-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SM-999] Add Bulk Move to Project Endpoint #66
base: main
Are you sure you want to change the base?
Conversation
- Use EntityType for Join Table
Co-authored-by: Thomas Avery <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
26 file(s) reviewed, 24 comment(s)
Edit PR Review Bot Settings | Greptile
BulkSecretOperationRequirement requirement, | ||
IReadOnlyList<Secret> resource) | ||
{ | ||
var secretsByOrganizationId = resource.GroupBy(s => s.OrganizationId).ToArray(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
style: Consider using FirstOrDefault() instead of ToArray() for better performance when only checking for a single group.
var secretAccesses = await _secretRepository.AccessToSecretsAsync( | ||
secrets.Select(s => s.Id).ToArray(), userId, accessClientType); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
style: This could potentially be a performance bottleneck for large numbers of secrets. Consider implementing a batch operation in the repository.
secrets.Select(s => s.Id).ToArray(), userId, accessClientType); | ||
|
||
// If we don't have the write permission | ||
return secretAccesses.All(a => a.Value.Write); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
logic: Ensure that secretAccesses contains an entry for every secret, otherwise this check might pass incorrectly.
await dbContext.ProjectSecrets | ||
.Where(ps => secretIds.Contains(ps.SecretsId)) | ||
.ExecuteDeleteAsync(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
logic: This operation deletes all existing project-secret relationships. Ensure this is the intended behavior, as it may have unintended consequences
Guid userId, | ||
AccessClientType accessType) | ||
{ | ||
await using var scope = ServiceScopeFactory.CreateAsyncScope(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
style: Use 'using' instead of 'await using' for consistency with other methods
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ProjectSecret", b => | ||
{ | ||
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Project", null) | ||
.WithMany() | ||
.HasForeignKey("ProjectsId") | ||
.OnDelete(DeleteBehavior.Cascade) | ||
.IsRequired(); | ||
|
||
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", null) | ||
.WithMany() | ||
.HasForeignKey("SecretsId") | ||
.OnDelete(DeleteBehavior.Cascade) | ||
.IsRequired(); | ||
}); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
logic: Cascade delete behavior for ProjectSecret relationships may cause unintended data loss if not carefully managed
protected override void Up(MigrationBuilder migrationBuilder) | ||
{ | ||
|
||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
logic: Up method is empty. Implement table creation, indexes, and foreign keys for ProjectSecret entity.
protected override void Down(MigrationBuilder migrationBuilder) | ||
{ | ||
|
||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
logic: Down method is empty. Implement logic to revert changes made in Up method.
protected override void Up(MigrationBuilder migrationBuilder) | ||
{ | ||
|
||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
logic: The Up method is empty. It should create the ProjectSecret table with appropriate columns.
protected override void Down(MigrationBuilder migrationBuilder) | ||
{ | ||
|
||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
logic: The Down method is empty. It should drop the ProjectSecret table to revert the migration.
Type of change
Objective
Add new endpoint for updating the projects of many secrets to the same project.
Clients PR: bitwarden/clients#6665
Code changes
ProjectSecret
to avoid making large changes in the code base or to make this update one row at a time. It deletes all current relationships for the given secrets and then creates new relationships for them based on the supplied project ids.Before you submit
dotnet format --verify-no-changes
) (required)Greptile Summary
This pull request adds a new endpoint for bulk moving secrets to a project in the Secrets Manager, including necessary authorization, command implementation, and unit tests.
BulkMoveToProjectAsync
method inSecretsController.cs
to handle the new bulk move endpointMoveSecretsCommand
andBulkSecretAuthorizationHandler
for executing and authorizing bulk secret operationsProjectSecret
entity to represent many-to-many relationships between projects and secretsAccessToSecretsAsync
andMoveSecretsAsync
toISecretRepository
interface and implementations