bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-12-11 04:34:37 -06:00
Code Issues Packages Projects Releases 211 Wiki Activity

PM-25915 tools exclude items in my items collections and my items collection from org vault export endpoint (#6362)

Browse Source 
Exclude MyItems and MyItems collection from Organizational Exports when CreateDefaultLocation feature flag is enabled
This commit is contained in:
John Harrington 2025-09-30 07:43:43 -07:00 committed by GitHub
parent 718d96cc58
commit fc07dec3a6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 39 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
src/Api/Tools/Controllers/OrganizationExportController.cs
View File

@ -1,5 +1,6 @@
using Bit.Api.Tools.Authorization; using Bit.Api.Tools.Authorization;
using Bit.Api.Tools.Models.Response; using Bit.Api.Tools.Models.Response;
using Bit.Core;
using Bit.Core.AdminConsole.OrganizationFeatures.Shared.Authorization; using Bit.Core.AdminConsole.OrganizationFeatures.Shared.Authorization;
using Bit.Core.Exceptions; using Bit.Core.Exceptions;
using Bit.Core.Repositories; using Bit.Core.Repositories;
@ -20,19 +21,22 @@ public class OrganizationExportController : Controller
private readonly IAuthorizationService _authorizationService; private readonly IAuthorizationService _authorizationService;
private readonly IOrganizationCiphersQuery _organizationCiphersQuery; private readonly IOrganizationCiphersQuery _organizationCiphersQuery;
private readonly ICollectionRepository _collectionRepository; private readonly ICollectionRepository _collectionRepository;
private readonly IFeatureService _featureService;
public OrganizationExportController( public OrganizationExportController(
IUserService userService, IUserService userService,
GlobalSettings globalSettings, GlobalSettings globalSettings,
IAuthorizationService authorizationService, IAuthorizationService authorizationService,
IOrganizationCiphersQuery organizationCiphersQuery, IOrganizationCiphersQuery organizationCiphersQuery,
ICollectionRepository collectionRepository) ICollectionRepository collectionRepository,
IFeatureService featureService)
{ {
_userService = userService; _userService = userService;
_globalSettings = globalSettings; _globalSettings = globalSettings;
_authorizationService = authorizationService; _authorizationService = authorizationService;
_organizationCiphersQuery = organizationCiphersQuery; _organizationCiphersQuery = organizationCiphersQuery;
_collectionRepository = collectionRepository; _collectionRepository = collectionRepository;
_featureService = featureService;
} }
[HttpGet("export")] [HttpGet("export")]
@ -40,23 +44,47 @@ public class OrganizationExportController : Controller
{ {
var canExportAll = await _authorizationService.AuthorizeAsync(User, new OrganizationScope(organizationId), var canExportAll = await _authorizationService.AuthorizeAsync(User, new OrganizationScope(organizationId),
VaultExportOperations.ExportWholeVault); VaultExportOperations.ExportWholeVault);
if (canExportAll.Succeeded)
{
var allOrganizationCiphers = await _organizationCiphersQuery.GetAllOrganizationCiphers(organizationId);
var allCollections = await _collectionRepository.GetManyByOrganizationIdAsync(organizationId);
return Ok(new OrganizationExportResponseModel(allOrganizationCiphers, allCollections, _globalSettings));
}
var canExportManaged = await _authorizationService.AuthorizeAsync(User, new OrganizationScope(organizationId), var canExportManaged = await _authorizationService.AuthorizeAsync(User, new OrganizationScope(organizationId),
VaultExportOperations.ExportManagedCollections); VaultExportOperations.ExportManagedCollections);
var createDefaultLocationEnabled = _featureService.IsEnabled(FeatureFlagKeys.CreateDefaultLocation);
if (canExportAll.Succeeded)
{
if (createDefaultLocationEnabled)
{
var allOrganizationCiphers =
await _organizationCiphersQuery.GetAllOrganizationCiphersExcludingDefaultUserCollections(
organizationId);
var allCollections = await _collectionRepository
.GetManySharedCollectionsByOrganizationIdAsync(
organizationId);
return Ok(new OrganizationExportResponseModel(allOrganizationCiphers, allCollections,
_globalSettings));
}
else
{
var allOrganizationCiphers = await _organizationCiphersQuery.GetAllOrganizationCiphers(organizationId);
var allCollections = await _collectionRepository.GetManyByOrganizationIdAsync(organizationId);
return Ok(new OrganizationExportResponseModel(allOrganizationCiphers, allCollections,
_globalSettings));
}
}
if (canExportManaged.Succeeded) if (canExportManaged.Succeeded)
{ {
var userId = _userService.GetProperUserId(User)!.Value; var userId = _userService.GetProperUserId(User)!.Value;
var allUserCollections = await _collectionRepository.GetManyByUserIdAsync(userId); var allUserCollections = await _collectionRepository.GetManyByUserIdAsync(userId);
var managedOrgCollections = allUserCollections.Where(c => c.OrganizationId == organizationId && c.Manage).ToList(); var managedOrgCollections =
var managedCiphers = allUserCollections.Where(c => c.OrganizationId == organizationId && c.Manage).ToList();
await _organizationCiphersQuery.GetOrganizationCiphersByCollectionIds(organizationId, managedOrgCollections.Select(c => c.Id));
var managedCiphers = await _organizationCiphersQuery.GetOrganizationCiphersByCollectionIds(organizationId,
managedOrgCollections.Select(c => c.Id));
return Ok(new OrganizationExportResponseModel(managedCiphers, managedOrgCollections, _globalSettings)); return Ok(new OrganizationExportResponseModel(managedCiphers, managedOrgCollections, _globalSettings));
} }