-
Notifications
You must be signed in to change notification settings - Fork 1.4k
/
Copy pathGetCipherPermissionsForUserQuery.cs
97 lines (83 loc) · 3.27 KB
/
GetCipherPermissionsForUserQuery.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
using Bit.Core.Context;
using Bit.Core.Enums;
using Bit.Core.Exceptions;
using Bit.Core.Services;
using Bit.Core.Vault.Models.Data;
using Bit.Core.Vault.Repositories;
namespace Bit.Core.Vault.Queries;
public class GetCipherPermissionsForUserQuery : IGetCipherPermissionsForUserQuery
{
private readonly ICurrentContext _currentContext;
private readonly ICipherRepository _cipherRepository;
private readonly IApplicationCacheService _applicationCacheService;
public GetCipherPermissionsForUserQuery(ICurrentContext currentContext, ICipherRepository cipherRepository, IApplicationCacheService applicationCacheService)
{
_currentContext = currentContext;
_cipherRepository = cipherRepository;
_applicationCacheService = applicationCacheService;
}
public async Task<IDictionary<Guid, OrganizationCipherPermission>> GetByOrganization(Guid organizationId)
{
var org = _currentContext.GetOrganization(organizationId);
var userId = _currentContext.UserId;
if (org == null || !userId.HasValue)
{
throw new NotFoundException();
}
var cipherPermissions =
(await _cipherRepository.GetCipherPermissionsForOrganizationAsync(organizationId, userId.Value))
.ToList()
.ToDictionary(c => c.Id);
if (await CanEditAllCiphersAsync(org))
{
foreach (var cipher in cipherPermissions)
{
cipher.Value.Read = true;
cipher.Value.Edit = true;
cipher.Value.Manage = true;
cipher.Value.ViewPassword = true;
}
}
else if (await CanAccessUnassignedCiphersAsync(org))
{
var unassignedCiphers = await _cipherRepository.GetManyUnassignedOrganizationDetailsByOrganizationIdAsync(organizationId);
foreach (var unassignedCipher in unassignedCiphers)
{
if (cipherPermissions.TryGetValue(unassignedCipher.Id, out var p))
{
p.Read = true;
p.Edit = true;
p.Manage = true;
p.ViewPassword = true;
}
}
}
return cipherPermissions;
}
private async Task<bool> CanEditAllCiphersAsync(CurrentContextOrganization org)
{
// Custom users with EditAnyCollection permissions can always edit all ciphers
if (org is { Type: OrganizationUserType.Custom, Permissions.EditAnyCollection: true })
{
return true;
}
var orgAbility = await _applicationCacheService.GetOrganizationAbilityAsync(org.Id);
// Owners/Admins can only edit all ciphers if the organization has the setting enabled
if (orgAbility is { AllowAdminAccessToAllCollectionItems: true } && org is
{ Type: OrganizationUserType.Admin or OrganizationUserType.Owner })
{
return true;
}
return false;
}
private async Task<bool> CanAccessUnassignedCiphersAsync(CurrentContextOrganization org)
{
if (org is
{ Type: OrganizationUserType.Owner or OrganizationUserType.Admin } or
{ Permissions.EditAnyCollection: true })
{
return true;
}
return false;
}
}