One handler per requirement

2025-07-14 22:27:32 -05:00 · 2025-03-21 14:48:49 +10:00
parent 366aac238f
commit 4dfc99dd85
6 changed files with 71 additions and 53 deletions
--- a/src/Core/AdminConsole/OrganizationFeatures/AdminConsoleRequirementsHandler.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/AdminConsoleRequirementsHandler.cs
@ -1,44 +0,0 @@
-#nullable enable
-
-using Bit.Core.AdminConsole.OrganizationFeatures.Shared.Authorization;
-using Bit.Core.Context;
-using Bit.Core.Enums;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-
-namespace Bit.Core.AdminConsole.OrganizationFeatures;
-
-public class ManageUsersRequirement : IOrganizationRequirement;
-
-public class AdminConsoleRequirementsHandler(ICurrentContext currentContext, IHttpContextAccessor httpContextAccessor)
-    : AuthorizationHandler<IOrganizationRequirement>
-{
-    protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context,
-        IOrganizationRequirement requirement)
-    {
-        var organizationId = httpContextAccessor.GetOrganizationId();
-        if (organizationId is null)
-        {
-            return;
-        }
-
-        var organization = currentContext.GetOrganization(organizationId.Value);
-
-        var authorized = requirement switch
-        {
-            ManageUsersRequirement => await ManageUsersAsync(organizationId.Value, organization),
-            _ => false
-        };
-
-        if (authorized)
-        {
-            context.Succeed(requirement);
-        }
-    }
-
-    private async Task<bool> ManageUsersAsync(Guid organizationId, CurrentContextOrganization? organization)
-        => organization is
-    { Type: OrganizationUserType.Owner or OrganizationUserType.Admin } or
-    { Permissions.ManageUsers: true }
-           || await currentContext.ProviderUserForOrgAsync(organizationId);
-}
--- a/src/Core/AdminConsole/OrganizationFeatures/ManageUserRequirementHandler.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/ManageUserRequirementHandler.cs
@ -0,0 +1,21 @@
+#nullable enable
+
+using Bit.Core.AdminConsole.OrganizationFeatures.Shared.Authorization;
+using Bit.Core.Context;
+using Bit.Core.Enums;
+using Microsoft.AspNetCore.Http;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures;
+
+public class ManageUsersRequirement : IOrganizationRequirement;
+
+public class ManageUserRequirementHandler(ICurrentContext currentContext, IHttpContextAccessor httpContextAccessor)
+    : OrganizationRequirementHandler<ManageUsersRequirement>(currentContext, httpContextAccessor)
+{
+    private readonly ICurrentContext _currentContext = currentContext;
+
+    protected override async Task<bool> Authorize(Guid organizationId, CurrentContextOrganization? organizationClaims)
+        => organizationClaims is { Type: OrganizationUserType.Owner or OrganizationUserType.Admin } or
+        { Permissions.ManageUsers: true }
+            || await _currentContext.ProviderUserForOrgAsync(organizationId);
+}
--- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUserRequirementHandler.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUserRequirementHandler.cs
@ -0,0 +1,16 @@
+#nullable enable
+
+using Bit.Core.AdminConsole.OrganizationFeatures.Shared.Authorization;
+using Bit.Core.Context;
+using Microsoft.AspNetCore.Http;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures;
+
+public class OrganizationMemberRequirement : IOrganizationRequirement;
+
+public class OrganizationMemberRequirementHandler(ICurrentContext currentContext, IHttpContextAccessor httpContextAccessor)
+    : OrganizationRequirementHandler<OrganizationMemberRequirement>(currentContext, httpContextAccessor)
+{
+    protected override Task<bool> Authorize(Guid organizationId, CurrentContextOrganization? organizationClaims)
+        => Task.FromResult(organizationClaims is not null);
+}
--- a/src/Core/AdminConsole/OrganizationFeatures/Shared/Authorization/OrganizationRequirementHandler.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Shared/Authorization/OrganizationRequirementHandler.cs
@ -0,0 +1,32 @@
+#nullable enable
+
+using Bit.Core.Context;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.Shared.Authorization;
+
+public abstract class OrganizationRequirementHandler<T>(ICurrentContext currentContext, IHttpContextAccessor httpContextAccessor)
+    : AuthorizationHandler<T>
+    where T : IAuthorizationRequirement
+{
+    protected abstract Task<bool> Authorize(Guid organizationId, CurrentContextOrganization? organizationClaims);
+
+    protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, T requirement)
+    {
+        var organizationId = httpContextAccessor.GetOrganizationId();
+        if (organizationId is null)
+        {
+            return;
+        }
+
+        var organization = currentContext.GetOrganization(organizationId.Value);
+
+        var authorized = await Authorize(organizationId.Value, organization);
+
+        if (authorized)
+        {
+            context.Succeed(requirement);
+        }
+    }
+}