Add RBAC to Bitwarden Portal (#2853)

* Auth/pm-48 (#2680)

* PM-48 - add user's role as a claim and establish access control service

* PM-48 - remove function unrelated to the role claim

* PM-48 - fix whitespace issues

* PM-48 - move registration of CustomClaimsPrincipalFactory, replace role claim type string with constant, streamline code that retrieves the user's role

* Auth/pm-47 (#2699)

* PM-48 - add user's role as a claim and establish access control service

* PM-48 - remove function unrelated to the role claim

* PM-48 - fix whitespace issues

* PM-47 - add list of permission enums, role:permissions mapping, and function that determines if the logged in user has the given permission

* PM-47 - remove unneeded service registration, set role to lowercase

* PM-47 - fix code style issues

* PM-46 - create permission filter attribute (#2753)

* Auth/pm-54 add rbac for users (#2758)

* PM-54 - add permission gates to User elements

* PM-54 - fix formatting

* PM-54 - remove unused function

* PM-54 - fix variable reference, add permission to billing role

* PM-54 - handle Upgrade Premium button functionality and fix spelling

* PM-54 - change permission name to be more accurate

* PM-49 - update role retrieval (#2779)

* Auth/[PM-50] add rbac for logs (#2782)

* PM-50 - add rbac for logs

* PM-50 - remove unnecessary action filter

* PM-51 - add RBAC for tools (#2799)

* Auth/[pm-52] add rbac providers (#2818)

* PM-52 add rbac for providers

* PM-52 - update redirect action

* PM-52 - add back edit functionality and permission

* PM-52 - reverse changes around removing edit functionality

* PM-52 - moved permission check to variable assignement

* PM-53 - add rbac for organizations (#2798)

* PM-52 - add missed permission to billing role (#2836)

* Fixed merge conflicts.

* [PM-1846] Updates to add RBAC back after merge conflicts (#2870)

* Updates to add RBAC to changes from reseller.

* Added back checks for delete and initiating a trial.

* Removed extraneous Razor tag.

---------

Co-authored-by: dgoodman-bw <109169446+dgoodman-bw@users.noreply.github.com>
Co-authored-by: Danielle Goodman <dgoodman@bitwarden.com>
Co-authored-by: Jacob Fink <jfink@bitwarden.com>

src/Admin/Views/Providers/Admins.cshtml

@@ -1,4 +1,11 @@
+@using Bit.Admin.Enums;
+@inject Bit.Admin.Services.IAccessControlService AccessControlService
 @model ProviderViewModel
+
+@{
+    var canResendEmailInvite = AccessControlService.UserHasPermission(Permission.Provider_ResendEmailInvite);
+}
+
 <h2>Provider Admins</h2>
 <div class="row">
     <div class="col-8">
@@ -31,7 +38,8 @@
                                 </td>
                                 <td>
                                     @if(admin.Status.Equals(ProviderUserStatusType.Confirmed) 
-                                        && @Model.Provider.Status.Equals(ProviderStatusType.Pending))
+                                        && @Model.Provider.Status.Equals(ProviderStatusType.Pending)
+                                        && canResendEmailInvite)
                                     {
                                         @if(@TempData["InviteResentTo"] != null && @TempData["InviteResentTo"].ToString() == @admin.UserId.Value.ToString())
                                         {

src/Admin/Views/Providers/Edit.cshtml

@@ -1,6 +1,11 @@
-@model ProviderEditModel
+@using Bit.Admin.Enums;
+@inject Bit.Admin.Services.IAccessControlService AccessControlService
+
+@model ProviderEditModel
 @{
     ViewData["Title"] = "Provider: " + Model.Provider.Name;
+
+    var canEdit = AccessControlService.UserHasPermission(Permission.Provider_Edit);
 }
 
 <h1>Provider <small>@Model.Provider.Name</small></h1>
@@ -10,29 +15,21 @@
 @await Html.PartialAsync("Admins", Model)
 <form method="post" id="edit-form">
     <h2>General</h2>
-    <div class="row">
-        <div class="col-sm">
-            <div class="form-group">
-                <label asp-for="Name"></label>
-                <input type="text" class="form-control" asp-for="Name" required>
-            </div>
-        </div>
-    </div>
+    <dl class="row">
+        <dt class="col-sm-4 col-lg-3">Name</dt>
+        <dd class="col-sm-8 col-lg-9">@Model.Provider.Name</dd>
+    </dl>
     <h2>Business Information</h2>
-    <div class="row">
-        <div class="col-sm">
-            <div class="form-group">
-                <label asp-for="BusinessName"></label>
-                <input type="text" class="form-control" asp-for="BusinessName">
-            </div>
-        </div>
-    </div>
+    <dl class="row">
+        <dt class="col-sm-4 col-lg-3">Business Name</dt>
+        <dd class="col-sm-8 col-lg-9">@Model.Provider.BusinessName</dd>
+    </dl>
     <h2>Billing</h2>
     <div class="row">
         <div class="col-sm">
             <div class="form-group">
                 <label asp-for="BillingEmail"></label>
-                <input type="email" class="form-control" asp-for="BillingEmail">
+                <input type="email" class="form-control" asp-for="BillingEmail" readonly='@(!canEdit)'>
             </div>
         </div>
     </div>
@@ -46,6 +43,10 @@
     </div>
 </form>
 @await Html.PartialAsync("Organizations", Model)
-<div class="d-flex mt-4">
-    <button type="submit" class="btn btn-primary" form="edit-form">Save</button>
-</div>
+@if (canEdit)
+{
+    <div class="d-flex mt-4">
+        <button type="submit" class="btn btn-primary" form="edit-form">Save</button>
+    </div>
+}
+

src/Admin/Views/Providers/Index.cshtml

@@ -1,7 +1,12 @@
-@using Bit.SharedWeb.Utilities
+@using Bit.SharedWeb.Utilities
+@using Bit.Admin.Enums;
+@inject Bit.Admin.Services.IAccessControlService AccessControlService
+
 @model ProvidersModel
 @{
     ViewData["Title"] = "Providers";
+
+    var canCreateProvider = AccessControlService.UserHasPermission(Permission.Provider_Create);
 }
 
 <h1>Providers</h1>
@@ -16,9 +21,12 @@
             <button type="submit" class="btn btn-primary mb-2" title="Search"><i class="fa fa-search"></i> Search</button>
         </form>
     </div>
-    <div class="col-auto">
-        <a asp-action="Create" class="btn btn-secondary">Create Provider</a>
-    </div>
+    @if (canCreateProvider)
+    {
+        <div class="col-auto">
+            <a asp-action="Create" class="btn btn-secondary">Create Provider</a>
+        </div>
+    }
 </div>
 
 <div class="table-responsive">