bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2025-12-23 03:33:35 +00:00
Code Issues Releases Wiki Activity

[PM-22103] Exclude default collections from admin apis (#6021)

Browse Source 
* feat: exclude DefaultUserCollection from GetManyByOrganizationIdWithPermissionsAsync

Updated EF implementation, SQL procedure, and unit test to verify that default user collections are filtered from results

* Update the public CollectionsController.Get method to return a NotFoundResult for collections of type DefaultUserCollection.

* Add unit tests for the public CollectionsController

* Update ICollectionRepository.GetManyByOrganizationIdAsync to exclude results of the type DefaultUserCollection

Modified the SQL stored procedure and the EF query to reflect this change and added a new integration test to ensure the functionality works as expected.

* Refactor CollectionsController to remove unused IApplicationCacheService dependency

* Update IOrganizationUserRepository.GetDetailsByIdWithCollectionsAsync to exclude DefaultUserCollections

* Update IOrganizationUserRepository.GetManyDetailsByOrganizationAsync to exclude DefaultUserCollections

* Undo change to GetByIdWithCollectionsAsync

* Update integration test to verify exclusion of DefaultUserCollection in OrganizationUserRepository.GetDetailsByIdWithCollectionsAsync

* Clarify documentation in ICollectionRepository to specify that GetManyByOrganizationIdWithAccessAsync returns only shared collections belonging to the organization.

* Add Arrange, Act, and Assert comments to CollectionsControllerTests
This commit is contained in:
Rui Tomé
2025-07-18 13:00:54 +01:00
committed by GitHub
parent 828003f101
commit 30300bc59b
14 changed files with 500 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/Core/Repositories/ICollectionRepository.cs
View File

@@ -16,12 +16,12 @@ public interface ICollectionRepository : IRepository<Collection, Guid>
/// <summary>
/// Return all collections that belong to the organization. Does not include any permission details or group/user
/// access relationships.
/// access relationships. Excludes default collections (My Items collections).
/// </summary>
Task<ICollection<Collection>> GetManyByOrganizationIdAsync(Guid organizationId);
/// <summary>
/// Return all collections that belong to the organization. Includes group/user access relationships for each collection.
/// Return all shared collections that belong to the organization. Includes group/user access relationships for each collection.
/// </summary>
Task<ICollection<Tuple<Collection, CollectionAccessDetails>>> GetManyByOrganizationIdWithAccessAsync(Guid organizationId);
@@ -34,9 +34,10 @@ public interface ICollectionRepository : IRepository<Collection, Guid>
Task<ICollection<CollectionDetails>> GetManyByUserIdAsync(Guid userId);
/// <summary>
/// Returns all collections for an organization, including permission info for the specified user.
/// Returns all shared collections for an organization, including permission info for the specified user.
/// This does not perform any authorization checks internally!
/// Optionally, you can include access relationships for other Groups/Users and the collections.
/// Excludes default collections (My Items collections) - used by Admin Console Collections tab.
/// </summary>
Task<ICollection<CollectionAdminDetails>> GetManyByOrganizationIdWithPermissionsAsync(Guid organizationId, Guid userId, bool includeAccessRelationships);