[SM-1256] Add BulkSecretAuthorizationHandler (#4099)

* Add AccessToSecretsAsync to the repository * Add BulkSecretAuthorizationHandler * Update controller to use the new authz handler * Add integration test coverage
2025-06-30 07:36:14 -05:00 · 2024-07-09 10:06:33 -05:00
parent 313eef49f0
commit acc4808509
10 changed files with 484 additions and 72 deletions
--- a/test/Api.Test/SecretsManager/Controllers/SecretsControllerTests.cs
+++ b/test/Api.Test/SecretsManager/Controllers/SecretsControllerTests.cs
@ -412,30 +412,6 @@ public class SecretsControllerTests
        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.GetSecretsByIdsAsync(request));
    }

-    [Theory]
-    [BitAutoData]
-    public async Task GetSecretsByIds_OrganizationMisMatch_ThrowsNotFound(SutProvider<SecretsController> sutProvider,
-        List<Secret> data)
-    {
-        var (ids, request) = BuildGetSecretsRequestModel(data);
-        sutProvider.GetDependency<ISecretRepository>().GetManyByIds(Arg.Is(ids)).ReturnsForAnyArgs(data);
-        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.GetSecretsByIdsAsync(request));
-    }
-
-    [Theory]
-    [BitAutoData]
-    public async Task GetSecretsByIds_NoAccessToSecretsManager_ThrowsNotFound(
-        SutProvider<SecretsController> sutProvider, List<Secret> data)
-    {
-        var (ids, request) = BuildGetSecretsRequestModel(data);
-        var organizationId = SetOrganizations(ref data);
-
-        sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(Arg.Is(organizationId))
-            .ReturnsForAnyArgs(false);
-        sutProvider.GetDependency<ISecretRepository>().GetManyByIds(Arg.Is(ids)).ReturnsForAnyArgs(data);
-        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.GetSecretsByIdsAsync(request));
-    }
-
    [Theory]
    [BitAutoData]
    public async Task GetSecretsByIds_AccessDenied_ThrowsNotFound(SutProvider<SecretsController> sutProvider,
@ -445,10 +421,8 @@ public class SecretsControllerTests
        var organizationId = SetOrganizations(ref data);

        sutProvider.GetDependency<ISecretRepository>().GetManyByIds(Arg.Is(ids)).ReturnsForAnyArgs(data);
-        sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(Arg.Is(organizationId))
-            .ReturnsForAnyArgs(true);
        sutProvider.GetDependency<IAuthorizationService>()
-            .AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), data.First(),
+            .AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), data,
                Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Failed());

        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.GetSecretsByIdsAsync(request));
@ -462,10 +436,8 @@ public class SecretsControllerTests
        var organizationId = SetOrganizations(ref data);

        sutProvider.GetDependency<ISecretRepository>().GetManyByIds(Arg.Is(ids)).ReturnsForAnyArgs(data);
-        sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(Arg.Is(organizationId))
-            .ReturnsForAnyArgs(true);
        sutProvider.GetDependency<IAuthorizationService>()
-            .AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), data.First(),
+            .AuthorizeAsync(Arg.Any<ClaimsPrincipal>(), data,
                Arg.Any<IEnumerable<IAuthorizationRequirement>>()).ReturnsForAnyArgs(AuthorizationResult.Success());

        var results = await sutProvider.Sut.GetSecretsByIdsAsync(request);