[SM-567] Change how project permission is resolved (#2791)

* Change how project permission is resolved * Fix tests --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
2025-07-01 16:12:49 -05:00 · 2023-03-09 18:23:50 +01:00
parent 15954fb679
commit 6a6b15fada
4 changed files with 45 additions and 54 deletions
--- a/src/Api/SecretsManager/Controllers/ProjectsController.cs
+++ b/src/Api/SecretsManager/Controllers/ProjectsController.cs
@ -82,8 +82,7 @@ public class ProjectsController : Controller
    [HttpGet("projects/{id}")]
    public async Task<ProjectPermissionDetailsResponseModel> GetAsync([FromRoute] Guid id)
    {
-        var userId = _userService.GetProperUserId(User).Value;
-        var project = await _projectRepository.GetPermissionDetailsByIdAsync(id, userId);
+        var project = await _projectRepository.GetByIdAsync(id);
        if (project == null)
        {
            throw new NotFoundException();
@ -94,34 +93,18 @@ public class ProjectsController : Controller
            throw new NotFoundException();
        }

+        var userId = _userService.GetProperUserId(User).Value;
        var orgAdmin = await _currentContext.OrganizationAdmin(project.OrganizationId);
        var accessClient = AccessClientHelper.ToAccessClient(_currentContext.ClientType, orgAdmin);

-        bool hasAccess;
-        var read = project.Read;
-        var write = project.Write;
+        var access = await _projectRepository.AccessToProjectAsync(id, userId, accessClient);

-        switch (accessClient)
-        {
-            case AccessClientType.NoAccessCheck:
-                hasAccess = true;
-                write = true;
-                read = true;
-                break;
-            case AccessClientType.User:
-                hasAccess = project.Read;
-                break;
-            default:
-                hasAccess = false;
-                break;
-        }
-
-        if (!hasAccess)
+        if (!access.Read)
        {
            throw new NotFoundException();
        }

-        return new ProjectPermissionDetailsResponseModel(project, read, write);
+        return new ProjectPermissionDetailsResponseModel(project, access.Read, access.Write);
    }

    [HttpPost("projects/delete")]
--- a/src/Core/SecretsManager/Repositories/IProjectRepository.cs
+++ b/src/Core/SecretsManager/Repositories/IProjectRepository.cs
@ -1,6 +1,5 @@
 using Bit.Core.Enums;
 using Bit.Core.SecretsManager.Entities;
-using Bit.Core.SecretsManager.Models.Data;

 namespace Bit.Core.SecretsManager.Repositories;

@ -9,7 +8,6 @@ public interface IProjectRepository
    Task<IEnumerable<Project>> GetManyByOrganizationIdAsync(Guid organizationId, Guid userId, AccessClientType accessType);
    Task<IEnumerable<Project>> GetManyByOrganizationIdWriteAccessAsync(Guid organizationId, Guid userId, AccessClientType accessType);
    Task<IEnumerable<Project>> GetManyByIds(IEnumerable<Guid> ids);
-    Task<ProjectPermissionDetails> GetPermissionDetailsByIdAsync(Guid id, Guid userId);
    Task<Project> GetByIdAsync(Guid id);
    Task<Project> CreateAsync(Project project);
    Task ReplaceAsync(Project project);
@ -19,4 +17,5 @@ public interface IProjectRepository
    Task<bool> UserHasWriteAccessToProject(Guid id, Guid userId);
    Task<bool> ServiceAccountHasWriteAccessToProject(Guid id, Guid userId);
    Task<bool> ServiceAccountHasReadAccessToProject(Guid id, Guid userId);
+    Task<(bool Read, bool Write)> AccessToProjectAsync(Guid id, Guid userId, AccessClientType accessType);
 }