[SM-919] Add project people access policy management endpoints (#3285)

* Expose access policy discriminators * Add people policy model and auth handler * Add unit tests for authz handler * Add people policies support in repo * Add new endpoints and request/response models * Update tests
2025-07-03 00:52:49 -05:00 · 2023-11-08 11:42:40 -05:00
parent 35500b197d
commit 0ca65e3f9d
17 changed files with 1211 additions and 73 deletions
--- a/src/Infrastructure.EntityFramework/SecretsManager/Configurations/AccessPolicyEntityTypeConfiguration.cs
+++ b/src/Infrastructure.EntityFramework/SecretsManager/Configurations/AccessPolicyEntityTypeConfiguration.cs
@ -1,4 +1,5 @@
-using Bit.Infrastructure.EntityFramework.SecretsManager.Models;
+using Bit.Infrastructure.EntityFramework.SecretsManager.Discriminators;
+using Bit.Infrastructure.EntityFramework.SecretsManager.Models;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore.Metadata.Builders;

@ -10,11 +11,11 @@ public class AccessPolicyEntityTypeConfiguration : IEntityTypeConfiguration<Acce
    {
        builder
            .HasDiscriminator<string>("Discriminator")
-            .HasValue<UserProjectAccessPolicy>("user_project")
-            .HasValue<UserServiceAccountAccessPolicy>("user_service_account")
-            .HasValue<GroupProjectAccessPolicy>("group_project")
-            .HasValue<GroupServiceAccountAccessPolicy>("group_service_account")
-            .HasValue<ServiceAccountProjectAccessPolicy>("service_account_project");
+            .HasValue<UserProjectAccessPolicy>(AccessPolicyDiscriminator.UserProject)
+            .HasValue<UserServiceAccountAccessPolicy>(AccessPolicyDiscriminator.UserServiceAccount)
+            .HasValue<GroupProjectAccessPolicy>(AccessPolicyDiscriminator.GroupProject)
+            .HasValue<GroupServiceAccountAccessPolicy>(AccessPolicyDiscriminator.GroupServiceAccount)
+            .HasValue<ServiceAccountProjectAccessPolicy>(AccessPolicyDiscriminator.ServiceAccountProject);

        builder
            .Property(s => s.Id)
--- a/src/Infrastructure.EntityFramework/SecretsManager/Discriminators/AccessPolicyDiscriminator.cs
+++ b/src/Infrastructure.EntityFramework/SecretsManager/Discriminators/AccessPolicyDiscriminator.cs
@ -0,0 +1,11 @@
+namespace Bit.Infrastructure.EntityFramework.SecretsManager.Discriminators;
+
+public static class AccessPolicyDiscriminator
+{
+    public const string UserProject = "user_project";
+    public const string UserServiceAccount = "user_service_account";
+    public const string GroupProject = "group_project";
+    public const string GroupServiceAccount = "group_service_account";
+    public const string ServiceAccountProject = "service_account_project";
+
+}