nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-03 09:02:48 -05:00
Code Activity

[AC-1139] Created AuthorizationServiceExtensions to have an extension method for AuthorizeAsync where the resource is null

Browse Source
This commit is contained in:
Rui Tome
2023-10-30 12:59:34 +00:00
parent 91de2d892e
commit 4642b7360e
4 changed files with 39 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/Api/AdminConsole/Controllers/GroupsController.cs
View File

@ -1,6 +1,7 @@
using Bit.Api.AdminConsole.Models.Request; using Bit.Api.AdminConsole.Models.Request;
using Bit.Api.AdminConsole.Models.Response; using Bit.Api.AdminConsole.Models.Response;
using Bit.Api.Models.Response; using Bit.Api.Models.Response;
using Bit.Api.Utilities;
using Bit.Api.Vault.AuthorizationHandlers.Groups; using Bit.Api.Vault.AuthorizationHandlers.Groups;
using Bit.Core; using Bit.Core;
using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces; using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces;
@ -206,7 +207,7 @@ public class GroupsController : Controller
private async Task<ListResponseModel<GroupDetailsResponseModel>> Get_vNext(Guid orgId) private async Task<ListResponseModel<GroupDetailsResponseModel>> Get_vNext(Guid orgId)
{ {
var authorized = var authorized =
(await _authorizationService.AuthorizeAsync(User, null, GroupOperations.ReadAll(orgId))).Succeeded; (await _authorizationService.AuthorizeAsync(User, GroupOperations.ReadAll(orgId))).Succeeded;
if (!authorized) if (!authorized)
{ {
throw new NotFoundException(); throw new NotFoundException();

3
src/Api/AdminConsole/Controllers/OrganizationUsersController.cs
View File

@ -2,6 +2,7 @@
using Bit.Api.AdminConsole.Models.Response.Organizations; using Bit.Api.AdminConsole.Models.Response.Organizations;
using Bit.Api.Models.Request.Organizations; using Bit.Api.Models.Request.Organizations;
using Bit.Api.Models.Response; using Bit.Api.Models.Response;
using Bit.Api.Utilities;
using Bit.Api.Vault.AuthorizationHandlers.OrganizationUsers; using Bit.Api.Vault.AuthorizationHandlers.OrganizationUsers;
using Bit.Core; using Bit.Core;
using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces; using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
@ -93,7 +94,7 @@ public class OrganizationUsersController : Controller
public async Task<ListResponseModel<OrganizationUserUserDetailsResponseModel>> Get(Guid orgId, bool includeGroups = false, bool includeCollections = false) public async Task<ListResponseModel<OrganizationUserUserDetailsResponseModel>> Get(Guid orgId, bool includeGroups = false, bool includeCollections = false)
{ {
var authorized = UseFlexibleCollections var authorized = UseFlexibleCollections
? (await _authorizationService.AuthorizeAsync(User, null, OrganizationUserOperations.ReadAll(orgId))).Succeeded ? (await _authorizationService.AuthorizeAsync(User, OrganizationUserOperations.ReadAll(orgId))).Succeeded
: await _currentContext.ViewAllCollections(orgId) || : await _currentContext.ViewAllCollections(orgId) ||
await _currentContext.ViewAssignedCollections(orgId) || await _currentContext.ViewAssignedCollections(orgId) ||
await _currentContext.ManageGroups(orgId) || await _currentContext.ManageGroups(orgId) ||

5
src/Api/Controllers/CollectionsController.cs
View File

@ -1,5 +1,6 @@
using Bit.Api.Models.Request; using Bit.Api.Models.Request;
using Bit.Api.Models.Response; using Bit.Api.Models.Response;
using Bit.Api.Utilities;
using Bit.Api.Vault.AuthorizationHandlers.Collections; using Bit.Api.Vault.AuthorizationHandlers.Collections;
using Bit.Core; using Bit.Core;
using Bit.Core.Context; using Bit.Core.Context;
@ -520,7 +521,7 @@ public class CollectionsController : Controller
.GetManyByUserIdWithAccessAsync(_currentContext.UserId.Value, orgId); .GetManyByUserIdWithAccessAsync(_currentContext.UserId.Value, orgId);
var readAllAuthorized = var readAllAuthorized =
(await _authorizationService.AuthorizeAsync(User, null, CollectionOperations.ReadAll(orgId))).Succeeded; (await _authorizationService.AuthorizeAsync(User, CollectionOperations.ReadAll(orgId))).Succeeded;
if (readAllAuthorized) if (readAllAuthorized)
{ {
// The user can view all collections, but they may not always be assigned to all of them // The user can view all collections, but they may not always be assigned to all of them
@ -547,7 +548,7 @@ public class CollectionsController : Controller
{ {
IEnumerable<Collection> orgCollections; IEnumerable<Collection> orgCollections;
var readAllAuthorized = (await _authorizationService.AuthorizeAsync(User, null, CollectionOperations.ReadAll(orgId))).Succeeded; var readAllAuthorized = (await _authorizationService.AuthorizeAsync(User, CollectionOperations.ReadAll(orgId))).Succeeded;
if (readAllAuthorized) if (readAllAuthorized)
{ {
orgCollections = await _collectionRepository.GetManyByOrganizationIdAsync(orgId); orgCollections = await _collectionRepository.GetManyByOrganizationIdAsync(orgId);

32
src/Api/Utilities/AuthorizationServiceExtensions.cs Normal file
View File

@ -0,0 +1,32 @@
using System.Security.Claims;
using Microsoft.AspNetCore.Authorization;
namespace Bit.Api.Utilities;
public static class AuthorizationServiceExtensions
{
/// <summary>
/// Checks if a user meets a specific requirement.
/// </summary>
/// <param name="service">The <see cref="IAuthorizationService"/> providing authorization.</param>
/// <param name="user">The user to evaluate the policy against.</param>
/// <param name="requirement">The requirement to evaluate the policy against.</param>
/// <returns>
/// A flag indicating whether requirement evaluation has succeeded or failed.
/// This value is <value>true</value> when the user fulfills the policy, otherwise <value>false</value>.
/// </returns>
public static Task<AuthorizationResult> AuthorizeAsync(this IAuthorizationService service, ClaimsPrincipal user, IAuthorizationRequirement requirement)
{
if (service == null)
{
throw new ArgumentNullException(nameof(service));
}
if (requirement == null)
{
throw new ArgumentNullException(nameof(requirement));
}
return service.AuthorizeAsync(user, resource: null, new[] { requirement });
}
}