mirror of
https://github.com/bitwarden/server
synced 2025-12-24 20:23:21 +00:00
[PM-22103] Exclude default collections from admin apis (#6021)
* feat: exclude DefaultUserCollection from GetManyByOrganizationIdWithPermissionsAsync Updated EF implementation, SQL procedure, and unit test to verify that default user collections are filtered from results * Update the public CollectionsController.Get method to return a NotFoundResult for collections of type DefaultUserCollection. * Add unit tests for the public CollectionsController * Update ICollectionRepository.GetManyByOrganizationIdAsync to exclude results of the type DefaultUserCollection Modified the SQL stored procedure and the EF query to reflect this change and added a new integration test to ensure the functionality works as expected. * Refactor CollectionsController to remove unused IApplicationCacheService dependency * Update IOrganizationUserRepository.GetDetailsByIdWithCollectionsAsync to exclude DefaultUserCollections * Update IOrganizationUserRepository.GetManyDetailsByOrganizationAsync to exclude DefaultUserCollections * Undo change to GetByIdWithCollectionsAsync * Update integration test to verify exclusion of DefaultUserCollection in OrganizationUserRepository.GetDetailsByIdWithCollectionsAsync * Clarify documentation in ICollectionRepository to specify that GetManyByOrganizationIdWithAccessAsync returns only shared collections belonging to the organization. * Add Arrange, Act, and Assert comments to CollectionsControllerTests
This commit is contained in:
Rui Tomé
GitHub
@@ -257,7 +257,8 @@ public class OrganizationUserRepository : Repository<Core.Entities.OrganizationU
|
||||
var dbContext = GetDatabaseContext(scope);
|
||||
var query = from ou in dbContext.OrganizationUsers
|
||||
join cu in dbContext.CollectionUsers on ou.Id equals cu.OrganizationUserId
|
||||
where ou.Id == id
|
||||
join c in dbContext.Collections on cu.CollectionId equals c.Id
|
||||
where ou.Id == id && c.Type != CollectionType.DefaultUserCollection
|
||||
select cu;
|
||||
var collections = await query.Select(cu => new CollectionAccessSelection
|
||||
{
|
||||
@@ -369,6 +370,8 @@ public class OrganizationUserRepository : Repository<Core.Entities.OrganizationU
|
||||
{
|
||||
collections = (await (from cu in dbContext.CollectionUsers
|
||||
join ou in userIdEntities on cu.OrganizationUserId equals ou.Id
|
||||
join c in dbContext.Collections on cu.CollectionId equals c.Id
|
||||
where c.Type != CollectionType.DefaultUserCollection
|
||||
select cu).ToListAsync())
|
||||
.GroupBy(c => c.OrganizationUserId).ToList();
|
||||
}
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
using AutoMapper;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Models.Data;
|
||||
using Bit.Core.Repositories;
|
||||
using Bit.Infrastructure.EntityFramework.Models;
|
||||
@@ -216,7 +217,8 @@ public class CollectionRepository : Repository<Core.Entities.Collection, Collect
|
||||
{
|
||||
var dbContext = GetDatabaseContext(scope);
|
||||
var query = from c in dbContext.Collections
|
||||
where c.OrganizationId == organizationId
|
||||
where c.OrganizationId == organizationId &&
|
||||
c.Type != CollectionType.DefaultUserCollection
|
||||
select c;
|
||||
var collections = await query.ToArrayAsync();
|
||||
return collections;
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
using Bit.Core.Models.Data;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Models.Data;
|
||||
|
||||
namespace Bit.Infrastructure.EntityFramework.Repositories.Queries;
|
||||
|
||||
@@ -59,7 +60,9 @@ public class CollectionAdminDetailsQuery : IQuery<CollectionAdminDetails>
|
||||
|
||||
if (_organizationId.HasValue)
|
||||
{
|
||||
baseCollectionQuery = baseCollectionQuery.Where(x => x.c.OrganizationId == _organizationId);
|
||||
baseCollectionQuery = baseCollectionQuery.Where(x =>
|
||||
x.c.OrganizationId == _organizationId &&
|
||||
x.c.Type != CollectionType.DefaultUserCollection);
|
||||
}
|
||||
else if (_collectionId.HasValue)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user