Added BadRequestException to stop disabling of SingleOrg policy when …

…org still has verified domains.

src/Core/AdminConsole/Services/Implementations/PolicyService.cs

@@ -25,6 +25,7 @@ public class PolicyService : IPolicyService
  private readonly ISsoConfigRepository _ssoConfigRepository;
  private readonly IMailService _mailService;
  private readonly GlobalSettings _globalSettings;
+ private readonly IOrganizationDomainService _organizationDomainService;
  private readonly ITwoFactorIsEnabledQuery _twoFactorIsEnabledQuery;
 
  public PolicyService(
@@ -36,6 +37,7 @@ public PolicyService(
  ISsoConfigRepository ssoConfigRepository,
  IMailService mailService,
  GlobalSettings globalSettings,
+ IOrganizationDomainService organizationDomainService,
  ITwoFactorIsEnabledQuery twoFactorIsEnabledQuery)
  {
  _applicationCacheService = applicationCacheService;
@@ -46,6 +48,7 @@ public PolicyService(
  _ssoConfigRepository = ssoConfigRepository;
  _mailService = mailService;
  _globalSettings = globalSettings;
+ _organizationDomainService = organizationDomainService;
  _twoFactorIsEnabledQuery = twoFactorIsEnabledQuery;
  }
 
@@ -212,6 +215,7 @@ private async Task HandleDependentPoliciesAsync(Policy policy, Organization org)
  case PolicyType.SingleOrg:
  if (!policy.Enabled)
  {
+ await HasNoVerifiedDomainsAsync(org);
  await RequiredBySsoAsync(org);
  await RequiredByVaultTimeoutAsync(org);
  await RequiredByKeyConnectorAsync(org);
@@ -252,6 +256,14 @@ private async Task HandleDependentPoliciesAsync(Policy policy, Organization org)
  }
  }
 
+ private async Task HasNoVerifiedDomainsAsync(Organization org)
+ {
+ if (await _organizationDomainService.HasVerifiedDomainsAsync(org.Id))
+ {
+ throw new BadRequestException("Organization still has verified domains.");
+ }
+ }
+
  private async Task SetPolicyConfiguration(Policy policy)
  {
  await _policyRepository.UpsertAsync(policy);