[PM-13298] Modify members access logic (#4876)

* Initial refactor of members acess * Refactor of the members access report to include a list of ciphers * Saving ciphers to parent object * Missed saving the response model * bit.core change and updating references. Removing unused refs * Removing commented code * Adding Bit to the namespaces * The mapping to the response model missed setting the UserId
2026-01-03 09:03:44 +00:00 · 2024-11-11 11:18:10 -05:00
parent 1dec51bf5a
commit 0e23a07bbc
9 changed files with 370 additions and 195 deletions
--- a/src/Api/Tools/Controllers/ReportsController.cs
+++ b/src/Api/Tools/Controllers/ReportsController.cs
@@ -1,13 +1,9 @@
 using Bit.Api.Tools.Models.Response;
-using Bit.Core.AdminConsole.Repositories;
-using Bit.Core.Auth.UserFeatures.TwoFactorAuth.Interfaces;
 using Bit.Core.Context;
 using Bit.Core.Exceptions;
-using Bit.Core.Repositories;
-using Bit.Core.Services;
-using Bit.Core.Vault.Queries;
-using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
-using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Requests;
+using Bit.Core.Tools.Models.Data;
+using Bit.Core.Tools.ReportFeatures.OrganizationReportMembers.Interfaces;
+using Bit.Core.Tools.ReportFeatures.Requests;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;

@@ -17,33 +13,49 @@ namespace Bit.Api.Tools.Controllers;
 [Authorize("Application")]
 public class ReportsController : Controller
 {
-    private readonly IOrganizationUserUserDetailsQuery _organizationUserUserDetailsQuery;
-    private readonly IGroupRepository _groupRepository;
-    private readonly ICollectionRepository _collectionRepository;
    private readonly ICurrentContext _currentContext;
-    private readonly IOrganizationCiphersQuery _organizationCiphersQuery;
-    private readonly IApplicationCacheService _applicationCacheService;
-    private readonly ITwoFactorIsEnabledQuery _twoFactorIsEnabledQuery;
+    private readonly IMemberAccessCipherDetailsQuery _memberAccessCipherDetailsQuery;

    public ReportsController(
-        IOrganizationUserUserDetailsQuery organizationUserUserDetailsQuery,
-        IGroupRepository groupRepository,
-        ICollectionRepository collectionRepository,
        ICurrentContext currentContext,
-        IOrganizationCiphersQuery organizationCiphersQuery,
-        IApplicationCacheService applicationCacheService,
-        ITwoFactorIsEnabledQuery twoFactorIsEnabledQuery
+        IMemberAccessCipherDetailsQuery memberAccessCipherDetailsQuery
    )
    {
-        _organizationUserUserDetailsQuery = organizationUserUserDetailsQuery;
-        _groupRepository = groupRepository;
-        _collectionRepository = collectionRepository;
        _currentContext = currentContext;
-        _organizationCiphersQuery = organizationCiphersQuery;
-        _applicationCacheService = applicationCacheService;
-        _twoFactorIsEnabledQuery = twoFactorIsEnabledQuery;
+        _memberAccessCipherDetailsQuery = memberAccessCipherDetailsQuery;
    }

+    /// <summary>
+    /// Organization member information containing a list of cipher ids
+    /// assigned
+    /// </summary>
+    /// <param name="orgId">Organzation Id</param>
+    /// <returns>IEnumerable of MemberCipherDetailsResponseModel</returns>
+    /// <exception cref="NotFoundException">If Access reports permission is not assigned</exception>
+    [HttpGet("member-cipher-details/{orgId}")]
+    public async Task<IEnumerable<MemberCipherDetailsResponseModel>> GetMemberCipherDetails(Guid orgId)
+    {
+        // Using the AccessReports permission here until new permissions  
+        // are needed for more control over reports
+        if (!await _currentContext.AccessReports(orgId))
+        {
+            throw new NotFoundException();
+        }
+
+        var memberCipherDetails = await GetMemberCipherDetails(new MemberAccessCipherDetailsRequest { OrganizationId = orgId });
+
+        var responses = memberCipherDetails.Select(x => new MemberCipherDetailsResponseModel(x));
+
+        return responses;
+    }
+
+    /// <summary>
+    /// Access details for an organization member. Includes the member information,
+    /// group collection assignment, and item counts
+    /// </summary>
+    /// <param name="orgId">Organization Id</param>
+    /// <returns>IEnumerable of MemberAccessReportResponseModel</returns>
+    /// <exception cref="NotFoundException">If Access reports permission is not assigned</exception>
    [HttpGet("member-access/{orgId}")]
    public async Task<IEnumerable<MemberAccessReportResponseModel>> GetMemberAccessReport(Guid orgId)
    {
@@ -52,26 +64,23 @@ public class ReportsController : Controller
            throw new NotFoundException();
        }

-        var orgUsers = await _organizationUserUserDetailsQuery.GetOrganizationUserUserDetails(
-            new OrganizationUserUserDetailsQueryRequest
-            {
-                OrganizationId = orgId,
-                IncludeCollections = true,
-                IncludeGroups = true
-            });
+        var memberCipherDetails = await GetMemberCipherDetails(new MemberAccessCipherDetailsRequest { OrganizationId = orgId });

-        var orgGroups = await _groupRepository.GetManyByOrganizationIdAsync(orgId);
-        var orgAbility = await _applicationCacheService.GetOrganizationAbilityAsync(orgId);
-        var orgCollectionsWithAccess = await _collectionRepository.GetManyByOrganizationIdWithAccessAsync(orgId);
-        var orgItems = await _organizationCiphersQuery.GetAllOrganizationCiphers(orgId);
-        var organizationUsersTwoFactorEnabled = await _twoFactorIsEnabledQuery.TwoFactorIsEnabledAsync(orgUsers);
+        var responses = memberCipherDetails.Select(x => new MemberAccessReportResponseModel(x));

-        var reports = MemberAccessReportResponseModel.CreateReport(
-            orgGroups,
-            orgCollectionsWithAccess,
-            orgItems,
-            organizationUsersTwoFactorEnabled,
-            orgAbility);
-        return reports;
+        return responses;
+    }
+
+    /// <summary>
+    /// Contains the organization member info, the cipher ids associated with the member, 
+    /// and details on their collections, groups, and permissions
+    /// </summary>
+    /// <param name="request">Request to the MemberAccessCipherDetailsQuery</param>
+    /// <returns>IEnumerable of MemberAccessCipherDetails</returns>
+    private async Task<IEnumerable<MemberAccessCipherDetails>> GetMemberCipherDetails(MemberAccessCipherDetailsRequest request)
+    {
+        var memberCipherDetails =
+            await _memberAccessCipherDetailsQuery.GetMemberAccessCipherDetails(request);
+        return memberCipherDetails;
    }
 }