[AC-1809] Update OrganizationAbility with Collection Management Settings (#3571)

* feat: Update OrganizationAbility with LimitCollectionCreationDeletion, refs AC-1809 * feat: Update OrganizationAbility constructor usage to pass feature flag state, refs AC-1809 * feat: Update EF retrieval of org abilities to include new property from database, refs AC-1809 * feat: Update sproc to include LimitCollectionCreationDeletion property and create migration, refs AC-1809 * feat: Inject ApplicationCache into handler accessing LimitCollectionCreationDeletion, refs AC-1809 * feat: remove collection management settings from CurrentContextOrganization and update tests, refs AC-1809 * feat: add AllowAdminAccessToAllCollectionItems to OrganizationAbility pipeline, refs AC-1809 --------- Co-authored-by: Thomas Rittson <trittson@bitwarden.com> Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2026-01-06 10:34:01 +00:00 · 2023-12-27 18:07:06 -06:00
parent 2ab35e389c
commit 71def39015
12 changed files with 257 additions and 50 deletions
--- a/test/Api.Test/Vault/AuthorizationHandlers/OrganizationUserAuthorizationHandlerTests.cs
+++ b/test/Api.Test/Vault/AuthorizationHandlers/OrganizationUserAuthorizationHandlerTests.cs
@@ -4,6 +4,8 @@ using Bit.Core;
 using Bit.Core.Context;
 using Bit.Core.Enums;
 using Bit.Core.Models.Data;
+using Bit.Core.Models.Data.Organizations;
+using Bit.Core.Services;
 using Bit.Core.Test.AutoFixture;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
@@ -26,9 +28,10 @@ public class OrganizationUserAuthorizationHandlerTests
        CurrentContextOrganization organization)
    {
        organization.Type = userType;
-        organization.LimitCollectionCreationDeletion = true;
        organization.Permissions = new Permissions();

+        var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
+
        var context = new AuthorizationHandlerContext(
            new[] { OrganizationUserOperations.ReadAll(organization.Id) },
            new ClaimsPrincipal(),
@@ -36,6 +39,7 @@ public class OrganizationUserAuthorizationHandlerTests

        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
+        sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);

        await sutProvider.Sut.HandleAsync(context);

@@ -48,9 +52,10 @@ public class OrganizationUserAuthorizationHandlerTests
        SutProvider<OrganizationUserAuthorizationHandler> sutProvider, CurrentContextOrganization organization)
    {
        organization.Type = OrganizationUserType.User;
-        organization.LimitCollectionCreationDeletion = true;
        organization.Permissions = new Permissions();

+        var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
+
        var context = new AuthorizationHandlerContext(
            new[] { OrganizationUserOperations.ReadAll(organization.Id) },
            new ClaimsPrincipal(),
@@ -59,6 +64,7 @@ public class OrganizationUserAuthorizationHandlerTests
        sutProvider.GetDependency<ICurrentContext>()
            .UserId
            .Returns(userId);
+        sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
        sutProvider.GetDependency<ICurrentContext>()
            .ProviderUserForOrgAsync(organization.Id)
            .Returns(true);
@@ -83,7 +89,6 @@ public class OrganizationUserAuthorizationHandlerTests
        var actingUserId = Guid.NewGuid();

        organization.Type = OrganizationUserType.Custom;
-        organization.LimitCollectionCreationDeletion = limitCollectionCreationDeletion;
        organization.Permissions = new Permissions
        {
            EditAnyCollection = editAnyCollection,
@@ -92,6 +97,8 @@ public class OrganizationUserAuthorizationHandlerTests
            ManageUsers = manageUsers
        };

+        var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, limitCollectionCreationDeletion);
+
        var context = new AuthorizationHandlerContext(
            new[] { OrganizationUserOperations.ReadAll(organization.Id) },
            new ClaimsPrincipal(),
@@ -99,6 +106,7 @@ public class OrganizationUserAuthorizationHandlerTests

        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
+        sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);

        await sutProvider.Sut.HandleAsync(context);

@@ -116,7 +124,6 @@ public class OrganizationUserAuthorizationHandlerTests
        var actingUserId = Guid.NewGuid();

        organization.Type = userType;
-        organization.LimitCollectionCreationDeletion = true;
        organization.Permissions = new Permissions
        {
            EditAnyCollection = false,
@@ -125,6 +132,8 @@ public class OrganizationUserAuthorizationHandlerTests
            ManageUsers = false
        };

+        var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organization.Id, true);
+
        var context = new AuthorizationHandlerContext(
            new[] { OrganizationUserOperations.ReadAll(organization.Id) },
            new ClaimsPrincipal(),
@@ -132,6 +141,8 @@ public class OrganizationUserAuthorizationHandlerTests

        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(actingUserId);
        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
+        sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
+        sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(Arg.Any<Guid>()).Returns(false);

        await sutProvider.Sut.HandleAsync(context);

@@ -144,6 +155,8 @@ public class OrganizationUserAuthorizationHandlerTests
        Guid organizationId,
        SutProvider<OrganizationUserAuthorizationHandler> sutProvider)
    {
+        var organizationAbilities = ArrangeOrganizationAbilitiesDictionary(organizationId, true);
+
        var context = new AuthorizationHandlerContext(
            new[] { OrganizationUserOperations.ReadAll(organizationId) },
            new ClaimsPrincipal(),
@@ -152,6 +165,8 @@ public class OrganizationUserAuthorizationHandlerTests

        sutProvider.GetDependency<ICurrentContext>().UserId.Returns(userId);
        sutProvider.GetDependency<ICurrentContext>().GetOrganization(Arg.Any<Guid>()).Returns((CurrentContextOrganization)null);
+        sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(organizationAbilities);
+        sutProvider.GetDependency<ICurrentContext>().ProviderUserForOrgAsync(Arg.Any<Guid>()).Returns(false);

        await sutProvider.Sut.HandleAsync(context);
        Assert.False(context.HasSucceeded);
@@ -191,4 +206,18 @@ public class OrganizationUserAuthorizationHandlerTests

        Assert.True(context.HasFailed);
    }
+
+    private static Dictionary<Guid, OrganizationAbility> ArrangeOrganizationAbilitiesDictionary(Guid orgId,
+        bool limitCollectionCreationDeletion)
+    {
+        return new Dictionary<Guid, OrganizationAbility>
+        {
+            { orgId,
+                new OrganizationAbility
+                {
+                    LimitCollectionCreationDeletion = limitCollectionCreationDeletion
+                }
+            }
+        };
+    }
 }