[SM-702] Extract access policy checks from create/update project commands (#2842)

* Move to access query for project commands * Swap to hasAccess method per action * Swap to authorization handler pattern * Move ProjectOperationRequirement to Core * Add default throw + tests * Swap to reflection for testing switch
2025-06-30 15:42:48 -05:00 · 2023-05-03 09:40:24 -05:00
parent 7be19b53f4
commit 5474d3da18
28 changed files with 490 additions and 166 deletions
--- a/src/Core/SecretsManager/AuthorizationRequirements/ProjectOperationRequirement.cs
+++ b/src/Core/SecretsManager/AuthorizationRequirements/ProjectOperationRequirement.cs
@ -0,0 +1,13 @@
+using Microsoft.AspNetCore.Authorization.Infrastructure;
+
+namespace Bit.Core.SecretsManager.AuthorizationRequirements;
+
+public class ProjectOperationRequirement : OperationAuthorizationRequirement
+{
+}
+
+public static class ProjectOperations
+{
+    public static readonly ProjectOperationRequirement Create = new() { Name = nameof(Create) };
+    public static readonly ProjectOperationRequirement Update = new() { Name = nameof(Update) };
+}
--- a/src/Core/SecretsManager/Commands/Projects/Interfaces/IUpdateProjectCommand.cs
+++ b/src/Core/SecretsManager/Commands/Projects/Interfaces/IUpdateProjectCommand.cs
@ -4,5 +4,5 @@ namespace Bit.Core.SecretsManager.Commands.Projects.Interfaces;

 public interface IUpdateProjectCommand
 {
-    Task<Project> UpdateAsync(Project updatedProject, Guid userId);
+    Task<Project> UpdateAsync(Project updatedProject);
 }