From 645f5fa366d1b51e34533fb30da5ad7451edf14b Mon Sep 17 00:00:00 2001 From: Thomas Rittson Date: Fri, 21 Mar 2025 14:12:29 +1000 Subject: [PATCH] Remove base class --- .../AdminConsoleRequirementsHandler.cs | 24 ++++++++++++++----- .../OrganizationRequirementHandler.cs | 23 ++++-------------- 2 files changed, 23 insertions(+), 24 deletions(-) diff --git a/src/Core/AdminConsole/OrganizationFeatures/AdminConsoleRequirementsHandler.cs b/src/Core/AdminConsole/OrganizationFeatures/AdminConsoleRequirementsHandler.cs index 0191dee0fc..4be6b567ac 100644 --- a/src/Core/AdminConsole/OrganizationFeatures/AdminConsoleRequirementsHandler.cs +++ b/src/Core/AdminConsole/OrganizationFeatures/AdminConsoleRequirementsHandler.cs @@ -3,6 +3,7 @@ using Bit.Core.AdminConsole.OrganizationFeatures.Shared.Authorization; using Bit.Core.Context; using Bit.Core.Enums; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; namespace Bit.Core.AdminConsole.OrganizationFeatures; @@ -10,23 +11,34 @@ namespace Bit.Core.AdminConsole.OrganizationFeatures; public class ManageUsersRequirement : IOrganizationRequirement; public class AdminConsoleRequirementsHandler(ICurrentContext currentContext, IHttpContextAccessor httpContextAccessor) - : OrganizationRequirementHandler(currentContext, httpContextAccessor) + : AuthorizationHandler { - protected override async Task HandleOrganizationRequirementAsync(IOrganizationRequirement requirement, - Guid organizationId, CurrentContextOrganization? organization) + protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, + IOrganizationRequirement requirement) { + var organizationId = httpContextAccessor.GetOrganizationId(); + if (organizationId is null) + { + return; + } + + var organization = currentContext.GetOrganization(organizationId.Value); + var authorized = requirement switch { - ManageUsersRequirement => await ManageUsersAsync(organizationId, organization), + ManageUsersRequirement => await ManageUsersAsync(organizationId.Value, organization), _ => false }; - return authorized; + if (authorized) + { + context.Succeed(requirement); + } } private async Task ManageUsersAsync(Guid organizationId, CurrentContextOrganization? organization) => organization is { Type: OrganizationUserType.Owner or OrganizationUserType.Admin } or { Permissions.ManageUsers: true } - || await IsProviderForOrganizationAsync(organizationId); + || await currentContext.ProviderUserForOrgAsync(organizationId); } diff --git a/src/Core/AdminConsole/OrganizationFeatures/Shared/Authorization/OrganizationRequirementHandler.cs b/src/Core/AdminConsole/OrganizationFeatures/Shared/Authorization/OrganizationRequirementHandler.cs index 3f1a78ac4e..672cfd9f92 100644 --- a/src/Core/AdminConsole/OrganizationFeatures/Shared/Authorization/OrganizationRequirementHandler.cs +++ b/src/Core/AdminConsole/OrganizationFeatures/Shared/Authorization/OrganizationRequirementHandler.cs @@ -1,6 +1,5 @@ #nullable enable -using Bit.Core.Context; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Routing; @@ -9,33 +8,21 @@ namespace Bit.Core.AdminConsole.OrganizationFeatures.Shared.Authorization; public interface IOrganizationRequirement : IAuthorizationRequirement; -public abstract class OrganizationRequirementHandler(ICurrentContext currentContext, IHttpContextAccessor httpContextAccessor) : AuthorizationHandler +public static class OrganizationRequirementHelpers { - protected abstract Task HandleOrganizationRequirementAsync(IOrganizationRequirement requirement, Guid organizationId, CurrentContextOrganization? organization); - - protected async Task IsProviderForOrganizationAsync(Guid organizationId) => - await currentContext.ProviderUserForOrgAsync(organizationId); - - protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, IOrganizationRequirement requirement) + public static Guid? GetOrganizationId(this IHttpContextAccessor httpContextAccessor) { if (httpContextAccessor.HttpContext is null) { - return; + return null; } httpContextAccessor.HttpContext.GetRouteData().Values.TryGetValue("orgId", out var orgIdParam); if (!Guid.TryParse(orgIdParam?.ToString(), out var orgId)) { - // No orgId supplied, unable to authorize - return; + return null; } - var organization = currentContext.GetOrganization(orgId); - - var authorized = await HandleOrganizationRequirementAsync(requirement, orgId, organization); - if (authorized) - { - context.Succeed(requirement); - } + return orgId; } }