Refactor policy checks (#1536)

* Move policy checking logic inside PolicyService * Refactor to use currentContext.ManagePolicies * Make orgUser status check more semantic * Fix single org user checks * Use CoreHelper implementation to deserialize json * Refactor policy checks to use db query * Use new db query for enforcing 2FA Policy * Add Policy_ReadByTypeApplicableToUser * Stub out EF implementations * Refactor: use PolicyRepository only * Refactor tests * Copy SQL queries to proj and update sqlproj file * Refactor importCiphersAsync to use new method * Add EF implementations and tests * Refactor SQL to remove unnecessary operations
2025-12-17 00:33:23 +00:00 · 2021-09-28 06:54:28 +10:00
parent fbf3e0dcdc
commit 66629b2f1c
18 changed files with 505 additions and 197 deletions
--- a/src/Core/Services/Implementations/SendService.cs
+++ b/src/Core/Services/Implementations/SendService.cs
@@ -10,6 +10,7 @@ using Bit.Core.Models.Data;
 using Bit.Core.Models.Table;
 using Bit.Core.Repositories;
 using Bit.Core.Settings;
+using Bit.Core.Utilities;
 using Microsoft.AspNetCore.Identity;
 using Newtonsoft.Json;

@@ -280,40 +281,24 @@ namespace Bit.Core.Services
                return;
            }

-            var policies = await _policyRepository.GetManyByUserIdAsync(userId.Value);
-
-            if (policies == null)
+            var disableSendPolicyCount = await _policyRepository.GetCountByTypeApplicableToUserIdAsync(userId.Value,
+                PolicyType.DisableSend);
+            if (disableSendPolicyCount > 0)
            {
-                return;
-            }
-
-            foreach (var policy in policies.Where(p => p.Enabled && p.Type == PolicyType.DisableSend))
-            {
-                if (!await _currentContext.ManagePolicies(policy.OrganizationId))
-                {
-                    throw new BadRequestException("Due to an Enterprise Policy, you are only able to delete an existing Send.");
-                }
+                throw new BadRequestException("Due to an Enterprise Policy, you are only able to delete an existing Send.");
            }

            if (send.HideEmail.GetValueOrDefault())
            {
-                foreach (var policy in policies.Where(p => p.Enabled && p.Type == PolicyType.SendOptions))
+                var sendOptionsPolicies = await _policyRepository.GetManyByTypeApplicableToUserIdAsync(userId.Value, PolicyType.SendOptions);
+                foreach (var policy in sendOptionsPolicies)
                {
-                    if (await _currentContext.ManagePolicies(policy.OrganizationId))
-                    {
-                        continue;
-                    }
-
-                    SendOptionsPolicyData data = null;
-                    if (policy.Data != null)
-                    {
-                        data = JsonConvert.DeserializeObject<SendOptionsPolicyData>(policy.Data);
-                    }
-
+                    var data = CoreHelpers.LoadClassFromJsonData<SendOptionsPolicyData>(policy.Data);
                    if (data?.DisableHideEmail ?? false)
                    {
                        throw new BadRequestException("Due to an Enterprise Policy, you are not allowed to hide your email address from recipients when creating or editing a Send.");
                    }
+
                }
            }
        }