nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 05:00:19 -05:00
Code

cleanup

Browse Source
This commit is contained in:
Thomas Rittson 2025-03-21 14:16:09 +10:00
parent 645f5fa366
commit 366aac238f
No known key found for this signature in database
GPG Key ID: CDDDA03861C35E27
3 changed files with 3 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/Api/Startup.cs
View File

@ -143,18 +143,6 @@ public class Startup
(c.Value.Contains(ApiScopes.Api) || c.Value.Contains(ApiScopes.ApiSecrets)) (c.Value.Contains(ApiScopes.Api) || c.Value.Contains(ApiScopes.ApiSecrets))
)); ));
}); });
// Simplest implementation: check for role
// Issues:
// - unable to specify custom permissions
// - multiple policies are treated as AND rather than OR
// - does not allow for more complex conditional logic - e.g. providers can affect whether owners can view billing
// Alternative: describe broad action/capability, e.g. ManageUsers, ManageGroups, ViewBilling, similar to CurrentContext today
// the handler is then implemented per domain to define who can do those things
// config.AddPolicy("owner", policy
// => policy.AddRequirements(new RoleRequirementAttribute(OrganizationUserType.Owner)));
// config.AddPolicy("admin", policy
// => policy.AddRequirements(new RoleRequirementAttribute(OrganizationUserType.Admin)));
}); });
services.AddScoped<AuthenticatorTokenProvider>(); services.AddScoped<AuthenticatorTokenProvider>();
@ -268,7 +256,7 @@ public class Startup
// Add authentication and authorization to the request pipeline. // Add authentication and authorization to the request pipeline.
app.UseAuthentication(); app.UseAuthentication();
// Add current context - before authz // Add current context - before authz. Is this OK?
app.UseMiddleware<CurrentContextMiddleware>(); app.UseMiddleware<CurrentContextMiddleware>();
app.UseAuthorization(); app.UseAuthorization();

2
src/Core/AdminConsole/OrganizationFeatures/Shared/Authorization/OrganizationAuthorizeAttribute.cs
View File

@ -2,6 +2,8 @@
namespace Bit.Core.AdminConsole.OrganizationFeatures.Shared.Authorization; namespace Bit.Core.AdminConsole.OrganizationFeatures.Shared.Authorization;
public interface IOrganizationRequirement : IAuthorizationRequirement;
public class OrganizationAuthorizeAttribute<T> public class OrganizationAuthorizeAttribute<T>
: AuthorizeAttribute, IAuthorizationRequirementData : AuthorizeAttribute, IAuthorizationRequirementData
where T : IOrganizationRequirement, new() where T : IOrganizationRequirement, new()

3
src/Core/AdminConsole/OrganizationFeatures/Shared/Authorization/OrganizationRequirementHandler.cs → src/Core/AdminConsole/OrganizationFeatures/Shared/Authorization/OrganizationRequirementHelpers.cs
View File

@ -1,13 +1,10 @@
#nullable enable #nullable enable
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Routing; using Microsoft.AspNetCore.Routing;
namespace Bit.Core.AdminConsole.OrganizationFeatures.Shared.Authorization; namespace Bit.Core.AdminConsole.OrganizationFeatures.Shared.Authorization;
public interface IOrganizationRequirement : IAuthorizationRequirement;
public static class OrganizationRequirementHelpers public static class OrganizationRequirementHelpers
{ {
public static Guid? GetOrganizationId(this IHttpContextAccessor httpContextAccessor) public static Guid? GetOrganizationId(this IHttpContextAccessor httpContextAccessor)