nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-13 05:38:25 -05:00
Code Activity

[SM-465] Add access policy on service account creation (#2649)

Browse Source 
* Add access policy on service account creation
This commit is contained in:
Thomas Avery
2023-02-02 12:25:14 -06:00
committed by GitHub
parent 6390aaa011
commit 0ce95ec147
12 changed files with 101 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
bitwarden_license/src/Commercial.Core/SecretsManager/Commands/ServiceAccounts/CreateServiceAccountCommand.cs
View File

@ -1,4 +1,5 @@
using Bit.Core.SecretsManager.Commands.ServiceAccounts.Interfaces;
using Bit.Core.Repositories;
using Bit.Core.SecretsManager.Commands.ServiceAccounts.Interfaces;
using Bit.Core.SecretsManager.Entities;
using Bit.Core.SecretsManager.Repositories;
@ -6,15 +7,34 @@ namespace Bit.Commercial.Core.SecretsManager.Commands.ServiceAccounts;
public class CreateServiceAccountCommand : ICreateServiceAccountCommand
{
private readonly IAccessPolicyRepository _accessPolicyRepository;
private readonly IOrganizationUserRepository _organizationUserRepository;
private readonly IServiceAccountRepository _serviceAccountRepository;
public CreateServiceAccountCommand(IServiceAccountRepository serviceAccountRepository)
public CreateServiceAccountCommand(
IAccessPolicyRepository accessPolicyRepository,
IOrganizationUserRepository organizationUserRepository,
IServiceAccountRepository serviceAccountRepository)
{
_accessPolicyRepository = accessPolicyRepository;
_organizationUserRepository = organizationUserRepository;
_serviceAccountRepository = serviceAccountRepository;
}
public async Task<ServiceAccount> CreateAsync(ServiceAccount serviceAccount)
public async Task<ServiceAccount> CreateAsync(ServiceAccount serviceAccount, Guid userId)
{
return await _serviceAccountRepository.CreateAsync(serviceAccount);
var createdServiceAccount = await _serviceAccountRepository.CreateAsync(serviceAccount);
var user = await _organizationUserRepository.GetByOrganizationAsync(createdServiceAccount.OrganizationId,
userId);
var accessPolicy = new UserServiceAccountAccessPolicy
{
OrganizationUserId = user.Id,
GrantedServiceAccountId = createdServiceAccount.Id,
Read = true,
Write = true,
};
await _accessPolicyRepository.CreateManyAsync(new List<BaseAccessPolicy> { accessPolicy });
return createdServiceAccount;
}
}