[PM-15957] Fix: Domain Claim fails to enable Single Organization Policy, sends no emails and Revokes all users (#5147)

* Add JSON-based stored procedure for updating account revision dates and modify existing procedure to use it * Refactor SingleOrgPolicyValidator to revoke only non-compliant organization users and update related tests
2026-01-05 18:13:31 +00:00 · 2024-12-17 15:57:31 +00:00
parent 16488091d2
commit b75c63c2c6
5 changed files with 140 additions and 8 deletions
--- a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/SingleOrgPolicyValidator.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/SingleOrgPolicyValidator.cs
@@ -97,15 +97,22 @@ public class SingleOrgPolicyValidator : IPolicyValidator
            return;
        }

+        var allRevocableUserOrgs = await _organizationUserRepository.GetManyByManyUsersAsync(
+            currentActiveRevocableOrganizationUsers.Select(ou => ou.UserId!.Value));
+        var usersToRevoke = currentActiveRevocableOrganizationUsers.Where(ou =>
+            allRevocableUserOrgs.Any(uo => uo.UserId == ou.UserId &&
+                uo.OrganizationId != organizationId &&
+                uo.Status != OrganizationUserStatusType.Invited)).ToList();
+
        var commandResult = await _revokeNonCompliantOrganizationUserCommand.RevokeNonCompliantOrganizationUsersAsync(
-            new RevokeOrganizationUsersRequest(organizationId, currentActiveRevocableOrganizationUsers, performedBy));
+            new RevokeOrganizationUsersRequest(organizationId, usersToRevoke, performedBy));

        if (commandResult.HasErrors)
        {
            throw new BadRequestException(string.Join(", ", commandResult.ErrorMessages));
        }

-        await Task.WhenAll(currentActiveRevocableOrganizationUsers.Select(x =>
+        await Task.WhenAll(usersToRevoke.Select(x =>
            _mailService.SendOrganizationUserRevokedForPolicySingleOrgEmailAsync(organization.DisplayName(), x.Email)));
    }

--- a/Procedures/OrganizationUser_SetStatusForUsersById.sql
+++ b/Procedures/OrganizationUser_SetStatusForUsersById.sql
@@ -24,6 +24,6 @@ BEGIN
    SET [Status] = @Status
    WHERE [Id] IN (SELECT Id from @ParsedIds)

-    EXEC [dbo].[User_BumpAccountRevisionDateByOrganizationUserIds] @OrganizationUserIds
+    EXEC [dbo].[User_BumpAccountRevisionDateByOrganizationUserIdsJson] @OrganizationUserIds
 END

--- a/Procedures/User_BumpAccountRevisionDateByOrganizationUserIdsJson.sql
+++ b/Procedures/User_BumpAccountRevisionDateByOrganizationUserIdsJson.sql
@@ -0,0 +1,33 @@
+CREATE PROCEDURE [dbo].[User_BumpAccountRevisionDateByOrganizationUserIdsJson]
+    @OrganizationUserIds NVARCHAR(MAX)
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    CREATE TABLE #UserIds
+    (
+        UserId UNIQUEIDENTIFIER NOT NULL
+    );
+
+    INSERT INTO #UserIds (UserId)
+    SELECT
+        OU.UserId
+    FROM
+        [dbo].[OrganizationUser] OU
+    INNER JOIN
+        (SELECT [value] as Id FROM OPENJSON(@OrganizationUserIds)) AS OUIds
+        ON OUIds.Id = OU.Id
+    WHERE
+        OU.[Status] = 2 -- Confirmed
+
+    UPDATE
+        U
+    SET
+        U.[AccountRevisionDate] = GETUTCDATE()
+    FROM
+        [dbo].[User] U
+    INNER JOIN
+        #UserIds ON U.[Id] = #UserIds.[UserId]
+
+    DROP TABLE #UserIds
+END