[SM-485] Add access policy on project creation (#2678)

* Add bootstrap access policy on create

* Update project integration tests

test/Api.Test/SecretsManager/Controllers/AccessPoliciesControllerTests.cs

@@ -1,5 +1,6 @@
 using Bit.Api.SecretsManager.Controllers;
 using Bit.Api.SecretsManager.Models.Request;
+using Bit.Api.Test.SecretsManager.Enums;
 using Bit.Core.Context;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
@@ -25,12 +26,6 @@ namespace Bit.Api.Test.SecretsManager.Controllers;
 [JsonDocumentCustomize]
 public class AccessPoliciesControllerTests
 {
-    public enum PermissionType
-    {
-        RunAsAdmin,
-        RunAsUserWithPermission,
-    }
-
     private static void SetupAdmin(SutProvider<AccessPoliciesController> sutProvider, Guid organizationId)
     {
         sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(default).ReturnsForAnyArgs(true);

test/Api.Test/SecretsManager/Controllers/ProjectsControllerTests.cs

@@ -1,10 +1,17 @@
 using Bit.Api.SecretsManager.Controllers;
+using Bit.Api.SecretsManager.Models.Request;
+using Bit.Api.Test.SecretsManager.Enums;
+using Bit.Core.Context;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
 using Bit.Core.SecretsManager.Commands.Projects.Interfaces;
 using Bit.Core.SecretsManager.Entities;
+using Bit.Core.SecretsManager.Repositories;
 using Bit.Core.Services;
 using Bit.Core.Test.SecretsManager.AutoFixture.ProjectsFixture;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
+using Bit.Test.Common.Helpers;
 using NSubstitute;
 using Xunit;
 
@@ -16,28 +23,226 @@ namespace Bit.Api.Test.SecretsManager.Controllers;
 [JsonDocumentCustomize]
 public class ProjectsControllerTests
 {
+    private static void SetupAdmin(SutProvider<ProjectsController> sutProvider, Guid organizationId)
+    {
+        sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(default).ReturnsForAnyArgs(true);
+        sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
+        sutProvider.GetDependency<ICurrentContext>().OrganizationAdmin(organizationId).Returns(true);
+    }
+
+    private static void SetupUserWithPermission(SutProvider<ProjectsController> sutProvider, Guid organizationId)
+    {
+        sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(default).ReturnsForAnyArgs(true);
+        sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
+        sutProvider.GetDependency<ICurrentContext>().OrganizationAdmin(organizationId).Returns(false);
+        sutProvider.GetDependency<ICurrentContext>().OrganizationUser(default).ReturnsForAnyArgs(true);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async void ListByOrganization_SmNotEnabled_Throws(SutProvider<ProjectsController> sutProvider, Guid data)
+    {
+        sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(data).Returns(false);
+
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.ListByOrganizationAsync(data));
+    }
+
+    [Theory]
+    [BitAutoData(PermissionType.RunAsAdmin)]
+    [BitAutoData(PermissionType.RunAsUserWithPermission)]
+    public async void ListByOrganization_ReturnsEmptyList(PermissionType permissionType,
+        SutProvider<ProjectsController> sutProvider, Guid data)
+    {
+        switch (permissionType)
+        {
+            case PermissionType.RunAsAdmin:
+                SetupAdmin(sutProvider, data);
+                break;
+            case PermissionType.RunAsUserWithPermission:
+                SetupUserWithPermission(sutProvider, data);
+                break;
+        }
+
+        var result = await sutProvider.Sut.ListByOrganizationAsync(data);
+
+        await sutProvider.GetDependency<IProjectRepository>().Received(1)
+            .GetManyByOrganizationIdAsync(Arg.Is(AssertHelper.AssertPropertyEqual(data)), Arg.Any<Guid>(),
+                Arg.Any<AccessClientType>());
+        Assert.Empty(result.Data);
+    }
+
+    [Theory]
+    [BitAutoData(PermissionType.RunAsAdmin)]
+    [BitAutoData(PermissionType.RunAsUserWithPermission)]
+    public async void ListByOrganization_Success(PermissionType permissionType,
+        SutProvider<ProjectsController> sutProvider, Guid data, Project mockProject)
+    {
+        switch (permissionType)
+        {
+            case PermissionType.RunAsAdmin:
+                SetupAdmin(sutProvider, data);
+                break;
+            case PermissionType.RunAsUserWithPermission:
+                SetupUserWithPermission(sutProvider, data);
+                break;
+        }
+
+        sutProvider.GetDependency<IProjectRepository>().GetManyByOrganizationIdAsync(default, default, default)
+            .ReturnsForAnyArgs(new List<Project> { mockProject });
+
+        var result = await sutProvider.Sut.ListByOrganizationAsync(data);
+
+        await sutProvider.GetDependency<IProjectRepository>().Received(1)
+            .GetManyByOrganizationIdAsync(Arg.Is(AssertHelper.AssertPropertyEqual(data)), Arg.Any<Guid>(),
+                Arg.Any<AccessClientType>());
+        Assert.NotEmpty(result.Data);
+        Assert.Single(result.Data);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async void Create_SmNotEnabled_Throws(SutProvider<ProjectsController> sutProvider, Guid orgId,
+        ProjectCreateRequestModel data)
+    {
+        sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(orgId).Returns(false);
+
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.CreateAsync(orgId, data));
+        await sutProvider.GetDependency<ICreateProjectCommand>().DidNotReceiveWithAnyArgs()
+            .CreateAsync(Arg.Any<Project>(), Arg.Any<Guid>());
+    }
+
+    [Theory]
+    [BitAutoData(PermissionType.RunAsAdmin)]
+    [BitAutoData(PermissionType.RunAsUserWithPermission)]
+    public async void Create_Success(PermissionType permissionType, SutProvider<ProjectsController> sutProvider,
+        Guid orgId, ProjectCreateRequestModel data)
+    {
+        switch (permissionType)
+        {
+            case PermissionType.RunAsAdmin:
+                SetupAdmin(sutProvider, orgId);
+                break;
+            case PermissionType.RunAsUserWithPermission:
+                SetupUserWithPermission(sutProvider, orgId);
+                break;
+        }
+
+        var resultProject = data.ToProject(orgId);
+        sutProvider.GetDependency<ICreateProjectCommand>().CreateAsync(default, default)
+            .ReturnsForAnyArgs(resultProject);
+
+        await sutProvider.Sut.CreateAsync(orgId, data);
+
+        await sutProvider.GetDependency<ICreateProjectCommand>().Received(1)
+            .CreateAsync(Arg.Any<Project>(), Arg.Any<Guid>());
+    }
+
+    [Theory]
+    [BitAutoData(PermissionType.RunAsAdmin)]
+    [BitAutoData(PermissionType.RunAsUserWithPermission)]
+    public async void Update_Success(PermissionType permissionType, SutProvider<ProjectsController> sutProvider,
+        Guid orgId, ProjectUpdateRequestModel data)
+    {
+        switch (permissionType)
+        {
+            case PermissionType.RunAsAdmin:
+                SetupAdmin(sutProvider, orgId);
+                break;
+            case PermissionType.RunAsUserWithPermission:
+                SetupUserWithPermission(sutProvider, orgId);
+                break;
+        }
+
+        var resultProject = data.ToProject(orgId);
+        sutProvider.GetDependency<IUpdateProjectCommand>().UpdateAsync(default, default)
+            .ReturnsForAnyArgs(resultProject);
+
+        await sutProvider.Sut.UpdateAsync(orgId, data);
+
+        await sutProvider.GetDependency<IUpdateProjectCommand>().Received(1)
+            .UpdateAsync(Arg.Any<Project>(), Arg.Any<Guid>());
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async void Get_SmNotEnabled_Throws(SutProvider<ProjectsController> sutProvider, Guid data)
+    {
+        sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(data).Returns(false);
+
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.GetAsync(data));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async void Get_ThrowsNotFound(SutProvider<ProjectsController> sutProvider, Guid data)
+    {
+        sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(data).Returns(true);
+
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.GetAsync(data));
+    }
+
+    [Theory]
+    [BitAutoData(PermissionType.RunAsAdmin)]
+    [BitAutoData(PermissionType.RunAsUserWithPermission)]
+    public async void Get_Success(PermissionType permissionType, SutProvider<ProjectsController> sutProvider,
+        Guid orgId, Guid data)
+    {
+        switch (permissionType)
+        {
+            case PermissionType.RunAsAdmin:
+                SetupAdmin(sutProvider, orgId);
+                break;
+            case PermissionType.RunAsUserWithPermission:
+                SetupUserWithPermission(sutProvider, orgId);
+                sutProvider.GetDependency<IProjectRepository>()
+                    .UserHasReadAccessToProject(Arg.Is(data), Arg.Any<Guid>()).ReturnsForAnyArgs(true);
+                break;
+        }
+
+        sutProvider.GetDependency<IProjectRepository>().GetByIdAsync(Arg.Is(data))
+            .ReturnsForAnyArgs(new Project { Id = data, OrganizationId = orgId });
+
+        await sutProvider.Sut.GetAsync(data);
+
+        await sutProvider.GetDependency<IProjectRepository>().Received(1)
+            .GetByIdAsync(Arg.Is(data));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async void Get_UserWithoutPermission_Throws(SutProvider<ProjectsController> sutProvider, Guid orgId,
+        Guid data)
+    {
+        SetupUserWithPermission(sutProvider, orgId);
+        sutProvider.GetDependency<IProjectRepository>().UserHasReadAccessToProject(Arg.Is(data), Arg.Any<Guid>())
+            .ReturnsForAnyArgs(false);
+
+        sutProvider.GetDependency<IProjectRepository>().GetByIdAsync(Arg.Is(data))
+            .ReturnsForAnyArgs(new Project { Id = data, OrganizationId = orgId });
+
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.GetAsync(data));
+    }
+
     [Theory]
     [BitAutoData]
     public async void BulkDeleteProjects_Success(SutProvider<ProjectsController> sutProvider, List<Project> data)
     {
         sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
-        var ids = data.Select(project => project.Id)?.ToList();
-        var mockResult = new List<Tuple<Project, string>>();
-        foreach (var project in data)
-        {
-            mockResult.Add(new Tuple<Project, string>(project, ""));
-        }
+        var ids = data.Select(project => project.Id).ToList();
+        var mockResult = data.Select(project => new Tuple<Project, string>(project, "")).ToList();
+
         sutProvider.GetDependency<IDeleteProjectCommand>().DeleteProjects(ids, default).ReturnsForAnyArgs(mockResult);
 
         var results = await sutProvider.Sut.BulkDeleteAsync(ids);
         await sutProvider.GetDependency<IDeleteProjectCommand>().Received(1)
-                     .DeleteProjects(Arg.Is(ids), Arg.Any<Guid>());
+            .DeleteProjects(Arg.Is(ids), Arg.Any<Guid>());
         Assert.Equal(data.Count, results.Data.Count());
     }
 
     [Theory]
     [BitAutoData]
-    public async void BulkDeleteProjects_NoGuids_ThrowsArgumentNullException(SutProvider<ProjectsController> sutProvider)
+    public async void BulkDeleteProjects_NoGuids_ThrowsArgumentNullException(
+        SutProvider<ProjectsController> sutProvider)
     {
         sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
         await Assert.ThrowsAsync<ArgumentNullException>(() => sutProvider.Sut.BulkDeleteAsync(new List<Guid>()));

test/Api.Test/SecretsManager/Enums/PermissionType.cs

@@ -0,0 +1,7 @@
+namespace Bit.Api.Test.SecretsManager.Enums;
+
+public enum PermissionType
+{
+    RunAsAdmin,
+    RunAsUserWithPermission,
+}