Fix logic and apply to controller

src/Api/AdminConsole/Controllers/OrganizationUsersController.cs

@@ -35,6 +35,7 @@ namespace Bit.Api.AdminConsole.Controllers;
 
 [Route("organizations/{orgId}/users")]
 [Authorize("Application")]
+[Authorize<MemberOrProviderRequirement>]
 public class OrganizationUsersController : Controller
 {
     private readonly IOrganizationRepository _organizationRepository;
@@ -137,7 +138,7 @@ public class OrganizationUsersController : Controller
         return response;
     }
 
-    [Authorize<OrganizationMemberRequirement>]
+    [Authorize<MemberOrProviderRequirement>]
     [HttpGet("mini-details")]
     public async Task<ListResponseModel<OrganizationUserUserMiniDetailsResponseModel>> GetMiniDetails(Guid orgId)
     {

src/Core/AdminConsole/OrganizationFeatures/MemberOrProviderRequirement.cs

@@ -0,0 +1,15 @@
+#nullable enable
+
+using Bit.Core.AdminConsole.OrganizationFeatures.Shared.Authorization;
+using Bit.Core.Context;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures;
+
+/// <summary>
+/// Requires that the user is a member of the organization or a provider for the organization.
+/// </summary>
+public class MemberOrProviderRequirement : IOrganizationRequirement
+{
+    public async Task<bool> AuthorizeAsync(Guid organizationId, CurrentContextOrganization? organizationClaims, ICurrentContext currentContext)
+        => organizationClaims is not null || await currentContext.ProviderUserForOrgAsync(organizationId);
+}

src/Core/AdminConsole/OrganizationFeatures/OrganizationMemberRequirement.cs

@@ -1,12 +0,0 @@
-#nullable enable
-
-using Bit.Core.AdminConsole.OrganizationFeatures.Shared.Authorization;
-using Bit.Core.Context;
-
-namespace Bit.Core.AdminConsole.OrganizationFeatures;
-
-public class OrganizationMemberRequirement : IOrganizationRequirement
-{
-    public Task<bool> AuthorizeAsync(Guid organizationId, CurrentContextOrganization? organizationClaims, ICurrentContext currentContext)
-        => Task.FromResult(organizationClaims is not null);
-}