Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weโ€™ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PM-8895] Moving the groups controller business logic to a service #55

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[PM-8895] Moving the groups controller business logic to a service #55

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b30742b
Moving the groups controller business logic to a service
ttalty Jun 20, 2024
541dbe5
Merge branch 'main' into tools/pm-8895/groups-controller-decouple
ttalty Jun 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
228 changes: 19 additions & 209 deletions src/Api/AdminConsole/Controllers/GroupsController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,7 @@
๏ปฟusing Bit.Api.AdminConsole.Models.Request;
๏ปฟusing Api.AdminConsole.Services;
using Bit.Api.AdminConsole.Models.Request;
using Bit.Api.AdminConsole.Models.Response;
using Bit.Api.Models.Response;
using Bit.Api.Utilities;
using Bit.Api.Vault.AuthorizationHandlers.Collections;
using Bit.Api.Vault.AuthorizationHandlers.Groups;
using Bit.Core;
using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces;
using Bit.Core.AdminConsole.Repositories;
using Bit.Core.AdminConsole.Services;
using Bit.Core.Context;
using Bit.Core.Exceptions;
using Bit.Core.Repositories;
using Bit.Core.Services;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

Expand All @@ -21,255 +11,75 @@ namespace Bit.Api.AdminConsole.Controllers;
[Authorize("Application")]
public class GroupsController : Controller
{
private readonly IGroupRepository _groupRepository;
private readonly IGroupService _groupService;
private readonly IDeleteGroupCommand _deleteGroupCommand;
private readonly IOrganizationRepository _organizationRepository;
private readonly ICurrentContext _currentContext;
private readonly ICreateGroupCommand _createGroupCommand;
private readonly IUpdateGroupCommand _updateGroupCommand;
private readonly IAuthorizationService _authorizationService;
private readonly IApplicationCacheService _applicationCacheService;
private readonly IUserService _userService;
private readonly IFeatureService _featureService;
private readonly IOrganizationUserRepository _organizationUserRepository;
private readonly ICollectionRepository _collectionRepository;
private readonly IGroupsControllerService _groupsControllerService;

public GroupsController(
IGroupRepository groupRepository,
IGroupService groupService,
IOrganizationRepository organizationRepository,
ICurrentContext currentContext,
ICreateGroupCommand createGroupCommand,
IUpdateGroupCommand updateGroupCommand,
IDeleteGroupCommand deleteGroupCommand,
IAuthorizationService authorizationService,
IApplicationCacheService applicationCacheService,
IUserService userService,
IFeatureService featureService,
IOrganizationUserRepository organizationUserRepository,
ICollectionRepository collectionRepository)
IGroupsControllerService groupsControllerService)
{
_groupRepository = groupRepository;
_groupService = groupService;
_organizationRepository = organizationRepository;
_currentContext = currentContext;
_createGroupCommand = createGroupCommand;
_updateGroupCommand = updateGroupCommand;
_deleteGroupCommand = deleteGroupCommand;
_authorizationService = authorizationService;
_applicationCacheService = applicationCacheService;
_userService = userService;
_featureService = featureService;
_organizationUserRepository = organizationUserRepository;
_collectionRepository = collectionRepository;
_groupsControllerService = groupsControllerService;
}

[HttpGet("{id}")]
public async Task<GroupResponseModel> Get(string orgId, string id)
{
var group = await _groupRepository.GetByIdAsync(new Guid(id));
if (group == null || !await _currentContext.ManageGroups(group.OrganizationId))
{
throw new NotFoundException();
}

return new GroupResponseModel(group);
var group = await _groupsControllerService.GetOrganizationGroup(orgId, id);
return group;
}
Comment on lines 23 to 27
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style: Consider using a more descriptive variable name than 'group' for clarity


[HttpGet("{id}/details")]
public async Task<GroupDetailsResponseModel> GetDetails(string orgId, string id)
{
var groupDetails = await _groupRepository.GetByIdWithCollectionsAsync(new Guid(id));
if (groupDetails?.Item1 == null || !await _currentContext.ManageGroups(groupDetails.Item1.OrganizationId))
{
throw new NotFoundException();
}

return new GroupDetailsResponseModel(groupDetails.Item1, groupDetails.Item2);
var groupDetails = await _groupsControllerService.GetOrganizationGroupDetail(orgId, id);
return groupDetails;
}

[HttpGet("")]
public async Task<ListResponseModel<GroupDetailsResponseModel>> Get(Guid orgId)
{
var authorized =
(await _authorizationService.AuthorizeAsync(User, GroupOperations.ReadAll(orgId))).Succeeded;
if (!authorized)
{
throw new NotFoundException();
}

var groups = await _groupRepository.GetManyWithCollectionsByOrganizationIdAsync(orgId);
var responses = groups.Select(g => new GroupDetailsResponseModel(g.Item1, g.Item2));
var responses = await _groupsControllerService.GetOrganizationGroupsDetails(User, orgId);
return new ListResponseModel<GroupDetailsResponseModel>(responses);
}

[HttpGet("{id}/users")]
public async Task<IEnumerable<Guid>> GetUsers(string orgId, string id)
{
var idGuid = new Guid(id);
var group = await _groupRepository.GetByIdAsync(idGuid);
if (group == null || !await _currentContext.ManageGroups(group.OrganizationId))
{
throw new NotFoundException();
}

var groupIds = await _groupRepository.GetManyUserIdsByIdAsync(idGuid);
return groupIds;
var userIds = await _groupsControllerService.GetOrganizationUsers(orgId);
return userIds;
}
Comment on lines 44 to 48
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: The 'id' parameter is not used in the service method call


[HttpPost("")]
public async Task<GroupResponseModel> Post(Guid orgId, [FromBody] GroupRequestModel model)
{
if (!await _currentContext.ManageGroups(orgId))
{
throw new NotFoundException();
}

// Flexible Collections - check the user has permission to grant access to the collections for the new group
if (_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1) && model.Collections?.Any() == true)
{
var collections = await _collectionRepository.GetManyByManyIdsAsync(model.Collections.Select(a => a.Id));
var authorized =
(await _authorizationService.AuthorizeAsync(User, collections, BulkCollectionOperations.ModifyGroupAccess))
.Succeeded;
if (!authorized)
{
throw new NotFoundException("You are not authorized to grant access to these collections.");
}
}

var organization = await _organizationRepository.GetByIdAsync(orgId);
var group = model.ToGroup(orgId);
await _createGroupCommand.CreateGroupAsync(group, organization, model.Collections?.Select(c => c.ToSelectionReadOnly()).ToList(), model.Users);

return new GroupResponseModel(group);
var group = await _groupsControllerService.CreateGroup(User, orgId, model);
return group;
}

[HttpPut("{id}")]
[HttpPost("{id}")]
public async Task<GroupResponseModel> Put(Guid orgId, Guid id, [FromBody] GroupRequestModel model)
{
if (_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1))
{
// Use new Flexible Collections v1 logic
return await Put_vNext(orgId, id, model);
}

// Pre-Flexible Collections v1 logic follows
var group = await _groupRepository.GetByIdAsync(id);
if (group == null || !await _currentContext.ManageGroups(group.OrganizationId))
{
throw new NotFoundException();
}

var organization = await _organizationRepository.GetByIdAsync(orgId);

await _updateGroupCommand.UpdateGroupAsync(model.ToGroup(group), organization,
model.Collections.Select(c => c.ToSelectionReadOnly()).ToList(), model.Users);
return new GroupResponseModel(group);
}

/// <summary>
/// Put logic for Flexible Collections v1
/// </summary>
private async Task<GroupResponseModel> Put_vNext(Guid orgId, Guid id, [FromBody] GroupRequestModel model)
{
var (group, currentAccess) = await _groupRepository.GetByIdWithCollectionsAsync(id);
if (group == null || !await _currentContext.ManageGroups(group.OrganizationId))
{
throw new NotFoundException();
}

// Check whether the user is permitted to add themselves to the group
var orgAbility = await _applicationCacheService.GetOrganizationAbilityAsync(orgId);
if (!orgAbility.AllowAdminAccessToAllCollectionItems)
{
var userId = _userService.GetProperUserId(User).Value;
var organizationUser = await _organizationUserRepository.GetByOrganizationAsync(orgId, userId);
var currentGroupUsers = await _groupRepository.GetManyUserIdsByIdAsync(id);
// OrganizationUser may be null if the current user is a provider
if (organizationUser != null && !currentGroupUsers.Contains(organizationUser.Id) && model.Users.Contains(organizationUser.Id))
{
throw new BadRequestException("You cannot add yourself to groups.");
}
}

// The client only sends collections that the saving user has permissions to edit.
// On the server side, we need to (1) confirm this and (2) concat these with the collections that the user
// can't edit before saving to the database.
var currentCollections = await _collectionRepository
.GetManyByManyIdsAsync(currentAccess.Select(cas => cas.Id));

var readonlyCollectionIds = new HashSet<Guid>();
foreach (var collection in currentCollections)
{
if (!(await _authorizationService.AuthorizeAsync(User, collection, BulkCollectionOperations.ModifyGroupAccess))
.Succeeded)
{
readonlyCollectionIds.Add(collection.Id);
}
}

if (model.Collections.Any(c => readonlyCollectionIds.Contains(c.Id)))
{
throw new BadRequestException("You must have Can Manage permissions to edit a collection's membership");
}

var editedCollectionAccess = model.Collections
.Select(c => c.ToSelectionReadOnly());
var readonlyCollectionAccess = currentAccess
.Where(ca => readonlyCollectionIds.Contains(ca.Id));
var collectionsToSave = editedCollectionAccess
.Concat(readonlyCollectionAccess)
.ToList();

var organization = await _organizationRepository.GetByIdAsync(orgId);

await _updateGroupCommand.UpdateGroupAsync(model.ToGroup(group), organization, collectionsToSave, model.Users);
return new GroupResponseModel(group);
var group = await _groupsControllerService.UpdateGroup(User, orgId, id, model);
return group;
}

[HttpDelete("{id}")]
[HttpPost("{id}/delete")]
public async Task Delete(string orgId, string id)
{
var group = await _groupRepository.GetByIdAsync(new Guid(id));
if (group == null || !await _currentContext.ManageGroups(group.OrganizationId))
{
throw new NotFoundException();
}

await _deleteGroupCommand.DeleteAsync(group);
await _groupsControllerService.DeleteGroup(orgId, id);
}

[HttpDelete("")]
[HttpPost("delete")]
public async Task BulkDelete([FromBody] GroupBulkRequestModel model)
{
var groups = await _groupRepository.GetManyByManyIds(model.Ids);

foreach (var group in groups)
{
if (!await _currentContext.ManageGroups(group.OrganizationId))
{
throw new NotFoundException();
}
}

await _deleteGroupCommand.DeleteManyAsync(groups);
await _groupsControllerService.BulkDeleteGroups(model);
}

[HttpDelete("{id}/user/{orgUserId}")]
[HttpPost("{id}/delete-user/{orgUserId}")]
public async Task Delete(string orgId, string id, string orgUserId)
{
var group = await _groupRepository.GetByIdAsync(new Guid(id));
if (group == null || !await _currentContext.ManageGroups(group.OrganizationId))
{
throw new NotFoundException();
}

await _groupService.DeleteUserAsync(group, new Guid(orgUserId));
await _groupsControllerService.DeleteGroupUser(orgId, id, orgUserId);
}
}
Loading