mirror of
https://github.com/bitwarden/server.git
synced 2025-07-05 18:12:48 -05:00
[AC-1139] Refactored BulkCollectionAuthorizationHandler.CheckCollectionPermissionsAsync
This commit is contained in:
Rui Tome
@ -131,7 +131,15 @@ public class BulkCollectionAuthorizationHandler : BulkAuthorizationHandler<Colle
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
await CheckCollectionPermissionsAsync(context, requirement, targetCollections, org, requireManagePermission: false);
|
var canManageCollections = await CanManageCollectionsAsync(targetCollections, org, requireManagePermission: false);
|
||||||
|
if (canManageCollections)
|
||||||
|
{
|
||||||
|
context.Succeed(requirement);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
context.Fail();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private async Task CanDeleteAsync(AuthorizationHandlerContext context, CollectionOperationRequirement requirement,
|
private async Task CanDeleteAsync(AuthorizationHandlerContext context, CollectionOperationRequirement requirement,
|
||||||
@ -154,7 +162,15 @@ public class BulkCollectionAuthorizationHandler : BulkAuthorizationHandler<Colle
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
await CheckCollectionPermissionsAsync(context, requirement, targetCollections, org, requireManagePermission: true);
|
var canManageCollections = await CanManageCollectionsAsync(targetCollections, org, requireManagePermission: true);
|
||||||
|
if (canManageCollections)
|
||||||
|
{
|
||||||
|
context.Succeed(requirement);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
context.Fail();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -173,12 +189,18 @@ public class BulkCollectionAuthorizationHandler : BulkAuthorizationHandler<Colle
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
await CheckCollectionPermissionsAsync(context, requirement, targetCollections, org, requireManagePermission: true);
|
var canManageCollections = await CanManageCollectionsAsync(targetCollections, org, requireManagePermission: true);
|
||||||
|
if (canManageCollections)
|
||||||
|
{
|
||||||
|
context.Succeed(requirement);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
context.Fail();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private async Task CheckCollectionPermissionsAsync(
|
private async Task<bool> CanManageCollectionsAsync(
|
||||||
AuthorizationHandlerContext context,
|
|
||||||
IAuthorizationRequirement requirement,
|
|
||||||
ICollection<Collection> targetCollections,
|
ICollection<Collection> targetCollections,
|
||||||
CurrentContextOrganization org,
|
CurrentContextOrganization org,
|
||||||
bool requireManagePermission)
|
bool requireManagePermission)
|
||||||
@ -193,13 +215,7 @@ public class BulkCollectionAuthorizationHandler : BulkAuthorizationHandler<Colle
|
|||||||
.Select(c => c.Id)
|
.Select(c => c.Id)
|
||||||
.ToHashSet();
|
.ToHashSet();
|
||||||
|
|
||||||
// The acting user does not have permissions for all target collections, fail
|
// Check if the acting user has access to all target collections
|
||||||
if (targetCollections.Any(tc => !manageableCollectionIds.Contains(tc.Id)))
|
return targetCollections.All(tc => manageableCollectionIds.Contains(tc.Id));
|
||||||
{
|
|
||||||
context.Fail();
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
context.Succeed(requirement);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user