diff --git a/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs b/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs index af0aede5aafa..841bcdd4f56d 100644 --- a/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs +++ b/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs @@ -116,7 +116,6 @@ public async Task Get(string id, bool incl } [HttpGet("mini-details")] - [RequireFeature(FeatureFlagKeys.Pm3478RefactorOrganizationUserApi)] public async Task> GetMiniDetails(Guid orgId) { var authorizationResult = await _authorizationService.AuthorizeAsync(User, new OrganizationScope(orgId), diff --git a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/Authorization/OrganizationUserUserDetailsAuthorizationHandler.cs b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/Authorization/OrganizationUserUserDetailsAuthorizationHandler.cs index dcfe630e3b90..e890e4d9ffbc 100644 --- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/Authorization/OrganizationUserUserDetailsAuthorizationHandler.cs +++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/Authorization/OrganizationUserUserDetailsAuthorizationHandler.cs @@ -1,7 +1,6 @@ #nullable enable using Bit.Core.Context; using Bit.Core.Enums; -using Bit.Core.Services; using Microsoft.AspNetCore.Authorization; namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Authorization; @@ -10,12 +9,10 @@ public class OrganizationUserUserDetailsAuthorizationHandler : AuthorizationHandler { private readonly ICurrentContext _currentContext; - private readonly IFeatureService _featureService; - public OrganizationUserUserDetailsAuthorizationHandler(ICurrentContext currentContext, IFeatureService featureService) + public OrganizationUserUserDetailsAuthorizationHandler(ICurrentContext currentContext) { _currentContext = currentContext; - _featureService = featureService; } protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, @@ -37,29 +34,6 @@ protected override async Task HandleRequirementAsync(AuthorizationHandlerContext } private async Task CanReadAllAsync(Guid organizationId) - { - if (_featureService.IsEnabled(FeatureFlagKeys.Pm3478RefactorOrganizationUserApi)) - { - return await CanReadAllAsync_vNext(organizationId); - } - - return await CanReadAllAsync_vCurrent(organizationId); - } - - private async Task CanReadAllAsync_vCurrent(Guid organizationId) - { - // All users of an organization can read all other users of that organization for collection access management - var org = _currentContext.GetOrganization(organizationId); - if (org is not null) - { - return true; - } - - // Allow provider users to read all organization users if they are a provider for the target organization - return await _currentContext.ProviderUserForOrgAsync(organizationId); - } - - private async Task CanReadAllAsync_vNext(Guid organizationId) { // Admins can access this for general user management var organization = _currentContext.GetOrganization(organizationId); diff --git a/src/Core/Constants.cs b/src/Core/Constants.cs index b22e2cf91f95..db92470b6f55 100644 --- a/src/Core/Constants.cs +++ b/src/Core/Constants.cs @@ -142,7 +142,6 @@ public static class FeatureFlagKeys public const string EnableNewCardCombinedExpiryAutofill = "enable-new-card-combined-expiry-autofill"; public const string StorageReseedRefactor = "storage-reseed-refactor"; public const string TrialPayment = "PM-8163-trial-payment"; - public const string Pm3478RefactorOrganizationUserApi = "pm-3478-refactor-organizationuser-api"; public const string RemoveServerVersionHeader = "remove-server-version-header"; public const string AccessIntelligence = "pm-13227-access-intelligence"; public const string VerifiedSsoDomainEndpoint = "pm-12337-refactor-sso-details-endpoint"; diff --git a/test/Core.Test/AdminConsole/Authorization/OrganizationUserUserDetailsAuthorizationHandlerTests.cs b/test/Core.Test/AdminConsole/Authorization/OrganizationUserUserDetailsAuthorizationHandlerTests.cs index 4d9208a2bd1b..4a3a7f647af0 100644 --- a/test/Core.Test/AdminConsole/Authorization/OrganizationUserUserDetailsAuthorizationHandlerTests.cs +++ b/test/Core.Test/AdminConsole/Authorization/OrganizationUserUserDetailsAuthorizationHandlerTests.cs @@ -2,7 +2,6 @@ using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Authorization; using Bit.Core.Context; using Bit.Core.Enums; -using Bit.Core.Services; using Bit.Core.Test.AdminConsole.AutoFixture; using Bit.Test.Common.AutoFixture; using Bit.Test.Common.AutoFixture.Attributes; @@ -24,7 +23,6 @@ public async Task ReadAll_Admins_Success( CurrentContextOrganization organization, SutProvider sutProvider) { - EnableFeatureFlag(sutProvider); organization.Type = userType; sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); @@ -48,7 +46,6 @@ public async Task ReadAll_ProviderUser_Success( CurrentContextOrganization organization, SutProvider sutProvider) { - EnableFeatureFlag(sutProvider); organization.Type = OrganizationUserType.User; sutProvider.GetDependency() .ProviderUserForOrgAsync(organization.Id) @@ -69,7 +66,6 @@ public async Task ReadAll_User_NoSuccess( CurrentContextOrganization organization, SutProvider sutProvider) { - EnableFeatureFlag(sutProvider); organization.Type = OrganizationUserType.User; sutProvider.GetDependency().GetOrganization(Arg.Any()).Returns(organization); sutProvider.GetDependency().ProviderUserForOrgAsync(Arg.Any()).Returns(false); @@ -88,78 +84,6 @@ public async Task ReadAll_User_NoSuccess( public async Task ReadAll_NotMember_NoSuccess( CurrentContextOrganization organization, SutProvider sutProvider) - { - EnableFeatureFlag(sutProvider); - var context = new AuthorizationHandlerContext( - new[] { OrganizationUserUserDetailsOperations.ReadAll }, - new ClaimsPrincipal(), - new OrganizationScope(organization.Id) - ); - - sutProvider.GetDependency().GetOrganization(Arg.Any()).Returns((CurrentContextOrganization)null); - sutProvider.GetDependency().ProviderUserForOrgAsync(Arg.Any()).Returns(false); - - await sutProvider.Sut.HandleAsync(context); - Assert.False(context.HasSucceeded); - } - - private void EnableFeatureFlag(SutProvider sutProvider) - { - sutProvider.GetDependency().IsEnabled(FeatureFlagKeys.Pm3478RefactorOrganizationUserApi) - .Returns(true); - } - - // TESTS WITH FLAG DISABLED - TO BE DELETED IN FLAG CLEANUP - - [Theory, CurrentContextOrganizationCustomize] - [BitAutoData(OrganizationUserType.Admin)] - [BitAutoData(OrganizationUserType.Owner)] - [BitAutoData(OrganizationUserType.User)] - [BitAutoData(OrganizationUserType.Custom)] - public async Task FlagDisabled_ReadAll_AnyMemberOfOrg_Success( - OrganizationUserType userType, - Guid userId, SutProvider sutProvider, - CurrentContextOrganization organization) - { - organization.Type = userType; - - var context = new AuthorizationHandlerContext( - new[] { OrganizationUserUserDetailsOperations.ReadAll }, - new ClaimsPrincipal(), - new OrganizationScope(organization.Id)); - - sutProvider.GetDependency().UserId.Returns(userId); - sutProvider.GetDependency().GetOrganization(organization.Id).Returns(organization); - - await sutProvider.Sut.HandleAsync(context); - - Assert.True(context.HasSucceeded); - } - - [Theory, BitAutoData, CurrentContextOrganizationCustomize] - public async Task FlagDisabled_ReadAll_ProviderUser_Success( - CurrentContextOrganization organization, - SutProvider sutProvider) - { - organization.Type = OrganizationUserType.User; - sutProvider.GetDependency() - .ProviderUserForOrgAsync(organization.Id) - .Returns(true); - - var context = new AuthorizationHandlerContext( - new[] { OrganizationUserUserDetailsOperations.ReadAll }, - new ClaimsPrincipal(), - new OrganizationScope(organization.Id)); - - await sutProvider.Sut.HandleAsync(context); - - Assert.True(context.HasSucceeded); - } - - [Theory, BitAutoData] - public async Task FlagDisabled_ReadAll_NotMember_NoSuccess( - CurrentContextOrganization organization, - SutProvider sutProvider) { var context = new AuthorizationHandlerContext( new[] { OrganizationUserUserDetailsOperations.ReadAll },