[PM-3478] Refactor OrganizationUser api (#10949)

* User and Group collection dialogs - don't fetch additional associations from the api * Refactor to use user mini-details endpoint
2025-12-14 23:33:31 +00:00 · 2024-10-01 07:13:26 +10:00
parent cc0a851c0e
commit 1f85036346
13 changed files with 107 additions and 41 deletions
--- a/apps/cli/src/service-container/service-container.ts
+++ b/apps/cli/src/service-container/service-container.ts
@@ -498,8 +498,6 @@ export class ServiceContainer {

    this.providerService = new ProviderService(this.stateProvider);

-    this.organizationUserApiService = new DefaultOrganizationUserApiService(this.apiService);
-
    this.policyApiService = new PolicyApiService(this.policyService, this.apiService);

    this.keyConnectorService = new KeyConnectorService(
@@ -778,6 +776,11 @@ export class ServiceContainer {
    this.organizationApiService = new OrganizationApiService(this.apiService, this.syncService);

    this.providerApiService = new ProviderApiService(this.apiService);
+
+    this.organizationUserApiService = new DefaultOrganizationUserApiService(
+      this.apiService,
+      this.configService,
+    );
  }

  async logout() {
--- a/apps/web/src/app/admin-console/organizations/manage/entity-events.component.ts
+++ b/apps/web/src/app/admin-console/organizations/manage/entity-events.component.ts
@@ -78,7 +78,7 @@ export class EntityEventsComponent implements OnInit {
  async load() {
    try {
      if (this.showUser) {
-        const response = await this.organizationUserApiService.getAllUsers(
+        const response = await this.organizationUserApiService.getAllMiniUserDetails(
          this.params.organizationId,
        );
        response.data.forEach((u) => {
--- a/apps/web/src/app/admin-console/organizations/manage/events.component.ts
+++ b/apps/web/src/app/admin-console/organizations/manage/events.component.ts
@@ -83,7 +83,9 @@ export class EventsComponent extends BaseEventsComponent implements OnInit, OnDe
  }

  async load() {
-    const response = await this.organizationUserApiService.getAllUsers(this.organizationId);
+    const response = await this.organizationUserApiService.getAllMiniUserDetails(
+      this.organizationId,
+    );
    response.data.forEach((u) => {
      const name = this.userNamePipe.transform(u);
      this.orgUsersUserIdMap.set(u.userId, { name: name, email: u.email });
--- a/apps/web/src/app/admin-console/organizations/manage/group-add-edit.component.ts
+++ b/apps/web/src/app/admin-console/organizations/manage/group-add-edit.component.ts
@@ -131,7 +131,7 @@ export class GroupAddEditComponent implements OnInit, OnDestroy {
  );

  private get orgMembers$(): Observable<Array<AccessItemView & { userId: UserId }>> {
-    return from(this.organizationUserApiService.getAllUsers(this.organizationId)).pipe(
+    return from(this.organizationUserApiService.getAllMiniUserDetails(this.organizationId)).pipe(
      map((response) =>
        response.data.map((m) => ({
          id: m.id,
--- a/apps/web/src/app/vault/components/collection-dialog/collection-dialog.component.ts
+++ b/apps/web/src/app/vault/components/collection-dialog/collection-dialog.component.ts
@@ -15,7 +15,7 @@ import { first } from "rxjs/operators";

 import {
  OrganizationUserApiService,
-  OrganizationUserUserDetailsResponse,
+  OrganizationUserUserMiniResponse,
 } from "@bitwarden/admin-console/common";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
@@ -156,15 +156,23 @@ export class CollectionDialogComponent implements OnInit, OnDestroy {
      organization: organization$,
      collections: this.collectionAdminService.getAll(orgId),
      groups: groups$,
-      // Collection(s) needed to map readonlypermission for (potential) access selector disabled state
-      users: this.organizationUserApiService.getAllUsers(orgId, { includeCollections: true }),
+      users: this.organizationUserApiService.getAllMiniUserDetails(orgId),
    })
      .pipe(takeUntil(this.formGroup.controls.selectedOrg.valueChanges), takeUntil(this.destroy$))
      .subscribe(({ organization, collections: allCollections, groups, users }) => {
        this.organization = organization;
+
+        if (this.params.collectionId) {
+          this.collection = allCollections.find((c) => c.id === this.collectionId);
+
+          if (!this.collection) {
+            throw new Error("Could not find collection to edit.");
+          }
+        }
+
        this.accessItems = [].concat(
-          groups.map((group) => mapGroupToAccessItemView(group, this.collectionId)),
-          users.data.map((user) => mapUserToAccessItemView(user, this.collectionId)),
+          groups.map((group) => mapGroupToAccessItemView(group, this.collection)),
+          users.data.map((user) => mapUserToAccessItemView(user, this.collection)),
        );

        // Force change detection to update the access selector's items
@@ -174,15 +182,10 @@ export class CollectionDialogComponent implements OnInit, OnDestroy {
          ? allCollections.filter((c) => c.manage)
          : allCollections;

-        if (this.params.collectionId) {
-          this.collection = allCollections.find((c) => c.id === this.collectionId);
+        if (this.collection) {
          // Ensure we don't allow nesting the current collection within itself
          this.nestOptions = this.nestOptions.filter((c) => c.id !== this.collectionId);

-          if (!this.collection) {
-            throw new Error("Could not find collection to edit.");
-          }
-
          // Parse the name to find its parent name
          const { name, parent: parentName } = parseName(this.collection);

@@ -423,7 +426,10 @@ function validateCanManagePermission(control: AbstractControl) {
 * @param collectionId Current collection being viewed/edited
 * @returns AccessItemView customized to set a readonlyPermission to be displayed if the access selector is in a disabled state
 */
-function mapGroupToAccessItemView(group: GroupView, collectionId: string): AccessItemView {
+function mapGroupToAccessItemView(
+  group: GroupView,
+  collection: CollectionAdminView,
+): AccessItemView {
  return {
    id: group.id,
    type: AccessItemType.Group,
@@ -431,8 +437,8 @@ function mapGroupToAccessItemView(group: GroupView, collectionId: string): Acces
    labelName: group.name,
    readonly: false,
    readonlyPermission:
-      collectionId != null
-        ? convertToPermission(group.collections.find((gc) => gc.id == collectionId))
+      collection != null
+        ? convertToPermission(collection.groups.find((g) => g.id === group.id))
        : undefined,
  };
 }
@@ -444,8 +450,8 @@ function mapGroupToAccessItemView(group: GroupView, collectionId: string): Acces
 * @returns AccessItemView customized to set a readonlyPermission to be displayed if the access selector is in a disabled state
 */
 function mapUserToAccessItemView(
-  user: OrganizationUserUserDetailsResponse,
-  collectionId: string,
+  user: OrganizationUserUserMiniResponse,
+  collection: CollectionAdminView,
 ): AccessItemView {
  return {
    id: user.id,
@@ -457,9 +463,9 @@ function mapUserToAccessItemView(
    status: user.status,
    readonly: false,
    readonlyPermission:
-      collectionId != null
+      collection != null
        ? convertToPermission(
-            new CollectionAccessSelectionView(user.collections.find((uc) => uc.id == collectionId)),
+            new CollectionAccessSelectionView(collection.users.find((u) => u.id === user.id)),
          )
        : undefined,
  };
--- a/apps/web/src/app/vault/org-vault/bulk-collections-dialog/bulk-collections-dialog.component.ts
+++ b/apps/web/src/app/vault/org-vault/bulk-collections-dialog/bulk-collections-dialog.component.ts
@@ -79,7 +79,7 @@ export class BulkCollectionsDialogComponent implements OnDestroy {
    combineLatest([
      organization$,
      groups$,
-      this.organizationUserApiService.getAllUsers(this.params.organizationId),
+      this.organizationUserApiService.getAllMiniUserDetails(this.params.organizationId),
    ])
      .pipe(takeUntil(this.destroy$))
      .subscribe(([organization, groups, users]) => {
--- a/apps/web/src/app/vault/org-vault/vault.component.ts
+++ b/apps/web/src/app/vault/org-vault/vault.component.ts
@@ -30,10 +30,6 @@ import {
  withLatestFrom,
 } from "rxjs/operators";

-import {
-  OrganizationUserApiService,
-  OrganizationUserUserDetailsResponse,
-} from "@bitwarden/admin-console/common";
 import { SearchPipe } from "@bitwarden/angular/pipes/search.pipe";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
@@ -168,8 +164,6 @@ export class VaultComponent implements OnInit, OnDestroy {
  protected editableCollections$: Observable<CollectionAdminView[]>;
  protected allCollectionsWithoutUnassigned$: Observable<CollectionAdminView[]>;

-  protected orgRevokedUsers: OrganizationUserUserDetailsResponse[];
-
  protected get hideVaultFilters(): boolean {
    return this.organization?.isProviderUser && !this.organization?.isMember;
  }
@@ -206,7 +200,6 @@ export class VaultComponent implements OnInit, OnDestroy {
    private totpService: TotpService,
    private apiService: ApiService,
    private collectionService: CollectionService,
-    private organizationUserApiService: OrganizationUserApiService,
    private toastService: ToastService,
    private accountService: AccountService,
  ) {}
@@ -358,13 +351,6 @@ export class VaultComponent implements OnInit, OnDestroy {
      shareReplay({ refCount: true, bufferSize: 1 }),
    );

-    // This will be passed into the usersCanManage call
-    this.orgRevokedUsers = (
-      await this.organizationUserApiService.getAllUsers(await firstValueFrom(organizationId$))
-    ).data.filter((user: OrganizationUserUserDetailsResponse) => {
-      return user.status === -1;
-    });
-
    const collections$ = combineLatest([
      nestedCollections$,
      filter$,