[AC-2614] Member Access Report Endpoint (#4599)

* Initial draft of moving the org user controller details method into a query * Removing comments and addressing pr items * Adding the org users query to core * Adding the member access report * Addressing some pr concerns and refactoring to be more efficient * Some minor changes to the way properties are spelled * Setting authorization to organization * Adding the permissions check for reports and comments * removing unnecessary usings * Removing ciphers controller change that was a mistake * There was a duplication issue in getting collections for users grabbing groups * Adding comments to the CreateReport method * Only get the user collections by userId * Some finaly refactoring * Adding the no group, no collection, and no perms local strings * Modifying and adding query test cases * Removing unnecessary permissions code in query * Added mapping for id and UsesKeyConnector to MemberAccessReportModel (#4681) * Moving test cases from controller fully into the query. --------- Co-authored-by: Daniel James Smith <2670567+djsmith85@users.noreply.github.com> Co-authored-by: aj-rosado <109146700+aj-rosado@users.noreply.github.com>
2026-01-04 17:43:53 +00:00 · 2024-09-04 14:33:33 -04:00
parent fdf6d8f9c3
commit af3797c540
12 changed files with 503 additions and 95 deletions
--- a/src/Core/AdminConsole/Enums/OrganizationUserType.cs
+++ b/src/Core/AdminConsole/Enums/OrganizationUserType.cs
@@ -1,4 +1,6 @@
-namespace Bit.Core.Enums;
+using Bit.Core.Models.Data;
+
+namespace Bit.Core.Enums;

 public enum OrganizationUserType : byte
 {
@@ -8,3 +10,35 @@ public enum OrganizationUserType : byte
    // Manager = 3 has been intentionally permanently deleted
    Custom = 4,
 }
+
+public static class OrganizationUserTypeExtensions
+{
+    public static OrganizationUserType GetFlexibleCollectionsUserType(this OrganizationUserType type, Permissions permissions)
+    {
+        // Downgrade Custom users with no other permissions than 'Edit/Delete Assigned Collections' to User
+        if (type == OrganizationUserType.Custom && permissions is not null)
+        {
+            if ((permissions.EditAssignedCollections || permissions.DeleteAssignedCollections) &&
+                permissions is
+                {
+                    AccessEventLogs: false,
+                    AccessImportExport: false,
+                    AccessReports: false,
+                    CreateNewCollections: false,
+                    EditAnyCollection: false,
+                    DeleteAnyCollection: false,
+                    ManageGroups: false,
+                    ManagePolicies: false,
+                    ManageSso: false,
+                    ManageUsers: false,
+                    ManageResetPassword: false,
+                    ManageScim: false
+                })
+            {
+                return OrganizationUserType.User;
+            }
+        }
+
+        return type;
+    }
+}