[PM-20092] Refactor OrganizationUsersController Get to return account recovery users (#5756)

* wip * wip * add dict conversion to Get * wip * clean up * clean up * continue refactor * Fix feature flag Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com> --------- Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
2025-12-10 21:33:41 +00:00 · 2025-05-06 13:45:05 -04:00
parent 10fcff58b2
commit 28467fc8f6
6 changed files with 137 additions and 3 deletions
--- a/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs
+++ b/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs
@@ -1,4 +1,5 @@
-using Bit.Api.AdminConsole.Models.Request.Organizations;
+using Bit.Api.AdminConsole.Authorization.Requirements;
+using Bit.Api.AdminConsole.Models.Request.Organizations;
 using Bit.Api.AdminConsole.Models.Response.Organizations;
 using Bit.Api.Models.Request.Organizations;
 using Bit.Api.Models.Response;
@@ -162,6 +163,12 @@ public class OrganizationUsersController : Controller
    [HttpGet("")]
    public async Task<ListResponseModel<OrganizationUserUserDetailsResponseModel>> Get(Guid orgId, bool includeGroups = false, bool includeCollections = false)
    {
+
+        if (_featureService.IsEnabled(FeatureFlagKeys.SeparateCustomRolePermissions))
+        {
+            return await GetvNextAsync(orgId, includeGroups, includeCollections);
+        }
+
        var authorized = (await _authorizationService.AuthorizeAsync(
            User, new OrganizationScope(orgId), OrganizationUserUserDetailsOperations.ReadAll)).Succeeded;
        if (!authorized)
@@ -191,6 +198,37 @@ public class OrganizationUsersController : Controller
        return new ListResponseModel<OrganizationUserUserDetailsResponseModel>(responses);
    }

+    private async Task<ListResponseModel<OrganizationUserUserDetailsResponseModel>> GetvNextAsync(Guid orgId, bool includeGroups = false, bool includeCollections = false)
+    {
+        var request = new OrganizationUserUserDetailsQueryRequest
+        {
+            OrganizationId = orgId,
+            IncludeGroups = includeGroups,
+            IncludeCollections = includeCollections,
+        };
+
+        if ((await _authorizationService.AuthorizeAsync(User, new ManageUsersRequirement())).Succeeded)
+        {
+            return GetResultListResponseModel(await _organizationUserUserDetailsQuery.Get(request));
+        }
+
+        if ((await _authorizationService.AuthorizeAsync(User, new ManageAccountRecoveryRequirement())).Succeeded)
+        {
+            return GetResultListResponseModel(await _organizationUserUserDetailsQuery.GetAccountRecoveryEnrolledUsers(request));
+        }
+
+        throw new NotFoundException();
+    }
+
+    private ListResponseModel<OrganizationUserUserDetailsResponseModel> GetResultListResponseModel(IEnumerable<(OrganizationUserUserDetails OrgUser,
+                bool TwoFactorEnabled, bool ClaimedByOrganization)> results)
+    {
+        return new ListResponseModel<OrganizationUserUserDetailsResponseModel>(results
+            .Select(result => new OrganizationUserUserDetailsResponseModel(result))
+            .ToList());
+    }
+
+
    [HttpGet("{id}/groups")]
    public async Task<IEnumerable<string>> GetGroups(string orgId, string id)
    {