New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[AC-2172] Member modal - limit admin access #3934
[AC-2172] Member modal - limit admin access #3934
Conversation
This comment was marked as off-topic.
This comment was marked as off-topic.
227b4b8
to
88b39eb
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #3934 +/- ##
==========================================
+ Coverage 38.02% 38.13% +0.11%
==========================================
Files 1195 1195
Lines 58140 58194 +54
Branches 5568 5576 +8
==========================================
+ Hits 22107 22192 +85
+ Misses 34994 34957 -37
- Partials 1039 1045 +6 ☔ View full report in Codecov by Sentry. |
88b39eb
to
c8995c1
Compare
@@ -183,16 +184,29 @@ public async Task<OrganizationUserResetPasswordDetailsResponseModel> GetResetPas | |||
} | |||
|
|||
[HttpPost("invite")] | |||
public async Task Invite(string orgId, [FromBody] OrganizationUserInviteRequestModel model) | |||
public async Task Invite(Guid orgId, [FromBody] OrganizationUserInviteRequestModel model) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems like we're starting to get some more business logic in the controller. Do you have any plans/concern here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree, but it is authorization logic still - you only have to sort the groups and collections in this way because you're accessing it via this endpoint as a user. It doesn't apply to using the public api, for example. This is reflected by the fact that it requires AuthorizationService
for this logic, which isn't available in the core layer. So I think it stays here for now, although I do agree that the endpoint itself is on the longer side.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Besides my question, I think this is good!
Adding the hold label to remind myself not to merge yet - it's stacked on another feature branch. |
I realised that these changes weren't feature flagged properly - in particular, PUT did not check for
This generally just makes the new code more separate from the existing code and ensures that it's only run when the flag is turned on. |
d4912be
to
b8faed7
Compare
The base branch was changed.
I've rebased this on main so that it's not blocked by #3793. It can't be QA'd without it, but it can be reviewed and merged, and new code is feature flagged so it won't do any harm in the meantime. That said, I apologise for the rebase blasting away review history. I believe @vincentsalucci and @Jingo88 had reviewed up to and including 1d692e5, however commits after that need a proper review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Type of change
Objective
Back-end changes for bitwarden/clients#8343.
Stacked on #3793.Adds additional authorization logic on the following endpoints:
Also updates authorization handlers for v1 logic.
Code changes
OrganizationUsersController
BulkCollectionAuthorizationHandler
Update
method to take into account v1 flag and collection management setting.OrganizationUser_ReadWithCollectionsById - maybe the last sproc that didn't have the Manage property 😁
Before you submit
dotnet format --verify-no-changes
) (required)