucci Sep 18, 2023
9f5fec6
Merge remote-tracking branch 'origin/master' into feature/flexible-co…
eliykat Sep 19, 2023
ffa09d1
Merge branch 'master' into feature/flexible-collections
vincentsalucci Sep 19, 2023
f2acf1c
refactor: remove organizationId from CollectionBulkDeleteRequestModel…
vincentsalucci Sep 20, 2023
2c7d02d
Merge branch 'master' into feature/flexible-collections
eliykat Sep 26, 2023
5d431ad
[AC-1174] Bulk Collection Management (#3229)
shane-melton Sep 26, 2023
a3f554a
[AC-1646] Rename LimitCollectionCdOwnerAdmin column (#3300)
eliykat Sep 26, 2023
30b91cd
Merge branch 'master' into feature/flexible-collections
eliykat Sep 27, 2023
dd10614
Merge branch 'master' into feature/flexible-collections
eliykat Sep 28, 2023
fbb7aa1
[AC-1666] Removed EditAnyCollection from Create/Delete permission che…
vincentsalucci Sep 29, 2023
279d0cc
[AC-1669] Bug - Remove obsolete assignUserId from CollectionService.S…
vincentsalucci Oct 5, 2023
0abd7c3
Merge branch 'master' into feature/flexible-collections
vincentsalucci Oct 5, 2023
fed3252
Merge remote-tracking branch 'origin/master' into feature/flexible-co…
eliykat Oct 9, 2023
6bc38ac
Merge branch 'master' into feature/flexible-collections
eliykat Oct 13, 2023
3b049a6
[AC-1713] [Flexible collections] Add feature flags to server (#3334)
eliykat Oct 17, 2023
ae18e76
Merge remote-tracking branch 'origin/master' into feature/flexible-co…
eliykat Oct 18, 2023
52e723c
Add joint codeownership for auth handlers (#3346)
eliykat Oct 22, 2023
cd376be
Merge remote-tracking branch 'origin/master' into feature/flexible-co…
eliykat Oct 22, 2023
ad27f3d
[AC-1717] Update default values for LimitCollectionCreationDeletion (…
eliykat Oct 24, 2023
d91eb23
Merge branch 'master' into feature/flexible-collections
eliykat Oct 24, 2023
9d5c5bc
Fix: add missing namespace after merging in master
eliykat Oct 24, 2023
596e0df
Fix: add missing namespace after merging in master
eliykat Oct 24, 2023
3a5c35b
[AC-1683] Fix DB migrations for new Manage permission (#3307)
shane-melton Oct 24, 2023
0fe97d7
[AC-1648] [Flexible Collections] Bump migration scripts before featur…
eliykat Oct 24, 2023
c11ba10
Merge branch 'master' into feature/flexible-collections
shane-melton Oct 24, 2023
51d1221
[AC-1727] Add AllowAdminAccessToAllCollectionItems column to Organiza…
shane-melton Oct 25, 2023
8d38740
[AC-1720] Update stored procedures and views that query the organizat…
shane-melton Oct 25, 2023
eb2d02e
[AC-1727] Add EF migrations for new DB column
shane-melton Oct 25, 2023
69706ae
[AC-1729] Update API request/response models
shane-melton Oct 25, 2023
b565bf5
[AC-1122] Add new setting to CurrentContextOrganization.cs
shane-melton Oct 25, 2023
d752f03
[AC-1122] Ensure new setting is disabled for new orgs when the featur…
shane-melton Oct 25, 2023
697f770
Merge branch 'master' into vault/ac-1122/add-collection-management-se…
shane-melton Nov 1, 2023
e6bbce7
Merge branch 'master' into vault/ac-1122/add-collection-management-se…
shane-melton Nov 1, 2023
dccd7bd
Merge branch 'master' into vault/ac-1122/add-collection-management-se…
shane-melton Nov 2, 2023
b1f2d4f
Merge branch 'master' into vault/ac-1122/add-collection-management-se…
shane-melton Nov 6, 2023
46437b4
[AC-1122] Use V1 feature flag for new setting
shane-melton Nov 13, 2023
d2cc28b
Merge branch 'master' into vault/ac-1122/add-collection-management-se…
shane-melton Nov 13, 2023
b10c700
Merge branch 'master' into vault/ac-1122/add-collection-management-se…
shane-melton Nov 15, 2023
e2feb58
added property to organization license, incremented version number
gbubemismith Nov 20, 2023
d806de8
added property to organization license, incremented version number
gbubemismith Nov 20, 2023
d93aeb6
Added property to the SignUpAsync
gbubemismith Nov 20, 2023
9bd7cc9
Updated UpdateFromLicense to update proprty on the org
gbubemismith Nov 20, 2023
4407348
Updated endpoint to allow only cloud access
gbubemismith Nov 20, 2023
ea16218
fixed conflicts and merged
gbubemismith Dec 5, 2023
6bfb29a
fixed conflicts and merged
gbubemismith Dec 12, 2023
d46d21d
removed file added mistakenly, and increased licence version
gbubemismith Dec 13, 2023
94e1a97
updated test fixture
gbubemismith Dec 13, 2023
fc7212d
updated test fixture
gbubemismith Dec 14, 2023
c1a7346
linter fix
gbubemismith Dec 14, 2023
4ac587c
updated json string with correct hash
gbubemismith Dec 14, 2023
50254d3
Merge branch 'main' into vault/ac-1741
gbubemismith Dec 14, 2023
fcc7067
Merge branch 'main' into vault/ac-1741
gbubemismith Dec 18, 2023
5ff8ab7
added the v1 feature flag check
gbubemismith Dec 19, 2023
34fdff0
Merge branch 'main' into vault/ac-1741
gbubemismith Dec 19, 2023
2a0afe7
Merge branch 'main' into vault/ac-1741
gbubemismith Dec 20, 2023
ec79719
Merge branch 'main' into vault/ac-1741
gbubemismith Dec 21, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions src/Core/AdminConsole/Entities/Organization.cs
Original file line number Diff line number Diff line change
Expand Up @@ -236,7 +236,10 @@ public TwoFactorProvider GetTwoFactorProvider(TwoFactorProviderType provider)
return providers[provider];
}

public void UpdateFromLicense(OrganizationLicense license, bool flexibleCollectionsIsEnabled)
public void UpdateFromLicense(
OrganizationLicense license,
bool flexibleCollectionsMvpIsEnabled,
bool flexibleCollectionsV1IsEnabled)
{
Name = license.Name;
BusinessName = license.BusinessName;
Expand Down Expand Up @@ -267,6 +270,7 @@ public void UpdateFromLicense(OrganizationLicense license, bool flexibleCollecti
UseSecretsManager = license.UseSecretsManager;
SmSeats = license.SmSeats;
SmServiceAccounts = license.SmServiceAccounts;
LimitCollectionCreationDeletion = !flexibleCollectionsIsEnabled || license.LimitCollectionCreationDeletion;
LimitCollectionCreationDeletion = !flexibleCollectionsMvpIsEnabled || license.LimitCollectionCreationDeletion;
AllowAdminAccessToAllCollectionItems = !flexibleCollectionsV1IsEnabled || license.AllowAdminAccessToAllCollectionItems;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -558,8 +558,10 @@ public async Task<Tuple<Organization, OrganizationUser>> SignUpAsync(

await ValidateSignUpPoliciesAsync(owner.Id);

var flexibleCollectionsIsEnabled =
var flexibleCollectionsMvpIsEnabled =
_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext);
var flexibleCollectionsV1IsEnabled =
_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1, _currentContext);

var organization = new Organization
{
Expand Down Expand Up @@ -601,7 +603,8 @@ public async Task<Tuple<Organization, OrganizationUser>> SignUpAsync(
UseSecretsManager = license.UseSecretsManager,
SmSeats = license.SmSeats,
SmServiceAccounts = license.SmServiceAccounts,
LimitCollectionCreationDeletion = !flexibleCollectionsIsEnabled || license.LimitCollectionCreationDeletion
LimitCollectionCreationDeletion = !flexibleCollectionsMvpIsEnabled || license.LimitCollectionCreationDeletion,
AllowAdminAccessToAllCollectionItems = !flexibleCollectionsV1IsEnabled || license.AllowAdminAccessToAllCollectionItems
};

var result = await SignUpAsync(organization, owner.Id, ownerKey, collectionName, false);
Expand Down
12 changes: 10 additions & 2 deletions src/Core/Models/Business/OrganizationLicense.cs
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ public OrganizationLicense(Organization org, SubscriptionInfo subscriptionInfo,
SmSeats = org.SmSeats;
SmServiceAccounts = org.SmServiceAccounts;
LimitCollectionCreationDeletion = org.LimitCollectionCreationDeletion;
AllowAdminAccessToAllCollectionItems = org.AllowAdminAccessToAllCollectionItems;

if (subscriptionInfo?.Subscription == null)
{
Expand Down Expand Up @@ -137,6 +138,7 @@ public OrganizationLicense(Organization org, SubscriptionInfo subscriptionInfo,
public int? SmSeats { get; set; }
public int? SmServiceAccounts { get; set; }
public bool LimitCollectionCreationDeletion { get; set; } = true;
public bool AllowAdminAccessToAllCollectionItems { get; set; } = true;
public bool Trial { get; set; }
public LicenseType? LicenseType { get; set; }
public string Hash { get; set; }
Expand All @@ -148,10 +150,10 @@ public OrganizationLicense(Organization org, SubscriptionInfo subscriptionInfo,
/// </summary>
/// <remarks>Intentionally set one version behind to allow self hosted users some time to update before
cturnbull-bitwarden marked this conversation as resolved.
Show resolved Hide resolved
/// getting out of date license errors</remarks>
public const int CurrentLicenseFileVersion = 13;
public const int CurrentLicenseFileVersion = 14;
private bool ValidLicenseVersion
{
get => Version is >= 1 and <= 14;
get => Version is >= 1 and <= 15;
}

public byte[] GetDataBytes(bool forHash = false)
Expand Down Expand Up @@ -194,6 +196,8 @@ public byte[] GetDataBytes(bool forHash = false)
(Version >= 13 || !p.Name.Equals(nameof(SmServiceAccounts))) &&
// LimitCollectionCreationDeletion was added in Version 14
(Version >= 14 || !p.Name.Equals(nameof(LimitCollectionCreationDeletion))) &&
// AllowAdminAccessToAllCollectionItems was added in Version 15
(Version >= 15 || !p.Name.Equals(nameof(AllowAdminAccessToAllCollectionItems))) &&
(
!forHash ||
(
Expand Down Expand Up @@ -347,6 +351,10 @@ public bool VerifyData(Organization organization, IGlobalSettings globalSettings
// {
// valid = organization.LimitCollectionCreationDeletion == LimitCollectionCreationDeletion;
// }
// if (valid && Version >= 15)
// {
// valid = organization.AllowAdminAccessToAllCollectionItems == AllowAdminAccessToAllCollectionItems;
// }

return valid;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -65,9 +65,10 @@ private async Task WriteLicenseFileAsync(Organization organization, Organization

private async Task UpdateOrganizationAsync(SelfHostedOrganizationDetails selfHostedOrganizationDetails, OrganizationLicense license)
{
var flexibleCollectionsIsEnabled = _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext);
var flexibleCollectionsMvpIsEnabled = _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext);
var flexibleCollectionsV1IsEnabled = _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1, _currentContext);
var organization = selfHostedOrganizationDetails.ToOrganization();
organization.UpdateFromLicense(license, flexibleCollectionsIsEnabled);
organization.UpdateFromLicense(license, flexibleCollectionsMvpIsEnabled, flexibleCollectionsV1IsEnabled);

await _organizationService.ReplaceAndUpdateCacheAsync(organization);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,10 @@ public static class OrganizationLicenseFileFixtures
private const string Version14 =
"{\n 'LicenseKey': 'myLicenseKey',\n 'InstallationId': '78900000-0000-0000-0000-000000000123',\n 'Id': '12300000-0000-0000-0000-000000000456',\n 'Name': 'myOrg',\n 'BillingEmail': 'myBillingEmail',\n 'BusinessName': 'myBusinessName',\n 'Enabled': true,\n 'Plan': 'myPlan',\n 'PlanType': 11,\n 'Seats': 10,\n 'MaxCollections': 2,\n 'UsePolicies': true,\n 'UseSso': true,\n 'UseKeyConnector': true,\n 'UseScim': true,\n 'UseGroups': true,\n 'UseEvents': true,\n 'UseDirectory': true,\n 'UseTotp': true,\n 'Use2fa': true,\n 'UseApi': true,\n 'UseResetPassword': true,\n 'MaxStorageGb': 100,\n 'SelfHost': true,\n 'UsersGetPremium': true,\n 'UseCustomPermissions': true,\n 'Version': 13,\n 'Issued': '2023-11-29T22:42:33.970597Z',\n 'Refresh': '2023-12-06T22:42:33.970597Z',\n 'Expires': '2023-12-06T22:42:33.970597Z',\n 'ExpirationWithoutGracePeriod': null,\n 'UsePasswordManager': true,\n 'UseSecretsManager': true,\n 'SmSeats': 5,\n 'SmServiceAccounts': 8,\n 'LimitCollectionCreationDeletion': true,\n 'Trial': true,\n 'LicenseType': 1,\n 'Hash': '4G2u\\u002BWKO9EOiVnDVNr7uPxxRkv7TtaOmDl7kAYH05Fw=',\n 'Signature': ''\n}";

private static readonly Dictionary<int, string> LicenseVersions = new() { { 12, Version12 }, { 13, Version13 }, { 14, Version14 } };
private const string Version15 =
"{\n 'LicenseKey': 'myLicenseKey',\n 'InstallationId': '78900000-0000-0000-0000-000000000123',\n 'Id': '12300000-0000-0000-0000-000000000456',\n 'Name': 'myOrg',\n 'BillingEmail': 'myBillingEmail',\n 'BusinessName': 'myBusinessName',\n 'Enabled': true,\n 'Plan': 'myPlan',\n 'PlanType': 11,\n 'Seats': 10,\n 'MaxCollections': 2,\n 'UsePolicies': true,\n 'UseSso': true,\n 'UseKeyConnector': true,\n 'UseScim': true,\n 'UseGroups': true,\n 'UseEvents': true,\n 'UseDirectory': true,\n 'UseTotp': true,\n 'Use2fa': true,\n 'UseApi': true,\n 'UseResetPassword': true,\n 'MaxStorageGb': 100,\n 'SelfHost': true,\n 'UsersGetPremium': true,\n 'UseCustomPermissions': true,\n 'Version': 14,\n 'Issued': '2023-12-14T02:03:33.374297Z',\n 'Refresh': '2023-12-07T22:42:33.970597Z',\n 'Expires': '2023-12-21T02:03:33.374297Z',\n 'ExpirationWithoutGracePeriod': null,\n 'UsePasswordManager': true,\n 'UseSecretsManager': true,\n 'SmSeats': 5,\n 'SmServiceAccounts': 8,\n 'LimitCollectionCreationDeletion': true,\n 'AllowAdminAccessToAllCollectionItems': true,\n 'Trial': true,\n 'LicenseType': 1,\n 'Hash': 'EZl4IvJaa1E5mPmlfp4p5twAtlmaxlF1yoZzVYP4vog=',\n 'Signature': ''\n}";

private static readonly Dictionary<int, string> LicenseVersions = new() { { 12, Version12 }, { 13, Version13 }, { 14, Version14 }, { 15, Version15 } };

public static OrganizationLicense GetVersion(int licenseVersion)
{
Expand Down Expand Up @@ -108,6 +111,7 @@ public static Organization OrganizationFactory() =>
MaxAutoscaleSmSeats = 101,
MaxAutoscaleSmServiceAccounts = 102,
SecretsManagerBeta = true,
LimitCollectionCreationDeletion = true
LimitCollectionCreationDeletion = true,
AllowAdminAccessToAllCollectionItems = true,
};
}
Loading