Move policy checks inside PolicyService (#1533)

* Move policy checks inside PolicyService

* Remove leftover code

* Remove duplicate code

* Reorder code for consistency
This commit is contained in:
Thomas Rittson 2021-09-24 09:51:02 +10:00 committed by GitHub
parent 010a4210f4
commit 716e52f6ff
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 30 additions and 76 deletions

View file

@ -94,22 +94,10 @@ namespace Bit.Droid.Autofill
_policyService ??= ServiceContainer.Resolve<IPolicyService>("policyService");
var personalOwnershipPolicies = await _policyService.GetAll(PolicyType.PersonalOwnership);
if (personalOwnershipPolicies != null)
var personalOwnershipPolicyApplies = await _policyService.PolicyAppliesToUser(PolicyType.PersonalOwnership);
if (personalOwnershipPolicyApplies)
{
_userService ??= ServiceContainer.Resolve<IUserService>("userService");
foreach (var policy in personalOwnershipPolicies)
{
if (policy.Enabled)
{
var org = await _userService.GetOrganizationAsync(policy.OrganizationId);
if (org != null && org.Enabled && org.UsePolicies && !org.canManagePolicies
&& org.Status == OrganizationUserStatusType.Confirmed)
{
return;
}
}
}
return;
}
var parser = new Parser(structure, ApplicationContext);

View file

@ -309,7 +309,6 @@ namespace Bit.App.Pages
public async Task<bool> LoadAsync(AppOptions appOptions = null)
{
var policies = (await _policyService.GetAll(PolicyType.PersonalOwnership))?.ToList();
var myEmail = await _userService.GetEmailAsync();
OwnershipOptions.Add(new KeyValuePair<string, string>(myEmail, null));
var orgs = await _userService.GetAllOrganizationAsync();
@ -318,28 +317,17 @@ namespace Bit.App.Pages
if (org.Enabled && org.Status == OrganizationUserStatusType.Confirmed)
{
OwnershipOptions.Add(new KeyValuePair<string, string>(org.Name, org.Id));
if ((!EditMode || CloneMode) && policies != null && org.UsePolicies && !org.canManagePolicies &&
AllowPersonal)
{
foreach (var policy in policies)
{
if (policy.OrganizationId == org.Id && policy.Enabled)
{
AllowPersonal = false;
// Remove personal ownership
OwnershipOptions.RemoveAt(0);
// Default to the organization who owns this policy for now (if necessary)
if (string.IsNullOrWhiteSpace(OrganizationId))
{
OrganizationId = org.Id;
}
break;
}
}
}
}
}
var personalOwnershipPolicyApplies = await _policyService.PolicyAppliesToUser(PolicyType.PersonalOwnership);
if (personalOwnershipPolicyApplies && (!EditMode || CloneMode))
{
AllowPersonal = false;
// Remove personal ownership
OwnershipOptions.RemoveAt(0);
}
var allCollections = await _collectionService.GetAllDecryptedAsync();
_writeableCollections = allCollections.Where(c => !c.ReadOnly).ToList();
if (CollectionIds?.Any() ?? false)

View file

@ -315,38 +315,15 @@ namespace Bit.App.Utilities
public static async Task<bool> IsSendDisabledByPolicyAsync()
{
var policyService = ServiceContainer.Resolve<IPolicyService>("policyService");
var userService = ServiceContainer.Resolve<IUserService>("userService");
var policies = await policyService.GetAll(PolicyType.DisableSend);
var organizations = await userService.GetAllOrganizationAsync();
return organizations.Any(o =>
{
return o.Enabled &&
o.Status == OrganizationUserStatusType.Confirmed &&
o.UsePolicies &&
!o.canManagePolicies &&
policies.Any(p => p.OrganizationId == o.Id && p.Enabled);
});
return await policyService.PolicyAppliesToUser(PolicyType.DisableSend);
}
public static async Task<bool> IsHideEmailDisabledByPolicyAsync()
{
var policyService = ServiceContainer.Resolve<IPolicyService>("policyService");
var userService = ServiceContainer.Resolve<IUserService>("userService");
var policies = await policyService.GetAll(PolicyType.SendOptions);
var organizations = await userService.GetAllOrganizationAsync();
return organizations.Any(o =>
{
return o.Enabled &&
o.Status == OrganizationUserStatusType.Confirmed &&
o.UsePolicies &&
!o.canManagePolicies &&
policies.Any(p => p.OrganizationId == o.Id &&
p.Enabled &&
p.Data.ContainsKey("disableHideEmail") &&
(bool)p.Data["disableHideEmail"]);
});
return await policyService.PolicyAppliesToUser(PolicyType.SendOptions,
policy => policy.Data.ContainsKey("disableHideEmail") && (bool)policy.Data["disableHideEmail"]);
}
public static async Task<bool> PerformUpdateTasksAsync(ISyncService syncService,

View file

@ -91,6 +91,6 @@ namespace Bit.Core.Models.Domain
public bool canManageGroups => IsAdmin || Permissions.ManageGroups;
public bool canManagePolicies => IsAdmin || Permissions.ManagePolicies;
public bool canManageUser => IsAdmin || Permissions.ManageUsers;
public bool IsExemptFromPolicies => canManagePolicies;
public bool isExemptFromPolicies => canManagePolicies;
}
}

View file

@ -198,29 +198,30 @@ namespace Bit.Core.Services
return new Tuple<ResetPasswordPolicyOptions, bool>(resetPasswordPolicyOptions, policy != null);
}
public async Task<bool> PolicyAppliesToUser(PolicyType policyType, Func<Policy, bool> policyFilter = null)
public async Task<bool> PolicyAppliesToUser(PolicyType policyType, Func<Policy, bool> policyFilter)
{
if (policyFilter == null) {
policyFilter = _ => true;
}
var policies = await GetAll(policyType);
var organizations = await _userService.GetAllOrganizationAsync();
var filteredPolicies = policies.Where(p =>
p.Enabled &&
p.Type == policyType &&
policyFilter(p))
.Select(p => p.OrganizationId);
IEnumerable<Policy> filteredPolicies;
var policySet = filteredPolicies.Distinct();
if (policyFilter != null)
{
filteredPolicies = policies.Where(p => p.Enabled && policyFilter(p));
}
else
{
filteredPolicies = policies.Where(p => p.Enabled);
}
var policySet = new HashSet<string>(filteredPolicies.Select(p => p.OrganizationId));
return organizations.Any(o =>
o.Enabled &&
o.Status >= OrganizationUserStatusType.Accepted &&
o.UsePolicies &&
!o.IsExemptFromPolicies &&
policySet.Distinct().Contains(o.Id));
!o.isExemptFromPolicies &&
policySet.Contains(o.Id));
}
public int? GetPolicyInt(Policy policy, string key)