PM-25915 tools exclude items in my items collections and my items collection from org vault export endpoint (#6362)

Exclude MyItems and MyItems collection from Organizational Exports when CreateDefaultLocation feature flag is enabled
2025-12-06 00:03:34 +00:00 · 2025-09-30 07:43:43 -07:00
parent 718d96cc58
commit fc07dec3a6
1 changed files with 39 additions and 11 deletions
--- a/src/Api/Tools/Controllers/OrganizationExportController.cs
+++ b/src/Api/Tools/Controllers/OrganizationExportController.cs
@@ -1,5 +1,6 @@
 using Bit.Api.Tools.Authorization;
 using Bit.Api.Tools.Models.Response;
+using Bit.Core;
 using Bit.Core.AdminConsole.OrganizationFeatures.Shared.Authorization;
 using Bit.Core.Exceptions;
 using Bit.Core.Repositories;
@@ -20,19 +21,22 @@ public class OrganizationExportController : Controller
    private readonly IAuthorizationService _authorizationService;
    private readonly IOrganizationCiphersQuery _organizationCiphersQuery;
    private readonly ICollectionRepository _collectionRepository;
+    private readonly IFeatureService _featureService;

    public OrganizationExportController(
        IUserService userService,
        GlobalSettings globalSettings,
        IAuthorizationService authorizationService,
        IOrganizationCiphersQuery organizationCiphersQuery,
-        ICollectionRepository collectionRepository)
+        ICollectionRepository collectionRepository,
+        IFeatureService featureService)
    {
        _userService = userService;
        _globalSettings = globalSettings;
        _authorizationService = authorizationService;
        _organizationCiphersQuery = organizationCiphersQuery;
        _collectionRepository = collectionRepository;
+        _featureService = featureService;
    }

    [HttpGet("export")]
@@ -40,23 +44,47 @@ public class OrganizationExportController : Controller
    {
        var canExportAll = await _authorizationService.AuthorizeAsync(User, new OrganizationScope(organizationId),
            VaultExportOperations.ExportWholeVault);
-        if (canExportAll.Succeeded)
-        {
-            var allOrganizationCiphers = await _organizationCiphersQuery.GetAllOrganizationCiphers(organizationId);
-            var allCollections = await _collectionRepository.GetManyByOrganizationIdAsync(organizationId);
-            return Ok(new OrganizationExportResponseModel(allOrganizationCiphers, allCollections, _globalSettings));
-        }
-
        var canExportManaged = await _authorizationService.AuthorizeAsync(User, new OrganizationScope(organizationId),
            VaultExportOperations.ExportManagedCollections);
+        var createDefaultLocationEnabled = _featureService.IsEnabled(FeatureFlagKeys.CreateDefaultLocation);
+
+        if (canExportAll.Succeeded)
+        {
+            if (createDefaultLocationEnabled)
+            {
+                var allOrganizationCiphers =
+                    await _organizationCiphersQuery.GetAllOrganizationCiphersExcludingDefaultUserCollections(
+                        organizationId);
+
+                var allCollections = await _collectionRepository
+                    .GetManySharedCollectionsByOrganizationIdAsync(
+                        organizationId);
+
+
+                return Ok(new OrganizationExportResponseModel(allOrganizationCiphers, allCollections,
+                    _globalSettings));
+            }
+            else
+            {
+                var allOrganizationCiphers = await _organizationCiphersQuery.GetAllOrganizationCiphers(organizationId);
+
+                var allCollections = await _collectionRepository.GetManyByOrganizationIdAsync(organizationId);
+
+                return Ok(new OrganizationExportResponseModel(allOrganizationCiphers, allCollections,
+                    _globalSettings));
+            }
+        }
+
        if (canExportManaged.Succeeded)
        {
            var userId = _userService.GetProperUserId(User)!.Value;

            var allUserCollections = await _collectionRepository.GetManyByUserIdAsync(userId);
-            var managedOrgCollections = allUserCollections.Where(c => c.OrganizationId == organizationId && c.Manage).ToList();
-            var managedCiphers =
-                await _organizationCiphersQuery.GetOrganizationCiphersByCollectionIds(organizationId, managedOrgCollections.Select(c => c.Id));
+            var managedOrgCollections =
+                allUserCollections.Where(c => c.OrganizationId == organizationId && c.Manage).ToList();
+
+            var managedCiphers = await _organizationCiphersQuery.GetOrganizationCiphersByCollectionIds(organizationId,
+                managedOrgCollections.Select(c => c.Id));

            return Ok(new OrganizationExportResponseModel(managedCiphers, managedOrgCollections, _globalSettings));
        }