[SM-896] restricting access to disabled orgs (#3287)

* restricting access to disabled orgs * Unit Test Updates * Update test/Api.IntegrationTest/SecretsManager/Controllers/AccessPoliciesControllerTests.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Covering all test cases * making organization enabled NOT default --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
2025-06-30 15:42:48 -05:00 · 2023-10-16 10:29:02 -04:00
parent 4ff41e9604
commit b772784af3
10 changed files with 417 additions and 264 deletions
--- a/src/Core/Context/CurrentContextOrganization.cs
+++ b/src/Core/Context/CurrentContextOrganization.cs
@ -14,7 +14,7 @@ public class CurrentContextOrganization
        Id = orgUser.OrganizationId;
        Type = orgUser.Type;
        Permissions = CoreHelpers.LoadClassFromJsonData<Permissions>(orgUser.Permissions);
-        AccessSecretsManager = orgUser.AccessSecretsManager && orgUser.UseSecretsManager;
+        AccessSecretsManager = orgUser.AccessSecretsManager && orgUser.UseSecretsManager && orgUser.Enabled;
    }

    public Guid Id { get; set; }
--- a/src/Identity/IdentityServer/ClientStore.cs
+++ b/src/Identity/IdentityServer/ClientStore.cs
@ -100,7 +100,7 @@ public class ClientStore : IClientStore
        {
            case ServiceAccountApiKeyDetails key:
                var org = await _organizationRepository.GetByIdAsync(key.ServiceAccountOrganizationId);
-                if (!org.UseSecretsManager)
+                if (!org.UseSecretsManager || !org.Enabled)
                {
                    return null;
                }