[PM-18876] Refine PolicyRequirements API (#5445)

* make the PolicyRequirements API more granular, e.g. replace factory methods with a factory interface * update Send to use the new API
2025-07-02 08:32:50 -05:00 · 2025-03-11 10:46:09 +10:00
parent 29dc69a77b
commit 224ef1272e
17 changed files with 429 additions and 313 deletions
--- a/src/Core/AdminConsole/OrganizationFeatures/Policies/Implementations/PolicyRequirementQuery.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/Implementations/PolicyRequirementQuery.cs
@ -8,21 +8,25 @@ namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.Implementations;

 public class PolicyRequirementQuery(
    IPolicyRepository policyRepository,
-    IEnumerable<RequirementFactory<IPolicyRequirement>> factories)
+    IEnumerable<IPolicyRequirementFactory<IPolicyRequirement>> factories)
    : IPolicyRequirementQuery
 {
    public async Task<T> GetAsync<T>(Guid userId) where T : IPolicyRequirement
    {
-        var factory = factories.OfType<RequirementFactory<T>>().SingleOrDefault();
+        var factory = factories.OfType<IPolicyRequirementFactory<T>>().SingleOrDefault();
        if (factory is null)
        {
-            throw new NotImplementedException("No Policy Requirement found for " + typeof(T));
+            throw new NotImplementedException("No Requirement Factory found for " + typeof(T));
        }

-        return factory(await GetPolicyDetails(userId));
+        var policyDetails = await GetPolicyDetails(userId);
+        var filteredPolicies = policyDetails
+            .Where(p => p.PolicyType == factory.PolicyType)
+            .Where(factory.Enforce);
+        var requirement = factory.Create(filteredPolicies);
+        return requirement;
    }

-    private Task<IEnumerable<PolicyDetails>> GetPolicyDetails(Guid userId) =>
-        policyRepository.GetPolicyDetailsByUserId(userId);
+    private Task<IEnumerable<PolicyDetails>> GetPolicyDetails(Guid userId)
+        => policyRepository.GetPolicyDetailsByUserId(userId);
 }
-
--- a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/BasePolicyRequirementFactory.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/BasePolicyRequirementFactory.cs
@ -0,0 +1,44 @@
+using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
+using Bit.Core.Enums;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
+
+/// <summary>
+/// A simple base implementation of <see cref="IPolicyRequirementFactory{T}"/> which will be suitable for most policies.
+/// It provides sensible defaults to help teams to implement their own Policy Requirements.
+/// </summary>
+/// <typeparam name="T"></typeparam>
+public abstract class BasePolicyRequirementFactory<T> : IPolicyRequirementFactory<T> where T : IPolicyRequirement
+{
+    /// <summary>
+    /// User roles that are exempt from policy enforcement.
+    /// Owners and Admins are exempt by default but this may be overridden.
+    /// </summary>
+    protected virtual IEnumerable<OrganizationUserType> ExemptRoles { get; } =
+        [OrganizationUserType.Owner, OrganizationUserType.Admin];
+
+    /// <summary>
+    /// User statuses that are exempt from policy enforcement.
+    /// Invited and Revoked users are exempt by default, which is appropriate in the majority of cases.
+    /// </summary>
+    protected virtual IEnumerable<OrganizationUserStatusType> ExemptStatuses { get; } =
+        [OrganizationUserStatusType.Invited, OrganizationUserStatusType.Revoked];
+
+    /// <summary>
+    /// Whether a Provider User for the organization is exempt from policy enforcement.
+    /// Provider Users are exempt by default, which is appropriate in the majority of cases.
+    /// </summary>
+    protected virtual bool ExemptProviders { get; } = true;
+
+    /// <inheritdoc />
+    public abstract PolicyType PolicyType { get; }
+
+    public bool Enforce(PolicyDetails policyDetails)
+        => !policyDetails.HasRole(ExemptRoles) &&
+            !policyDetails.HasStatus(ExemptStatuses) &&
+            (!policyDetails.IsProvider || !ExemptProviders);
+
+    /// <inheritdoc />
+    public abstract T Create(IEnumerable<PolicyDetails> policyDetails);
+}
--- a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/DisableSendPolicyRequirement.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/DisableSendPolicyRequirement.cs
@ -0,0 +1,27 @@
+using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
+
+/// <summary>
+/// Policy requirements for the Disable Send policy.
+/// </summary>
+public class DisableSendPolicyRequirement : IPolicyRequirement
+{
+    /// <summary>
+    /// Indicates whether Send is disabled for the user. If true, the user should not be able to create or edit Sends.
+    /// They may still delete existing Sends.
+    /// </summary>
+    public bool DisableSend { get; init; }
+}
+
+public class DisableSendPolicyRequirementFactory : BasePolicyRequirementFactory<DisableSendPolicyRequirement>
+{
+    public override PolicyType PolicyType => PolicyType.DisableSend;
+
+    public override DisableSendPolicyRequirement Create(IEnumerable<PolicyDetails> policyDetails)
+    {
+        var result = new DisableSendPolicyRequirement { DisableSend = policyDetails.Any() };
+        return result;
+    }
+}
--- a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/IPolicyRequirement.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/IPolicyRequirement.cs
@ -1,24 +1,11 @@
-#nullable enable
-
-using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Enums;

 namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;

 /// <summary>
-/// Represents the business requirements of how one or more enterprise policies will be enforced against a user.
-/// The implementation of this interface will depend on how the policies are enforced in the relevant domain.
+/// An object that represents how a <see cref="PolicyType"/> will be enforced against a user.
+/// This acts as a bridge between the <see cref="Policy"/> entity saved to the database and the domain that the policy
+/// affects. You may represent the impact of the policy in any way that makes sense for the domain.
 /// </summary>
 public interface IPolicyRequirement;
-
-/// <summary>
-/// A factory function that takes a sequence of <see cref="PolicyDetails"/> and transforms them into a single
-/// <see cref="IPolicyRequirement"/> for consumption by the relevant domain. This will receive *all* policy types
-/// that may be enforced against a user; when implementing this delegate, you must filter out irrelevant policy types
-/// as well as policies that should not be enforced against a user (e.g. due to the user's role or status).
-/// </summary>
-/// <remarks>
-/// See <see cref="PolicyRequirementHelpers"/> for extension methods to handle common requirements when implementing
-/// this delegate.
-/// </remarks>
-public delegate T RequirementFactory<out T>(IEnumerable<PolicyDetails> policyDetails)
-    where T : IPolicyRequirement;
--- a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/IPolicyRequirementFactory.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/IPolicyRequirementFactory.cs
@ -0,0 +1,39 @@
+#nullable enable
+
+using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
+
+/// <summary>
+/// An interface that defines how to create a single <see cref="IPolicyRequirement"/> from a sequence of
+/// <see cref="PolicyDetails"/>.
+/// </summary>
+/// <typeparam name="T">The <see cref="IPolicyRequirement"/> that the factory produces.</typeparam>
+/// <remarks>
+/// See <see cref="BasePolicyRequirementFactory{T}"/> for a simple base implementation suitable for most policies.
+/// </remarks>
+public interface IPolicyRequirementFactory<out T> where T : IPolicyRequirement
+{
+    /// <summary>
+    /// The <see cref="PolicyType"/> that the requirement relates to.
+    /// </summary>
+    PolicyType PolicyType { get; }
+
+    /// <summary>
+    /// A predicate that determines whether a policy should be enforced against the user.
+    /// </summary>
+    /// <remarks>Use this to exempt users based on their role, status or other attributes.</remarks>
+    /// <param name="policyDetails">Policy details for the defined PolicyType.</param>
+    /// <returns>True if the policy should be enforced against the user, false otherwise.</returns>
+    bool Enforce(PolicyDetails policyDetails);
+
+    /// <summary>
+    /// A reducer method that creates a single <see cref="IPolicyRequirement"/> from a set of PolicyDetails.
+    /// </summary>
+    /// <param name="policyDetails">
+    /// PolicyDetails for the specified PolicyType, after they have been filtered by the Enforce predicate. That is,
+    /// this is the final interface to be called.
+    /// </param>
+    T Create(IEnumerable<PolicyDetails> policyDetails);
+}
--- a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/PolicyRequirementHelpers.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/PolicyRequirementHelpers.cs
@ -1,5 +1,4 @@
-using Bit.Core.AdminConsole.Enums;
-using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
+using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
 using Bit.Core.Enums;

 namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
@ -7,35 +6,16 @@ namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements
 public static class PolicyRequirementHelpers
 {
    /// <summary>
-    /// Filters the PolicyDetails by PolicyType. This is generally required to only get the PolicyDetails that your
-    /// IPolicyRequirement relates to.
+    /// Returns true if the <see cref="PolicyDetails"/> is for one of the specified roles, false otherwise.
    /// </summary>
-    public static IEnumerable<PolicyDetails> GetPolicyType(
-        this IEnumerable<PolicyDetails> policyDetails,
-        PolicyType type)
-        => policyDetails.Where(x => x.PolicyType == type);
-
-    /// <summary>
-    /// Filters the PolicyDetails to remove the specified user roles. This can be used to exempt
-    /// owners and admins from policy enforcement.
-    /// </summary>
-    public static IEnumerable<PolicyDetails> ExemptRoles(
-        this IEnumerable<PolicyDetails> policyDetails,
+    public static bool HasRole(
+        this PolicyDetails policyDetails,
        IEnumerable<OrganizationUserType> roles)
-        => policyDetails.Where(x => !roles.Contains(x.OrganizationUserType));
+        => roles.Contains(policyDetails.OrganizationUserType);

    /// <summary>
-    /// Filters the PolicyDetails to remove organization users who are also provider users for the organization.
-    /// This can be used to exempt provider users from policy enforcement.
+    /// Returns true if the <see cref="PolicyDetails"/> relates to one of the specified statuses, false otherwise.
    /// </summary>
-    public static IEnumerable<PolicyDetails> ExemptProviders(this IEnumerable<PolicyDetails> policyDetails)
-        => policyDetails.Where(x => !x.IsProvider);
-
-    /// <summary>
-    /// Filters the PolicyDetails to remove the specified organization user statuses. For example, this can be used
-    /// to exempt users in the invited and revoked statuses from policy enforcement.
-    /// </summary>
-    public static IEnumerable<PolicyDetails> ExemptStatus(
-        this IEnumerable<PolicyDetails> policyDetails, IEnumerable<OrganizationUserStatusType> status)
-        => policyDetails.Where(x => !status.Contains(x.OrganizationUserStatus));
+    public static bool HasStatus(this PolicyDetails policyDetails, IEnumerable<OrganizationUserStatusType> status)
+        => status.Contains(policyDetails.OrganizationUserStatus);
 }
--- a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/SendOptionsPolicyRequirement.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/SendOptionsPolicyRequirement.cs
@ -0,0 +1,34 @@
+using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
+
+/// <summary>
+/// Policy requirements for the Send Options policy.
+/// </summary>
+public class SendOptionsPolicyRequirement : IPolicyRequirement
+{
+    /// <summary>
+    /// Indicates whether the user is prohibited from hiding their email from the recipient of a Send.
+    /// </summary>
+    public bool DisableHideEmail { get; init; }
+}
+
+public class SendOptionsPolicyRequirementFactory : BasePolicyRequirementFactory<SendOptionsPolicyRequirement>
+{
+    public override PolicyType PolicyType => PolicyType.SendOptions;
+
+    public override SendOptionsPolicyRequirement Create(IEnumerable<PolicyDetails> policyDetails)
+    {
+        var result = policyDetails
+            .Select(p => p.GetDataModel<SendOptionsPolicyData>())
+            .Aggregate(
+                new SendOptionsPolicyRequirement(),
+                (result, data) => new SendOptionsPolicyRequirement
+                {
+                    DisableHideEmail = result.DisableHideEmail || data.DisableHideEmail
+                });
+
+        return result;
+    }
+}
--- a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/SendPolicyRequirement.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/SendPolicyRequirement.cs
@ -1,54 +0,0 @@
-using Bit.Core.AdminConsole.Enums;
-using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
-using Bit.Core.Enums;
-
-namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
-
-/// <summary>
-/// Policy requirements for the Disable Send and Send Options policies.
-/// </summary>
-public class SendPolicyRequirement : IPolicyRequirement
-{
-    /// <summary>
-    /// Indicates whether Send is disabled for the user. If true, the user should not be able to create or edit Sends.
-    /// They may still delete existing Sends.
-    /// </summary>
-    public bool DisableSend { get; init; }
-    /// <summary>
-    /// Indicates whether the user is prohibited from hiding their email from the recipient of a Send.
-    /// </summary>
-    public bool DisableHideEmail { get; init; }
-
-    /// <summary>
-    /// Create a new SendPolicyRequirement.
-    /// </summary>
-    /// <param name="policyDetails">All PolicyDetails relating to the user.</param>
-    /// <remarks>
-    /// This is a <see cref="RequirementFactory{T}"/> for the SendPolicyRequirement.
-    /// </remarks>
-    public static SendPolicyRequirement Create(IEnumerable<PolicyDetails> policyDetails)
-    {
-        var filteredPolicies = policyDetails
-            .ExemptRoles([OrganizationUserType.Owner, OrganizationUserType.Admin])
-            .ExemptStatus([OrganizationUserStatusType.Invited, OrganizationUserStatusType.Revoked])
-            .ExemptProviders()
-            .ToList();
-
-        var result = filteredPolicies
-            .GetPolicyType(PolicyType.SendOptions)
-            .Select(p => p.GetDataModel<SendOptionsPolicyData>())
-            .Aggregate(
-                new SendPolicyRequirement
-                {
-                    // Set Disable Send requirement in the initial seed
-                    DisableSend = filteredPolicies.GetPolicyType(PolicyType.DisableSend).Any()
-                },
-                (result, data) => new SendPolicyRequirement
-                {
-                    DisableSend = result.DisableSend,
-                    DisableHideEmail = result.DisableHideEmail || data.DisableHideEmail
-                });
-
-        return result;
-    }
-}
--- a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyServiceCollectionExtensions.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyServiceCollectionExtensions.cs
@ -31,32 +31,7 @@ public static class PolicyServiceCollectionExtensions

    private static void AddPolicyRequirements(this IServiceCollection services)
    {
-        // Register policy requirement factories here
-        services.AddPolicyRequirement(SendPolicyRequirement.Create);
+        services.AddScoped<IPolicyRequirementFactory<IPolicyRequirement>, DisableSendPolicyRequirementFactory>();
+        services.AddScoped<IPolicyRequirementFactory<IPolicyRequirement>, SendOptionsPolicyRequirementFactory>();
    }
-
-    /// <summary>
-    /// Used to register simple policy requirements where its factory method implements CreateRequirement.
-    /// This MUST be used rather than calling AddScoped directly, because it will ensure the factory method has
-    /// the correct type to be injected and then identified by <see cref="PolicyRequirementQuery"/> at runtime.
-    /// </summary>
-    /// <typeparam name="T">The specific PolicyRequirement being registered.</typeparam>
-    private static void AddPolicyRequirement<T>(this IServiceCollection serviceCollection, RequirementFactory<T> factory)
-        where T : class, IPolicyRequirement
-        => serviceCollection.AddPolicyRequirement(_ => factory);
-
-    /// <summary>
-    /// Used to register policy requirements where you need to access additional dependencies (usually to return a
-    /// curried factory method).
-    /// This MUST be used rather than calling AddScoped directly, because it will ensure the factory method has
-    /// the correct type to be injected and then identified by <see cref="PolicyRequirementQuery"/> at runtime.
-    /// </summary>
-    /// <typeparam name="T">
-    /// A callback that takes IServiceProvider and returns a RequirementFactory for
-    /// your policy requirement.
-    /// </typeparam>
-    private static void AddPolicyRequirement<T>(this IServiceCollection serviceCollection,
-        Func<IServiceProvider, RequirementFactory<T>> factory)
-        where T : class, IPolicyRequirement
-        => serviceCollection.AddScoped<RequirementFactory<IPolicyRequirement>>(factory);
 }
--- a/src/Core/Tools/Services/Implementations/SendService.cs
+++ b/src/Core/Tools/Services/Implementations/SendService.cs
@ -326,14 +326,14 @@ public class SendService : ISendService
            return;
        }

-        var sendPolicyRequirement = await _policyRequirementQuery.GetAsync<SendPolicyRequirement>(userId.Value);
-
-        if (sendPolicyRequirement.DisableSend)
+        var disableSendRequirement = await _policyRequirementQuery.GetAsync<DisableSendPolicyRequirement>(userId.Value);
+        if (disableSendRequirement.DisableSend)
        {
            throw new BadRequestException("Due to an Enterprise Policy, you are only able to delete an existing Send.");
        }

-        if (sendPolicyRequirement.DisableHideEmail && send.HideEmail.GetValueOrDefault())
+        var sendOptionsRequirement = await _policyRequirementQuery.GetAsync<SendOptionsPolicyRequirement>(userId.Value);
+        if (sendOptionsRequirement.DisableHideEmail && send.HideEmail.GetValueOrDefault())
        {
            throw new BadRequestException("Due to an Enterprise Policy, you are not allowed to hide your email address from recipients when creating or editing a Send.");
        }