Revert controller changes - not implementing yet

src/Api/AdminConsole/Controllers/OrganizationUsersController.cs

@@ -1,6 +1,4 @@
-using Bit.Api.AdminConsole.Authorization;
+using Bit.Api.AdminConsole.Models.Request.Organizations;
-using Bit.Api.AdminConsole.Authorization.Requirements;
-using Bit.Api.AdminConsole.Models.Request.Organizations;
 using Bit.Api.AdminConsole.Models.Response.Organizations;
 using Bit.Api.Models.Request.Organizations;
 using Bit.Api.Models.Response;
@@ -8,10 +6,12 @@ using Bit.Api.Vault.AuthorizationHandlers.Collections;
 using Bit.Core;
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Authorization;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.RestoreUser.v1;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
+using Bit.Core.AdminConsole.OrganizationFeatures.Shared.Authorization;
 using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Repositories;
@@ -141,19 +141,31 @@ public class OrganizationUsersController : Controller
         return response;
     }
 
-    [Authorize<MemberOrProviderRequirement>]
     [HttpGet("mini-details")]
     public async Task<ListResponseModel<OrganizationUserUserMiniDetailsResponseModel>> GetMiniDetails(Guid orgId)
     {
+        var authorizationResult = await _authorizationService.AuthorizeAsync(User, new OrganizationScope(orgId),
+            OrganizationUserUserMiniDetailsOperations.ReadAll);
+        if (!authorizationResult.Succeeded)
+        {
+            throw new NotFoundException();
+        }
+
         var organizationUserUserDetails = await _organizationUserRepository.GetManyDetailsByOrganizationAsync(orgId);
         return new ListResponseModel<OrganizationUserUserMiniDetailsResponseModel>(
             organizationUserUserDetails.Select(ou => new OrganizationUserUserMiniDetailsResponseModel(ou)));
     }
 
     [HttpGet("")]
-    [Authorize<ManageUsersRequirement>]
     public async Task<ListResponseModel<OrganizationUserUserDetailsResponseModel>> Get(Guid orgId, bool includeGroups = false, bool includeCollections = false)
     {
+        var authorized = (await _authorizationService.AuthorizeAsync(
+            User, new OrganizationScope(orgId), OrganizationUserUserDetailsOperations.ReadAll)).Succeeded;
+        if (!authorized)
+        {
+            throw new NotFoundException();
+        }
+
         var organizationUsers = await _organizationUserUserDetailsQuery.GetOrganizationUserUserDetails(
             new OrganizationUserUserDetailsQueryRequest
             {

test/Api.IntegrationTest/AdminConsole/Authorization/OrganizationUsersControllerTests.cs

@@ -1,66 +0,0 @@
-using System.Net;
-using Bit.Api.IntegrationTest.Factories;
-using Bit.Api.IntegrationTest.Helpers;
-using Bit.Core.AdminConsole.Entities;
-using Bit.Core.Billing.Enums;
-using Bit.Core.Entities;
-using Bit.Core.Enums;
-using Xunit;
-
-namespace Bit.Api.IntegrationTest.AdminConsole.Authorization;
-
-public class OrganizationUsersControllerTests : IClassFixture<ApiApplicationFactory>, IAsyncLifetime
-{
-    private readonly HttpClient _client;
-    private readonly ApiApplicationFactory _factory;
-    private readonly LoginHelper _loginHelper;
-
-    // These will get set in `InitializeAsync` which is run before all tests
-    private Organization _organization = null!;
-    private OrganizationUser _organizationUser = null!;
-    private string _ownerEmail = null!;
-
-    public OrganizationUsersControllerTests(ApiApplicationFactory factory)
-    {
-        _factory = factory;
-        _client = factory.CreateClient();
-        _loginHelper = new LoginHelper(_factory, _client);
-    }
-
-    public async Task InitializeAsync()
-    {
-        // Create the owner account
-        _ownerEmail = $"integration-test{Guid.NewGuid()}@bitwarden.com";
-        await _factory.LoginWithNewAccount(_ownerEmail);
-
-        // Create the organization
-        (_organization, _organizationUser) = await OrganizationTestHelpers.SignUpAsync(_factory, plan: PlanType.EnterpriseAnnually2023,
-            ownerEmail: _ownerEmail, passwordManagerSeats: 10, paymentMethod: PaymentMethodType.Card);
-
-        // Login as the user
-        await _loginHelper.LoginAsync(_ownerEmail);
-    }
-
-    public Task DisposeAsync()
-    {
-        _client.Dispose();
-        return Task.CompletedTask;
-    }
-
-    [Fact]
-    public async Task GetMiniDetails_Authorization_Fail()
-    {
-        // Request is for a random organizationId not in their claims
-        var organizationId = Guid.NewGuid();
-        var response = await _client.GetAsync($"/organizations/{organizationId}/users/mini-details");
-        Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
-    }
-
-    [Fact]
-    public async Task GetMiniDetails_Authorization_Success()
-    {
-        // Request is for their organization
-        var response = await _client.GetAsync($"/organizations/{_organization.Id}/users/mini-details");
-        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
-    }
-}