Add RBAC to Bitwarden Portal (#2853)

* Auth/pm-48 (#2680) * PM-48 - add user's role as a claim and establish access control service * PM-48 - remove function unrelated to the role claim * PM-48 - fix whitespace issues * PM-48 - move registration of CustomClaimsPrincipalFactory, replace role claim type string with constant, streamline code that retrieves the user's role * Auth/pm-47 (#2699) * PM-48 - add user's role as a claim and establish access control service * PM-48 - remove function unrelated to the role claim * PM-48 - fix whitespace issues * PM-47 - add list of permission enums, role:permissions mapping, and function that determines if the logged in user has the given permission * PM-47 - remove unneeded service registration, set role to lowercase * PM-47 - fix code style issues * PM-46 - create permission filter attribute (#2753) * Auth/pm-54 add rbac for users (#2758) * PM-54 - add permission gates to User elements * PM-54 - fix formatting * PM-54 - remove unused function * PM-54 - fix variable reference, add permission to billing role * PM-54 - handle Upgrade Premium button functionality and fix spelling * PM-54 - change permission name to be more accurate * PM-49 - update role retrieval (#2779) * Auth/[PM-50] add rbac for logs (#2782) * PM-50 - add rbac for logs * PM-50 - remove unnecessary action filter * PM-51 - add RBAC for tools (#2799) * Auth/[pm-52] add rbac providers (#2818) * PM-52 add rbac for providers * PM-52 - update redirect action * PM-52 - add back edit functionality and permission * PM-52 - reverse changes around removing edit functionality * PM-52 - moved permission check to variable assignement * PM-53 - add rbac for organizations (#2798) * PM-52 - add missed permission to billing role (#2836) * Fixed merge conflicts. * [PM-1846] Updates to add RBAC back after merge conflicts (#2870) * Updates to add RBAC to changes from reseller. * Added back checks for delete and initiating a trial. * Removed extraneous Razor tag. --------- Co-authored-by: dgoodman-bw <109169446+dgoodman-bw@users.noreply.github.com> Co-authored-by: Danielle Goodman <dgoodman@bitwarden.com> Co-authored-by: Jacob Fink <jfink@bitwarden.com>
2025-07-02 16:42:50 -05:00 · 2023-05-04 15:18:49 -04:00
parent 2ac513e15a
commit 0bd0910c39
24 changed files with 1101 additions and 410 deletions
--- a/src/Admin/Utilities/RolePermissionMapping.cs
+++ b/src/Admin/Utilities/RolePermissionMapping.cs
@ -0,0 +1,194 @@
+using Bit.Admin.Enums;
+
+namespace Bit.Admin.Utilities;
+
+public static class RolePermissionMapping
+{
+    //This is temporary and will be moved to the db in the next round of the rbac implementation
+    public static readonly Dictionary<string, List<Permission>> RolePermissions = new Dictionary<string, List<Permission>>()
+    {
+        { "owner", new List<Permission>
+            {
+                Permission.User_List_View,
+                Permission.User_UserInformation_View,
+                Permission.User_GeneralDetails_View,
+                Permission.Org_CheckEnabledBox,
+                Permission.User_Delete,
+                Permission.User_UpgradePremium,
+                Permission.User_BillingInformation_View,
+                Permission.User_BillingInformation_DownloadInvoice,
+                Permission.User_Premium_View,
+                Permission.User_Premium_Edit,
+                Permission.User_Licensing_View,
+                Permission.User_Licensing_Edit,
+                Permission.User_Billing_View,
+                Permission.User_Billing_Edit,
+                Permission.User_Billing_LaunchGateway,
+                Permission.Org_List_View,
+                Permission.Org_OrgInformation_View,
+                Permission.Org_GeneralDetails_View,
+                Permission.Org_BusinessInformation_View,
+                Permission.Org_InitiateTrial,
+                Permission.Org_Delete,
+                Permission.Org_BillingInformation_View,
+                Permission.Org_BillingInformation_DownloadInvoice,
+                Permission.Org_Plan_View,
+                Permission.Org_Plan_Edit,
+                Permission.Org_Licensing_View,
+                Permission.Org_Licensing_Edit,
+                Permission.Org_Billing_View,
+                Permission.Org_Billing_Edit,
+                Permission.Org_Billing_LaunchGateway,
+                Permission.Provider_List_View,
+                Permission.Provider_Create,
+                Permission.Provider_View,
+                Permission.Provider_ResendEmailInvite,
+                Permission.Tools_ChargeBrainTreeCustomer,
+                Permission.Tools_PromoteAdmin,
+                Permission.Tools_GenerateLicenseFile,
+                Permission.Tools_ManageTaxRates,
+                Permission.Tools_ManageStripeSubscriptions,
+                Permission.Logs_View
+            }
+        },
+        { "admin", new List<Permission>
+            {
+                Permission.User_List_View,
+                Permission.User_UserInformation_View,
+                Permission.User_GeneralDetails_View,
+                Permission.Org_CheckEnabledBox,
+                Permission.User_Delete,
+                Permission.User_UpgradePremium,
+                Permission.User_BillingInformation_View,
+                Permission.User_BillingInformation_DownloadInvoice,
+                Permission.User_Premium_View,
+                Permission.User_Premium_Edit,
+                Permission.User_Licensing_View,
+                Permission.User_Licensing_Edit,
+                Permission.User_Billing_View,
+                Permission.User_Billing_Edit,
+                Permission.User_Billing_LaunchGateway,
+                Permission.Org_List_View,
+                Permission.Org_OrgInformation_View,
+                Permission.Org_GeneralDetails_View,
+                Permission.Org_BusinessInformation_View,
+                Permission.Org_Delete,
+                Permission.Org_BillingInformation_View,
+                Permission.Org_BillingInformation_DownloadInvoice,
+                Permission.Org_Plan_View,
+                Permission.Org_Plan_Edit,
+                Permission.Org_Licensing_View,
+                Permission.Org_Licensing_Edit,
+                Permission.Org_Billing_View,
+                Permission.Org_Billing_Edit,
+                Permission.Org_Billing_LaunchGateway,
+                Permission.Org_InitiateTrial,
+                Permission.Provider_List_View,
+                Permission.Provider_Create,
+                Permission.Provider_View,
+                Permission.Provider_ResendEmailInvite,
+                Permission.Tools_ChargeBrainTreeCustomer,
+                Permission.Tools_PromoteAdmin,
+                Permission.Tools_GenerateLicenseFile,
+                Permission.Tools_ManageTaxRates,
+                Permission.Tools_ManageStripeSubscriptions,
+                Permission.Logs_View
+            }
+        },
+        { "cs", new List<Permission>
+            {
+                Permission.User_List_View,
+                Permission.User_UserInformation_View,
+                Permission.User_GeneralDetails_View,
+                Permission.User_UpgradePremium,
+                Permission.User_BillingInformation_View,
+                Permission.User_BillingInformation_DownloadInvoice,
+                Permission.User_Premium_View,
+                Permission.User_Licensing_View,
+                Permission.User_Billing_View,
+                Permission.User_Billing_LaunchGateway,
+                Permission.Org_List_View,
+                Permission.Org_OrgInformation_View,
+                Permission.Org_GeneralDetails_View,
+                Permission.Org_BusinessInformation_View,
+                Permission.Org_BillingInformation_View,
+                Permission.Org_BillingInformation_DownloadInvoice,
+                Permission.Org_Plan_View,
+                Permission.Org_Licensing_View,
+                Permission.Org_Billing_View,
+                Permission.Org_Billing_LaunchGateway,
+                Permission.Provider_List_View,
+                Permission.Provider_View,
+                Permission.Logs_View
+            }
+        },
+        { "billing", new List<Permission>
+            {
+                Permission.User_List_View,
+                Permission.User_UserInformation_View,
+                Permission.User_GeneralDetails_View,
+                Permission.User_UpgradePremium,
+                Permission.User_BillingInformation_View,
+                Permission.User_BillingInformation_DownloadInvoice,
+                Permission.User_BillingInformation_CreateEditTransaction,
+                Permission.User_Premium_View,
+                Permission.User_Licensing_View,
+                Permission.User_Billing_View,
+                Permission.User_Billing_Edit,
+                Permission.User_Billing_LaunchGateway,
+                Permission.Org_List_View,
+                Permission.Org_OrgInformation_View,
+                Permission.Org_GeneralDetails_View,
+                Permission.Org_BusinessInformation_View,
+                Permission.Org_BillingInformation_View,
+                Permission.Org_BillingInformation_DownloadInvoice,
+                Permission.Org_BillingInformation_CreateEditTransaction,
+                Permission.Org_Plan_View,
+                Permission.Org_Plan_Edit,
+                Permission.Org_Licensing_View,
+                Permission.Org_Billing_View,
+                Permission.Org_Billing_Edit,
+                Permission.Org_Billing_LaunchGateway,
+                Permission.Provider_Edit,
+                Permission.Provider_View,
+                Permission.Provider_List_View,
+                Permission.Tools_ChargeBrainTreeCustomer,
+                Permission.Tools_GenerateLicenseFile,
+                Permission.Tools_ManageTaxRates,
+                Permission.Tools_ManageStripeSubscriptions,
+                Permission.Tools_CreateEditTransaction,
+                Permission.Logs_View
+            }
+        },
+        { "sales", new List<Permission>
+            {
+                Permission.User_List_View,
+                Permission.User_UserInformation_View,
+                Permission.User_GeneralDetails_View,
+                Permission.Org_CheckEnabledBox,
+                Permission.User_BillingInformation_View,
+                Permission.User_BillingInformation_DownloadInvoice,
+                Permission.User_Premium_View,
+                Permission.User_Licensing_View,
+                Permission.User_Licensing_Edit,
+                Permission.Org_List_View,
+                Permission.Org_OrgInformation_View,
+                Permission.Org_GeneralDetails_View,
+                Permission.Org_BusinessInformation_View,
+                Permission.Org_InitiateTrial,
+                Permission.Org_BillingInformation_View,
+                Permission.Org_BillingInformation_DownloadInvoice,
+                Permission.Org_Plan_View,
+                Permission.Org_Plan_Edit,
+                Permission.Org_Licensing_View,
+                Permission.Org_Licensing_Edit,
+                Permission.Provider_List_View,
+                Permission.Provider_Create,
+                Permission.Provider_Edit,
+                Permission.Provider_View,
+                Permission.Provider_ResendEmailInvite,
+                Permission.Logs_View
+            }
+        },
+    };
+}