bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2025-12-14 07:13:39 +00:00
Code Issues Releases Wiki Activity
Files
aeca1722fc61680715e5b439aea8bf6cc4e7b300
server/src/Api/Public/Controllers/CollectionsController.cs
Vincent Salucci aeca1722fc [AC-1880] - Public API - Update collection permission associations with Manage property (#3656) 
* Add missing hide-passwords permission to api models

* Update src/Api/Auth/Models/Public/AssociationWithPermissionsBaseModel.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* Rename ToSelectionReadOnly to ToCollectionAccessSelection

* Remove Required attribute which would break backwards compatability

* Update src/Api/Auth/Models/Public/Request/AssociationWithPermissionsRequestModel.cs

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* feat: add Manage property to collection permissions associations, refs AC-1880

* feat: throw if not allowed to send manage property, refs AC-1880

* fix: format, refs AC-1880

* feat: replace ambiguous call for all organizations in cache with specific orgId, refs AC-1880

* feat: move all property assignements back into CollectionAccessSelection init, refs AC-1880

* feat: align bad request messaging, refs AC-1880

---------

Co-authored-by: Daniel James Smith <djsmith@web.de>
Co-authored-by: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2024-01-22 10:44:33 -06:00

123 lines
5.1 KiB
C#
Raw Blame History

using System.Net;
using Bit.Api.Models.Public.Request;
using Bit.Api.Models.Public.Response;
using Bit.Core.Context;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
namespace Bit.Api.Public.Controllers;
[Route("public/collections")]
[Authorize("Organization")]
public class CollectionsController : Controller
{
private readonly ICollectionRepository _collectionRepository;
private readonly ICollectionService _collectionService;
private readonly ICurrentContext _currentContext;
private readonly IApplicationCacheService _applicationCacheService;
public CollectionsController(
ICollectionRepository collectionRepository,
ICollectionService collectionService,
ICurrentContext currentContext,
IApplicationCacheService applicationCacheService)
{
_collectionRepository = collectionRepository;
_collectionService = collectionService;
_currentContext = currentContext;
_applicationCacheService = applicationCacheService;
}
/// <summary>
/// Retrieve a collection.
/// </summary>
/// <remarks>
/// Retrieves the details of an existing collection. You need only supply the unique collection identifier
/// that was returned upon collection creation.
/// </remarks>
/// <param name="id">The identifier of the collection to be retrieved.</param>
[HttpGet("{id}")]
[ProducesResponseType(typeof(CollectionResponseModel), (int)HttpStatusCode.OK)]
[ProducesResponseType((int)HttpStatusCode.NotFound)]
public async Task<IActionResult> Get(Guid id)
{
(var collection, var access) = await _collectionRepository.GetByIdWithAccessAsync(id);
if (collection == null || collection.OrganizationId != _currentContext.OrganizationId)
{
return new NotFoundResult();
}
var response = new CollectionResponseModel(collection, access.Groups);
return new JsonResult(response);
}
/// <summary>
/// List all collections.
/// </summary>
/// <remarks>
/// Returns a list of your organization's collections.
/// Collection objects listed in this call do not include information about their associated groups.
/// </remarks>
[HttpGet]
[ProducesResponseType(typeof(ListResponseModel<CollectionResponseModel>), (int)HttpStatusCode.OK)]
public async Task<IActionResult> List()
{
var collections = await _collectionRepository.GetManyByOrganizationIdAsync(
_currentContext.OrganizationId.Value);
// TODO: Get all CollectionGroup associations for the organization and marry them up here for the response.
var collectionResponses = collections.Select(c => new CollectionResponseModel(c, null));
var response = new ListResponseModel<CollectionResponseModel>(collectionResponses);
return new JsonResult(response);
}
/// <summary>
/// Update a collection.
/// </summary>
/// <remarks>
/// Updates the specified collection object. If a property is not provided,
/// the value of the existing property will be reset.
/// </remarks>
/// <param name="id">The identifier of the collection to be updated.</param>
/// <param name="model">The request model.</param>
[HttpPut("{id}")]
[ProducesResponseType(typeof(CollectionResponseModel), (int)HttpStatusCode.OK)]
[ProducesResponseType(typeof(ErrorResponseModel), (int)HttpStatusCode.BadRequest)]
[ProducesResponseType((int)HttpStatusCode.NotFound)]
public async Task<IActionResult> Put(Guid id, [FromBody] CollectionUpdateRequestModel model)
{
var existingCollection = await _collectionRepository.GetByIdAsync(id);
if (existingCollection == null || existingCollection.OrganizationId != _currentContext.OrganizationId)
{
return new NotFoundResult();
}
var updatedCollection = model.ToCollection(existingCollection);
var organizationAbility = await _applicationCacheService.GetOrganizationAbilityAsync(_currentContext.OrganizationId.Value);
var associations = model.Groups?.Select(c => c.ToCollectionAccessSelection(organizationAbility?.FlexibleCollections ?? false));
await _collectionService.SaveAsync(updatedCollection, associations);
var response = new CollectionResponseModel(updatedCollection, associations);
return new JsonResult(response);
}
/// <summary>
/// Delete a collection.
/// </summary>
/// <remarks>
/// Permanently deletes a collection. This cannot be undone.
/// </remarks>
/// <param name="id">The identifier of the collection to be deleted.</param>
[HttpDelete("{id}")]
[ProducesResponseType((int)HttpStatusCode.OK)]
[ProducesResponseType((int)HttpStatusCode.NotFound)]
public async Task<IActionResult> Delete(Guid id)
{
var collection = await _collectionRepository.GetByIdAsync(id);
if (collection == null || collection.OrganizationId != _currentContext.OrganizationId)
{
return new NotFoundResult();
}
await _collectionRepository.DeleteAsync(collection);
return new OkResult();
}
}
Reference in New Issue View Git Blame Copy Permalink