diff --git a/bitwarden_license/src/Commercial.Infrastructure.EntityFramework/Repositories/ProjectRepository.cs b/bitwarden_license/src/Commercial.Infrastructure.EntityFramework/Repositories/ProjectRepository.cs index cd00fbca67..55c81e415a 100644 --- a/bitwarden_license/src/Commercial.Infrastructure.EntityFramework/Repositories/ProjectRepository.cs +++ b/bitwarden_license/src/Commercial.Infrastructure.EntityFramework/Repositories/ProjectRepository.cs @@ -86,6 +86,28 @@ public class ProjectRepository : Repository UserHasReadAccessToProject(Guid id, Guid userId) + { + using var scope = ServiceScopeFactory.CreateScope(); + var dbContext = GetDatabaseContext(scope); + var query = dbContext.Project + .Where(p => p.Id == id) + .Where(UserHasReadAccessToProject(userId)); + + return await query.AnyAsync(); + } + + public async Task ServiceAccountHasReadAccessToProject(Guid id, Guid serviceAccountId) + { + using var scope = ServiceScopeFactory.CreateScope(); + var dbContext = GetDatabaseContext(scope); + var query = dbContext.Project + .Where(p => p.Id == id) + .Where(ServiceAccountHasReadAccessToProject(serviceAccountId)); + + return await query.AnyAsync(); + } + public async Task UserHasWriteAccessToProject(Guid id, Guid userId) { using var scope = ServiceScopeFactory.CreateScope(); @@ -97,7 +119,7 @@ public class ProjectRepository : Repository ServiceAccountHasAccessToProject(Guid id, Guid serviceAccountId) + public async Task ServiceAccountHasWriteAccessToProject(Guid id, Guid serviceAccountId) { using var scope = ServiceScopeFactory.CreateScope(); var dbContext = GetDatabaseContext(scope); diff --git a/src/Api/Controllers/ProjectsController.cs b/src/Api/Controllers/ProjectsController.cs index 9119b6cfba..4943775af2 100644 --- a/src/Api/Controllers/ProjectsController.cs +++ b/src/Api/Controllers/ProjectsController.cs @@ -64,9 +64,9 @@ public class ProjectsController : Controller [FromRoute] Guid organizationId) { var userId = _userService.GetProperUserId(User).Value; - var orgAdmin = await _currentContext.OrganizationAdmin(organizationId); var accessClient = AccessClientHelper.ToAccessClient(_currentContext.ClientType, orgAdmin); + var projects = await _projectRepository.GetManyByOrganizationIdAsync(organizationId, userId, accessClient); var responses = projects.Select(project => new ProjectResponseModel(project)); @@ -81,6 +81,24 @@ public class ProjectsController : Controller { throw new NotFoundException(); } + + var userId = _userService.GetProperUserId(User).Value; + var orgAdmin = await _currentContext.OrganizationAdmin(project.OrganizationId); + var accessClient = AccessClientHelper.ToAccessClient(_currentContext.ClientType, orgAdmin); + + var hasAccess = accessClient switch + { + AccessClientType.NoAccessCheck => true, + AccessClientType.User => await _projectRepository.UserHasReadAccessToProject(id, userId), + AccessClientType.ServiceAccount => await _projectRepository.ServiceAccountHasReadAccessToProject(id, userId), + _ => false, + }; + + if (!hasAccess) + { + throw new NotFoundException(); + } + return new ProjectResponseModel(project); } diff --git a/src/Core/Repositories/IProjectRepository.cs b/src/Core/Repositories/IProjectRepository.cs index 39b5883abd..5a9d0daf7c 100644 --- a/src/Core/Repositories/IProjectRepository.cs +++ b/src/Core/Repositories/IProjectRepository.cs @@ -11,6 +11,8 @@ public interface IProjectRepository Task CreateAsync(Project project); Task ReplaceAsync(Project project); Task DeleteManyByIdAsync(IEnumerable ids); + Task UserHasReadAccessToProject(Guid id, Guid userId); + Task ServiceAccountHasReadAccessToProject(Guid id, Guid serviceAccountId); Task UserHasWriteAccessToProject(Guid id, Guid userId); - Task ServiceAccountHasAccessToProject(Guid id, Guid serviceAccountId); + Task ServiceAccountHasWriteAccessToProject(Guid id, Guid serviceAccountId); }