[AC-2286] [Defect] - CLI: User creating a collection through the CLI does not have access to the collection (#9409)

* Send current Org user Id on collection creation through CLI * Run npm prettier * Add organization services to CreateCommand creation on ServeCommand * Refactor organization data models to include organizationUserId property * Refactor create command to utilize the OrganizationUserId on the Organization object * Add users to collection request in edit command * fix: organization.data test update to correct deserialization, refs AC-2286 --------- Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com>
2025-12-10 21:33:27 +00:00 · 2024-06-07 20:14:21 +01:00
parent 7acc13cbb9
commit eef1e511b5
9 changed files with 29 additions and 0 deletions
--- a/apps/cli/src/admin-console/models/request/organization-collection.request.ts
+++ b/apps/cli/src/admin-console/models/request/organization-collection.request.ts
@@ -9,8 +9,10 @@ export class OrganizationCollectionRequest extends CollectionExport {
    req.name = "Collection name";
    req.externalId = null;
    req.groups = [SelectionReadOnly.template(), SelectionReadOnly.template()];
+    req.users = [SelectionReadOnly.template(), SelectionReadOnly.template()];
    return req;
  }

  groups: SelectionReadOnly[];
+  users: SelectionReadOnly[];
 }
--- a/apps/cli/src/commands/edit.command.ts
+++ b/apps/cli/src/commands/edit.command.ts
@@ -170,10 +170,17 @@ export class EditCommand {
          : req.groups.map(
              (g) => new SelectionReadOnlyRequest(g.id, g.readOnly, g.hidePasswords, g.manage),
            );
+      const users =
+        req.users == null
+          ? null
+          : req.users.map(
+              (u) => new SelectionReadOnlyRequest(u.id, u.readOnly, u.hidePasswords, u.manage),
+            );
      const request = new CollectionRequest();
      request.name = (await this.cryptoService.encrypt(req.name, orgKey)).encryptedString;
      request.externalId = req.externalId;
      request.groups = groups;
+      request.users = users;
      const response = await this.apiService.putCollection(req.organizationId, id, request);
      const view = CollectionExport.toView(req);
      view.id = response.id;
--- a/apps/cli/src/commands/serve.command.ts
+++ b/apps/cli/src/commands/serve.command.ts
@@ -87,6 +87,7 @@ export class ServeCommand {
      this.serviceContainer.apiService,
      this.serviceContainer.folderApiService,
      this.serviceContainer.billingAccountProfileStateService,
+      this.serviceContainer.organizationService,
    );
    this.editCommand = new EditCommand(
      this.serviceContainer.cipherService,
--- a/apps/cli/src/vault.program.ts
+++ b/apps/cli/src/vault.program.ts
@@ -226,6 +226,7 @@ export class VaultProgram extends BaseProgram {
          this.serviceContainer.apiService,
          this.serviceContainer.folderApiService,
          this.serviceContainer.billingAccountProfileStateService,
+          this.serviceContainer.organizationService,
        );
        const response = await command.run(object, encodedJson, cmd);
        this.processResponse(response);
--- a/apps/cli/src/vault/create.command.ts
+++ b/apps/cli/src/vault/create.command.ts
@@ -4,6 +4,7 @@ import * as path from "path";
 import { firstValueFrom } from "rxjs";

 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { SelectionReadOnlyRequest } from "@bitwarden/common/admin-console/models/request/selection-read-only.request";
 import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abstractions/account/billing-account-profile-state.service";
 import { CipherExport } from "@bitwarden/common/models/export/cipher.export";
@@ -32,6 +33,7 @@ export class CreateCommand {
    private apiService: ApiService,
    private folderApiService: FolderApiServiceAbstraction,
    private accountProfileService: BillingAccountProfileStateService,
+    private organizationService: OrganizationService,
  ) {}

  async run(
@@ -183,6 +185,8 @@ export class CreateCommand {
      if (orgKey == null) {
        throw new Error("No encryption key for this organization.");
      }
+      const organization = await this.organizationService.get(req.organizationId);
+      const currentOrgUserId = organization.organizationUserId;

      const groups =
        req.groups == null
@@ -190,10 +194,17 @@ export class CreateCommand {
          : req.groups.map(
              (g) => new SelectionReadOnlyRequest(g.id, g.readOnly, g.hidePasswords, g.manage),
            );
+      const users =
+        req.users == null
+          ? [new SelectionReadOnlyRequest(currentOrgUserId, false, false, true)]
+          : req.users.map(
+              (u) => new SelectionReadOnlyRequest(u.id, u.readOnly, u.hidePasswords, u.manage),
+            );
      const request = new CollectionRequest();
      request.name = (await this.cryptoService.encrypt(req.name, orgKey)).encryptedString;
      request.externalId = req.externalId;
      request.groups = groups;
+      request.users = users;
      const response = await this.apiService.postCollection(req.organizationId, request);
      const view = CollectionExport.toView(req);
      view.id = response.id;