[AC-1139] Refactored BulkCollectionAuthorizationHandler.CheckCollectionPermissionsAsync

2025-07-05 18:12:48 -05:00 · 2023-10-30 14:35:10 +00:00
parent 219cd88095
commit 4b293d7ac8
1 changed files with 30 additions and 14 deletions
--- a/src/Api/Vault/AuthorizationHandlers/Collections/BulkCollectionAuthorizationHandler.cs
+++ b/src/Api/Vault/AuthorizationHandlers/Collections/BulkCollectionAuthorizationHandler.cs
@ -131,7 +131,15 @@ public class BulkCollectionAuthorizationHandler : BulkAuthorizationHandler<Colle
            return;
        }

-        await CheckCollectionPermissionsAsync(context, requirement, targetCollections, org, requireManagePermission: false);
+        var canManageCollections = await CanManageCollectionsAsync(targetCollections, org, requireManagePermission: false);
+        if (canManageCollections)
+        {
+            context.Succeed(requirement);
+        }
+        else
+        {
+            context.Fail();
+        }
    }

    private async Task CanDeleteAsync(AuthorizationHandlerContext context, CollectionOperationRequirement requirement,
@ -154,7 +162,15 @@ public class BulkCollectionAuthorizationHandler : BulkAuthorizationHandler<Colle
            return;
        }

-        await CheckCollectionPermissionsAsync(context, requirement, targetCollections, org, requireManagePermission: true);
+        var canManageCollections = await CanManageCollectionsAsync(targetCollections, org, requireManagePermission: true);
+        if (canManageCollections)
+        {
+            context.Succeed(requirement);
+        }
+        else
+        {
+            context.Fail();
+        }
    }

    /// <summary>
@ -173,12 +189,18 @@ public class BulkCollectionAuthorizationHandler : BulkAuthorizationHandler<Colle
            return;
        }

-        await CheckCollectionPermissionsAsync(context, requirement, targetCollections, org, requireManagePermission: true);
+        var canManageCollections = await CanManageCollectionsAsync(targetCollections, org, requireManagePermission: true);
+        if (canManageCollections)
+        {
+            context.Succeed(requirement);
+        }
+        else
+        {
+            context.Fail();
+        }
    }

-    private async Task CheckCollectionPermissionsAsync(
-        AuthorizationHandlerContext context,
-        IAuthorizationRequirement requirement,
+    private async Task<bool> CanManageCollectionsAsync(
        ICollection<Collection> targetCollections,
        CurrentContextOrganization org,
        bool requireManagePermission)
@ -193,13 +215,7 @@ public class BulkCollectionAuthorizationHandler : BulkAuthorizationHandler<Colle
            .Select(c => c.Id)
            .ToHashSet();

-        // The acting user does not have permissions for all target collections, fail
-        if (targetCollections.Any(tc => !manageableCollectionIds.Contains(tc.Id)))
-        {
-            context.Fail();
-            return;
-        }
-
-        context.Succeed(requirement);
+        // Check if the acting user has access to all target collections
+        return targetCollections.All(tc => manageableCollectionIds.Contains(tc.Id));
    }
 }