cleanup

2025-04-04 20:50:21 -05:00 · 2025-03-21 14:16:09 +10:00 · 2025-03-21 14:16:09 +10:00 · 366aac238f
commit 366aac238f
parent 645f5fa366
3 changed files with 3 additions and 16 deletions
--- a/src/Api/Startup.cs
+++ b/src/Api/Startup.cs
@ -143,18 +143,6 @@ public class Startup
                    (c.Value.Contains(ApiScopes.Api) || c.Value.Contains(ApiScopes.ApiSecrets))
                ));
            });
-
-            // Simplest implementation: check for role
-            // Issues:
-            // - unable to specify custom permissions
-            // - multiple policies are treated as AND rather than OR
-            // - does not allow for more complex conditional logic - e.g. providers can affect whether owners can view billing
-            // Alternative: describe broad action/capability, e.g. ManageUsers, ManageGroups, ViewBilling, similar to CurrentContext today
-            // the handler is then implemented per domain to define who can do those things
-            // config.AddPolicy("owner", policy
-            //     => policy.AddRequirements(new RoleRequirementAttribute(OrganizationUserType.Owner)));
-            // config.AddPolicy("admin", policy
-            //     => policy.AddRequirements(new RoleRequirementAttribute(OrganizationUserType.Admin)));
        });

        services.AddScoped<AuthenticatorTokenProvider>();
@ -268,7 +256,7 @@ public class Startup
        // Add authentication and authorization to the request pipeline.
        app.UseAuthentication();

-        // Add current context - before authz
+        // Add current context - before authz. Is this OK?
        app.UseMiddleware<CurrentContextMiddleware>();

        app.UseAuthorization();
--- a/src/Core/AdminConsole/OrganizationFeatures/Shared/Authorization/OrganizationAuthorizeAttribute.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Shared/Authorization/OrganizationAuthorizeAttribute.cs
@ -2,6 +2,8 @@

 namespace Bit.Core.AdminConsole.OrganizationFeatures.Shared.Authorization;

+public interface IOrganizationRequirement : IAuthorizationRequirement;
+
 public class OrganizationAuthorizeAttribute<T>
    : AuthorizeAttribute, IAuthorizationRequirementData
    where T : IOrganizationRequirement, new()
--- a/src/Core/AdminConsole/OrganizationFeatures/Shared/Authorization/OrganizationRequirementHelpers.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Shared/Authorization/OrganizationRequirementHelpers.cs
@ -1,13 +1,10 @@
 #nullable enable

-using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;

 namespace Bit.Core.AdminConsole.OrganizationFeatures.Shared.Authorization;

-public interface IOrganizationRequirement : IAuthorizationRequirement;
-
 public static class OrganizationRequirementHelpers
 {
    public static Guid? GetOrganizationId(this IHttpContextAccessor httpContextAccessor)