AC Team code ownership moves - Api project (#3351)

src/Api/AdminConsole/Public/Models/GroupBaseModel.cs

@@ -0,0 +1,26 @@
+using System.ComponentModel.DataAnnotations;
+
+namespace Bit.Api.AdminConsole.Public.Models;
+
+public abstract class GroupBaseModel
+{
+    /// <summary>
+    /// The name of the group.
+    /// </summary>
+    /// <example>Development Team</example>
+    [Required]
+    [StringLength(100)]
+    public string Name { get; set; }
+    /// <summary>
+    /// Determines if this group can access all collections within the organization, or only the associated
+    /// collections. If set to <c>true</c>, this option overrides any collection assignments.
+    /// </summary>
+    [Required]
+    public bool? AccessAll { get; set; }
+    /// <summary>
+    /// External identifier for reference or linking this group to another system, such as a user directory.
+    /// </summary>
+    /// <example>external_id_123456</example>
+    [StringLength(300)]
+    public string ExternalId { get; set; }
+}

src/Api/AdminConsole/Public/Models/MemberBaseModel.cs

@@ -0,0 +1,60 @@
+using System.ComponentModel.DataAnnotations;
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Models.Data.Organizations.OrganizationUsers;
+
+namespace Bit.Api.AdminConsole.Public.Models;
+
+public abstract class MemberBaseModel
+{
+    public MemberBaseModel() { }
+
+    public MemberBaseModel(OrganizationUser user)
+    {
+        if (user == null)
+        {
+            throw new ArgumentNullException(nameof(user));
+        }
+
+        Type = user.Type;
+        AccessAll = user.AccessAll;
+        ExternalId = user.ExternalId;
+        ResetPasswordEnrolled = user.ResetPasswordKey != null;
+    }
+
+    public MemberBaseModel(OrganizationUserUserDetails user)
+    {
+        if (user == null)
+        {
+            throw new ArgumentNullException(nameof(user));
+        }
+
+        Type = user.Type;
+        AccessAll = user.AccessAll;
+        ExternalId = user.ExternalId;
+        ResetPasswordEnrolled = user.ResetPasswordKey != null;
+    }
+
+    /// <summary>
+    /// The member's type (or role) within the organization.
+    /// </summary>
+    [Required]
+    public OrganizationUserType? Type { get; set; }
+    /// <summary>
+    /// Determines if this member can access all collections within the organization, or only the associated
+    /// collections. If set to <c>true</c>, this option overrides any collection assignments.
+    /// </summary>
+    [Required]
+    public bool? AccessAll { get; set; }
+    /// <summary>
+    /// External identifier for reference or linking this member to another system, such as a user directory.
+    /// </summary>
+    /// <example>external_id_123456</example>
+    [StringLength(300)]
+    public string ExternalId { get; set; }
+    /// <summary>
+    /// Returns <c>true</c> if the member has enrolled in Password Reset assistance within the organization
+    /// </summary>
+    [Required]
+    public bool ResetPasswordEnrolled { get; set; }
+}

src/Api/AdminConsole/Public/Models/PolicyBaseModel.cs

@@ -0,0 +1,16 @@
+using System.ComponentModel.DataAnnotations;
+
+namespace Bit.Api.AdminConsole.Public.Models;
+
+public abstract class PolicyBaseModel
+{
+    /// <summary>
+    /// Determines if this policy is enabled and enforced.
+    /// </summary>
+    [Required]
+    public bool? Enabled { get; set; }
+    /// <summary>
+    /// Data for the policy.
+    /// </summary>
+    public Dictionary<string, object> Data { get; set; }
+}

src/Api/AdminConsole/Public/Models/Request/GroupCreateUpdateRequestModel.cs

@@ -0,0 +1,28 @@
+using Bit.Api.Auth.Models.Public.Request;
+using Bit.Core.Entities;
+
+namespace Bit.Api.AdminConsole.Public.Models.Request;
+
+public class GroupCreateUpdateRequestModel : GroupBaseModel
+{
+    /// <summary>
+    /// The associated collections that this group can access.
+    /// </summary>
+    public IEnumerable<AssociationWithPermissionsRequestModel> Collections { get; set; }
+
+    public Group ToGroup(Guid orgId)
+    {
+        return ToGroup(new Group
+        {
+            OrganizationId = orgId
+        });
+    }
+
+    public Group ToGroup(Group existingGroup)
+    {
+        existingGroup.Name = Name;
+        existingGroup.AccessAll = AccessAll.Value;
+        existingGroup.ExternalId = ExternalId;
+        return existingGroup;
+    }
+}

src/Api/AdminConsole/Public/Models/Request/MemberCreateRequestModel.cs

@@ -0,0 +1,22 @@
+using System.ComponentModel.DataAnnotations;
+using Bit.Core.Entities;
+using Bit.Core.Utilities;
+
+namespace Bit.Api.AdminConsole.Public.Models.Request;
+
+public class MemberCreateRequestModel : MemberUpdateRequestModel
+{
+    /// <summary>
+    /// The member's email address.
+    /// </summary>
+    /// <example>jsmith@example.com</example>
+    [Required]
+    [StringLength(256)]
+    [StrictEmailAddress]
+    public string Email { get; set; }
+
+    public override OrganizationUser ToOrganizationUser(OrganizationUser existingUser)
+    {
+        throw new NotImplementedException();
+    }
+}

src/Api/AdminConsole/Public/Models/Request/MemberUpdateRequestModel.cs

@@ -0,0 +1,25 @@
+using Bit.Api.Auth.Models.Public.Request;
+using Bit.Core.Entities;
+
+namespace Bit.Api.AdminConsole.Public.Models.Request;
+
+public class MemberUpdateRequestModel : MemberBaseModel
+{
+    /// <summary>
+    /// The associated collections that this member can access.
+    /// </summary>
+    public IEnumerable<AssociationWithPermissionsRequestModel> Collections { get; set; }
+
+    /// <summary>
+    /// Ids of the associated groups that this member will belong to
+    /// </summary>
+    public IEnumerable<Guid> Groups { get; set; }
+
+    public virtual OrganizationUser ToOrganizationUser(OrganizationUser existingUser)
+    {
+        existingUser.Type = Type.Value;
+        existingUser.AccessAll = AccessAll.Value;
+        existingUser.ExternalId = ExternalId;
+        return existingUser;
+    }
+}

src/Api/AdminConsole/Public/Models/Request/OrganizationImportRequestModel.cs

@@ -0,0 +1,111 @@
+using System.ComponentModel.DataAnnotations;
+using System.Text.Json.Serialization;
+using Bit.Core.Entities;
+using Bit.Core.Models.Business;
+using Bit.Core.Utilities;
+
+namespace Bit.Api.AdminConsole.Public.Models.Request;
+
+public class OrganizationImportRequestModel
+{
+    /// <summary>
+    /// Groups to import.
+    /// </summary>
+    public OrganizationImportGroupRequestModel[] Groups { get; set; }
+    /// <summary>
+    /// Members to import.
+    /// </summary>
+    public OrganizationImportMemberRequestModel[] Members { get; set; }
+    /// <summary>
+    /// Determines if the data in this request should overwrite or append to the existing organization data.
+    /// </summary>
+    [Required]
+    public bool? OverwriteExisting { get; set; }
+    /// <summary>
+    /// Indicates an import of over 2000 users and/or groups is expected
+    /// </summary>
+    public bool LargeImport { get; set; } = false;
+
+    public class OrganizationImportGroupRequestModel
+    {
+        /// <summary>
+        /// The name of the group.
+        /// </summary>
+        /// <example>Development Team</example>
+        [Required]
+        [StringLength(100)]
+        public string Name { get; set; }
+        /// <summary>
+        /// External identifier for reference or linking this group to another system, such as a user directory.
+        /// </summary>
+        /// <example>external_id_123456</example>
+        [Required]
+        [StringLength(300)]
+        [JsonConverter(typeof(PermissiveStringConverter))]
+        public string ExternalId { get; set; }
+        /// <summary>
+        /// The associated external ids for members in this group.
+        /// </summary>
+        [JsonConverter(typeof(PermissiveStringEnumerableConverter))]
+        public IEnumerable<string> MemberExternalIds { get; set; }
+
+        public ImportedGroup ToImportedGroup(Guid organizationId)
+        {
+            var importedGroup = new ImportedGroup
+            {
+                Group = new Group
+                {
+                    OrganizationId = organizationId,
+                    Name = Name,
+                    ExternalId = ExternalId
+                },
+                ExternalUserIds = new HashSet<string>(MemberExternalIds)
+            };
+
+            return importedGroup;
+        }
+    }
+
+    public class OrganizationImportMemberRequestModel : IValidatableObject
+    {
+        /// <summary>
+        /// The member's email address. Required for non-deleted users.
+        /// </summary>
+        /// <example>jsmith@example.com</example>
+        [EmailAddress]
+        [StringLength(256)]
+        public string Email { get; set; }
+        /// <summary>
+        /// External identifier for reference or linking this member to another system, such as a user directory.
+        /// </summary>
+        /// <example>external_id_123456</example>
+        [Required]
+        [StringLength(300)]
+        [JsonConverter(typeof(PermissiveStringConverter))]
+        public string ExternalId { get; set; }
+        /// <summary>
+        /// Determines if this member should be removed from the organization during import.
+        /// </summary>
+        public bool Deleted { get; set; }
+
+        public ImportedOrganizationUser ToImportedOrganizationUser()
+        {
+            var importedUser = new ImportedOrganizationUser
+            {
+                Email = Email.ToLowerInvariant(),
+                ExternalId = ExternalId
+            };
+
+            return importedUser;
+        }
+
+        public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
+        {
+            if (string.IsNullOrWhiteSpace(Email) && !Deleted)
+            {
+                yield return new ValidationResult("Email is required for enabled members.",
+                    new string[] { nameof(Email) });
+            }
+        }
+    }
+}

src/Api/AdminConsole/Public/Models/Request/PolicyUpdateRequestModel.cs

@@ -0,0 +1,22 @@
+using System.Text.Json;
+using Bit.Core.Entities;
+
+namespace Bit.Api.AdminConsole.Public.Models.Request;
+
+public class PolicyUpdateRequestModel : PolicyBaseModel
+{
+    public Policy ToPolicy(Guid orgId)
+    {
+        return ToPolicy(new Policy
+        {
+            OrganizationId = orgId
+        });
+    }
+
+    public virtual Policy ToPolicy(Policy existingPolicy)
+    {
+        existingPolicy.Enabled = Enabled.GetValueOrDefault();
+        existingPolicy.Data = Data != null ? JsonSerializer.Serialize(Data) : null;
+        return existingPolicy;
+    }
+}

src/Api/AdminConsole/Public/Models/Request/UpdateGroupIdsRequestModel.cs

@@ -0,0 +1,9 @@
+namespace Bit.Api.AdminConsole.Public.Models.Request;
+
+public class UpdateGroupIdsRequestModel
+{
+    /// <summary>
+    /// The associated group ids that this object can access.
+    /// </summary>
+    public IEnumerable<Guid> GroupIds { get; set; }
+}

src/Api/AdminConsole/Public/Models/Request/UpdateMemberIdsRequestModel.cs

@@ -0,0 +1,9 @@
+namespace Bit.Api.AdminConsole.Public.Models.Request;
+
+public class UpdateMemberIdsRequestModel
+{
+    /// <summary>
+    /// The associated member ids that have access to this object.
+    /// </summary>
+    public IEnumerable<Guid> MemberIds { get; set; }
+}

src/Api/AdminConsole/Public/Models/Response/GroupResponseModel.cs

@@ -0,0 +1,44 @@
+using System.ComponentModel.DataAnnotations;
+using Bit.Api.Auth.Models.Public.Response;
+using Bit.Api.Models.Public.Response;
+using Bit.Core.Entities;
+using Bit.Core.Models.Data;
+
+namespace Bit.Api.AdminConsole.Public.Models.Response;
+
+/// <summary>
+/// A user group.
+/// </summary>
+public class GroupResponseModel : GroupBaseModel, IResponseModel
+{
+    public GroupResponseModel(Group group, IEnumerable<CollectionAccessSelection> collections)
+    {
+        if (group == null)
+        {
+            throw new ArgumentNullException(nameof(group));
+        }
+
+        Id = group.Id;
+        Name = group.Name;
+        AccessAll = group.AccessAll;
+        ExternalId = group.ExternalId;
+        Collections = collections?.Select(c => new AssociationWithPermissionsResponseModel(c));
+    }
+
+    /// <summary>
+    /// String representing the object's type. Objects of the same type share the same properties.
+    /// </summary>
+    /// <example>group</example>
+    [Required]
+    public string Object => "group";
+    /// <summary>
+    /// The group's unique identifier.
+    /// </summary>
+    /// <example>539a36c5-e0d2-4cf9-979e-51ecf5cf6593</example>
+    [Required]
+    public Guid Id { get; set; }
+    /// <summary>
+    /// The associated collections that this group can access.
+    /// </summary>
+    public IEnumerable<AssociationWithPermissionsResponseModel> Collections { get; set; }
+}

src/Api/AdminConsole/Public/Models/Response/MemberResponseModel.cs

@@ -0,0 +1,95 @@
+using System.ComponentModel.DataAnnotations;
+using Bit.Api.Auth.Models.Public.Response;
+using Bit.Api.Models.Public.Response;
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Models.Data;
+using Bit.Core.Models.Data.Organizations.OrganizationUsers;
+
+namespace Bit.Api.AdminConsole.Public.Models.Response;
+
+/// <summary>
+/// An organization member.
+/// </summary>
+public class MemberResponseModel : MemberBaseModel, IResponseModel
+{
+    public MemberResponseModel(OrganizationUser user, IEnumerable<CollectionAccessSelection> collections)
+        : base(user)
+    {
+        if (user == null)
+        {
+            throw new ArgumentNullException(nameof(user));
+        }
+
+        Id = user.Id;
+        UserId = user.UserId;
+        Email = user.Email;
+        Status = user.Status;
+        Collections = collections?.Select(c => new AssociationWithPermissionsResponseModel(c));
+    }
+
+    public MemberResponseModel(OrganizationUserUserDetails user, bool twoFactorEnabled,
+        IEnumerable<CollectionAccessSelection> collections)
+        : base(user)
+    {
+        if (user == null)
+        {
+            throw new ArgumentNullException(nameof(user));
+        }
+
+        Id = user.Id;
+        UserId = user.UserId;
+        Name = user.Name;
+        Email = user.Email;
+        TwoFactorEnabled = twoFactorEnabled;
+        Status = user.Status;
+        Collections = collections?.Select(c => new AssociationWithPermissionsResponseModel(c));
+    }
+
+    /// <summary>
+    /// String representing the object's type. Objects of the same type share the same properties.
+    /// </summary>
+    /// <example>member</example>
+    [Required]
+    public string Object => "member";
+    /// <summary>
+    /// The member's unique identifier within the organization.
+    /// </summary>
+    /// <example>539a36c5-e0d2-4cf9-979e-51ecf5cf6593</example>
+    [Required]
+    public Guid Id { get; set; }
+    /// <summary>
+    /// The member's unique identifier across Bitwarden.
+    /// </summary>
+    /// <example>48b47ee1-493e-4c67-aef7-014996c40eca</example>
+    [Required]
+    public Guid? UserId { get; set; }
+    /// <summary>
+    /// The member's name, set from their user account profile.
+    /// </summary>
+    /// <example>John Smith</example>
+    public string Name { get; set; }
+    /// <summary>
+    /// The member's email address.
+    /// </summary>
+    /// <example>jsmith@example.com</example>
+    [Required]
+    public string Email { get; set; }
+    /// <summary>
+    /// Returns <c>true</c> if the member has a two-step login method enabled on their user account.
+    /// </summary>
+    [Required]
+    public bool TwoFactorEnabled { get; set; }
+    /// <summary>
+    /// The member's status within the organization. All created members start with a status of "Invited".
+    /// Once a member accept's their invitation to join the organization, their status changes to "Accepted".
+    /// Accepted members are then "Confirmed" by an organization administrator. Once a member is "Confirmed",
+    /// their status can no longer change.
+    /// </summary>
+    [Required]
+    public OrganizationUserStatusType Status { get; set; }
+    /// <summary>
+    /// The associated collections that this member can access.
+    /// </summary>
+    public IEnumerable<AssociationWithPermissionsResponseModel> Collections { get; set; }
+}

src/Api/AdminConsole/Public/Models/Response/PolicyResponseModel.cs

@@ -0,0 +1,47 @@
+using System.ComponentModel.DataAnnotations;
+using System.Text.Json;
+using Bit.Api.Models.Public.Response;
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+
+namespace Bit.Api.AdminConsole.Public.Models.Response;
+
+/// <summary>
+/// A policy.
+/// </summary>
+public class PolicyResponseModel : PolicyBaseModel, IResponseModel
+{
+    public PolicyResponseModel(Policy policy)
+    {
+        if (policy == null)
+        {
+            throw new ArgumentNullException(nameof(policy));
+        }
+
+        Id = policy.Id;
+        Type = policy.Type;
+        Enabled = policy.Enabled;
+        if (!string.IsNullOrWhiteSpace(policy.Data))
+        {
+            Data = JsonSerializer.Deserialize<Dictionary<string, object>>(policy.Data);
+        }
+    }
+
+    /// <summary>
+    /// String representing the object's type. Objects of the same type share the same properties.
+    /// </summary>
+    /// <example>policy</example>
+    [Required]
+    public string Object => "policy";
+    /// <summary>
+    /// The policy's unique identifier.
+    /// </summary>
+    /// <example>539a36c5-e0d2-4cf9-979e-51ecf5cf6593</example>
+    [Required]
+    public Guid Id { get; set; }
+    /// <summary>
+    /// The type of policy.
+    /// </summary>
+    [Required]
+    public PolicyType? Type { get; set; }
+}