[AC-2614] Member Access Report Endpoint (#4599)

* Initial draft of moving the org user controller details method into a query * Removing comments and addressing pr items * Adding the org users query to core * Adding the member access report * Addressing some pr concerns and refactoring to be more efficient * Some minor changes to the way properties are spelled * Setting authorization to organization * Adding the permissions check for reports and comments * removing unnecessary usings * Removing ciphers controller change that was a mistake * There was a duplication issue in getting collections for users grabbing groups * Adding comments to the CreateReport method * Only get the user collections by userId * Some finaly refactoring * Adding the no group, no collection, and no perms local strings * Modifying and adding query test cases * Removing unnecessary permissions code in query * Added mapping for id and UsesKeyConnector to MemberAccessReportModel (#4681) * Moving test cases from controller fully into the query. --------- Co-authored-by: Daniel James Smith <2670567+djsmith85@users.noreply.github.com> Co-authored-by: aj-rosado <109146700+aj-rosado@users.noreply.github.com>
2025-12-28 14:13:48 +00:00 · 2024-09-04 14:33:33 -04:00
parent fdf6d8f9c3
commit af3797c540
12 changed files with 503 additions and 95 deletions
--- a/src/Api/Tools/Controllers/ReportsController.cs
+++ b/src/Api/Tools/Controllers/ReportsController.cs
@@ -0,0 +1,77 @@
+using Bit.Api.Tools.Models.Response;
+using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.Auth.UserFeatures.TwoFactorAuth.Interfaces;
+using Bit.Core.Context;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Bit.Core.Services;
+using Bit.Core.Vault.Queries;
+using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
+using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Requests;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Bit.Api.Tools.Controllers;
+
+[Route("reports")]
+[Authorize("Application")]
+public class ReportsController : Controller
+{
+    private readonly IOrganizationUserUserDetailsQuery _organizationUserUserDetailsQuery;
+    private readonly IGroupRepository _groupRepository;
+    private readonly ICollectionRepository _collectionRepository;
+    private readonly ICurrentContext _currentContext;
+    private readonly IOrganizationCiphersQuery _organizationCiphersQuery;
+    private readonly IApplicationCacheService _applicationCacheService;
+    private readonly ITwoFactorIsEnabledQuery _twoFactorIsEnabledQuery;
+
+    public ReportsController(
+        IOrganizationUserUserDetailsQuery organizationUserUserDetailsQuery,
+        IGroupRepository groupRepository,
+        ICollectionRepository collectionRepository,
+        ICurrentContext currentContext,
+        IOrganizationCiphersQuery organizationCiphersQuery,
+        IApplicationCacheService applicationCacheService,
+        ITwoFactorIsEnabledQuery twoFactorIsEnabledQuery
+    )
+    {
+        _organizationUserUserDetailsQuery = organizationUserUserDetailsQuery;
+        _groupRepository = groupRepository;
+        _collectionRepository = collectionRepository;
+        _currentContext = currentContext;
+        _organizationCiphersQuery = organizationCiphersQuery;
+        _applicationCacheService = applicationCacheService;
+        _twoFactorIsEnabledQuery = twoFactorIsEnabledQuery;
+    }
+
+    [HttpGet("member-access/{orgId}")]
+    public async Task<IEnumerable<MemberAccessReportResponseModel>> GetMemberAccessReport(Guid orgId)
+    {
+        if (!await _currentContext.AccessReports(orgId))
+        {
+            throw new NotFoundException();
+        }
+
+        var orgUsers = await _organizationUserUserDetailsQuery.GetOrganizationUserUserDetails(
+            new OrganizationUserUserDetailsQueryRequest
+            {
+                OrganizationId = orgId,
+                IncludeCollections = true,
+                IncludeGroups = true
+            });
+
+        var orgGroups = await _groupRepository.GetManyByOrganizationIdAsync(orgId);
+        var orgAbility = await _applicationCacheService.GetOrganizationAbilityAsync(orgId);
+        var orgCollectionsWithAccess = await _collectionRepository.GetManyByOrganizationIdWithAccessAsync(orgId);
+        var orgItems = await _organizationCiphersQuery.GetAllOrganizationCiphers(orgId);
+        var organizationUsersTwoFactorEnabled = await _twoFactorIsEnabledQuery.TwoFactorIsEnabledAsync(orgUsers);
+
+        var reports = MemberAccessReportResponseModel.CreateReport(
+            orgGroups,
+            orgCollectionsWithAccess,
+            orgItems,
+            organizationUsersTwoFactorEnabled,
+            orgAbility);
+        return reports;
+    }
+}