Merge remote-tracking branch 'origin/master' into feature/flexible-collections

.github/CODEOWNERS

@@ -9,6 +9,11 @@
 # DevOps for Actions and other workflow changes.
 .github/workflows @bitwarden/dept-devops
 
+# DevOps for Docker changes.
+**/Dockerfile @bitwarden/dept-devops
+**/*.Dockerfile @bitwarden/dept-devops
+**/.dockerignore @bitwarden/dept-devops
+
 ## Auth team files ##
 **/Auth @bitwarden/team-auth-dev
 bitwarden_license/src/Sso @bitwarden/team-auth-dev

.github/workflows/build.yml

@@ -277,7 +277,7 @@ jobs:
 
       - name: Retrieve github PAT secrets
         id: retrieve-secret-pat
-        uses: bitwarden/gh-actions/get-keyvault-secrets@f1125802b1ccae8c601d7c4f61ce39ea254b10c8
+        uses: bitwarden/gh-actions/get-keyvault-secrets@c970b0fb89bd966749280e832928db62040812bf
         with:
           keyvault: "bitwarden-ci"
           secrets: "github-pat-bitwarden-devops-bot-repo-scope"
@@ -528,7 +528,7 @@ jobs:
 
       - name: Retrieve github PAT secrets
         id: retrieve-secret-pat
-        uses: bitwarden/gh-actions/get-keyvault-secrets@f1125802b1ccae8c601d7c4f61ce39ea254b10c8
+        uses: bitwarden/gh-actions/get-keyvault-secrets@c970b0fb89bd966749280e832928db62040812bf
         with:
           keyvault: "bitwarden-ci"
           secrets: "github-pat-bitwarden-devops-bot-repo-scope"
@@ -603,7 +603,7 @@ jobs:
 
       - name: Retrieve secrets
         id: retrieve-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@f1125802b1ccae8c601d7c4f61ce39ea254b10c8
+        uses: bitwarden/gh-actions/get-keyvault-secrets@c970b0fb89bd966749280e832928db62040812bf
         if: failure()
         with:
           keyvault: "bitwarden-ci"

.github/workflows/container-registry-purge.yml

@@ -92,7 +92,7 @@ jobs:
 
       - name: Retrieve secrets
         id: retrieve-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@f1125802b1ccae8c601d7c4f61ce39ea254b10c8
+        uses: bitwarden/gh-actions/get-keyvault-secrets@c970b0fb89bd966749280e832928db62040812bf
         if: failure()
         with:
           keyvault: "bitwarden-ci"

.github/workflows/release.yml

@@ -41,7 +41,7 @@ jobs:
 
       - name: Check Release Version
         id: version
-        uses: bitwarden/gh-actions/release-version-check@f1125802b1ccae8c601d7c4f61ce39ea254b10c8
+        uses: bitwarden/gh-actions/release-version-check@c970b0fb89bd966749280e832928db62040812bf
         with:
           release-type: ${{ github.event.inputs.release_type }}
           project-type: dotnet
@@ -89,7 +89,7 @@ jobs:
 
       - name: Download latest Release ${{ matrix.name }} asset
         if: ${{ github.event.inputs.release_type != 'Dry Run' }}
-        uses: bitwarden/gh-actions/download-artifacts@f1125802b1ccae8c601d7c4f61ce39ea254b10c8
+        uses: bitwarden/gh-actions/download-artifacts@c970b0fb89bd966749280e832928db62040812bf
         with:
           workflow: build.yml
           workflow_conclusion: success
@@ -98,7 +98,7 @@ jobs:
 
       - name: Dry Run - Download latest Release ${{ matrix.name }} asset
         if: ${{ github.event.inputs.release_type == 'Dry Run' }}
-        uses: bitwarden/gh-actions/download-artifacts@f1125802b1ccae8c601d7c4f61ce39ea254b10c8
+        uses: bitwarden/gh-actions/download-artifacts@c970b0fb89bd966749280e832928db62040812bf
         with:
           workflow: build.yml
           workflow_conclusion: success
@@ -274,7 +274,7 @@ jobs:
     steps:
       - name: Download latest Release Docker Stubs
         if: ${{ github.event.inputs.release_type != 'Dry Run' }}
-        uses: bitwarden/gh-actions/download-artifacts@f1125802b1ccae8c601d7c4f61ce39ea254b10c8
+        uses: bitwarden/gh-actions/download-artifacts@c970b0fb89bd966749280e832928db62040812bf
         with:
           workflow: build.yml
           workflow_conclusion: success
@@ -287,7 +287,7 @@ jobs:
 
       - name: Dry Run - Download latest Release Docker Stubs
         if: ${{ github.event.inputs.release_type == 'Dry Run' }}
-        uses: bitwarden/gh-actions/download-artifacts@f1125802b1ccae8c601d7c4f61ce39ea254b10c8
+        uses: bitwarden/gh-actions/download-artifacts@c970b0fb89bd966749280e832928db62040812bf
         with:
           workflow: build.yml
           workflow_conclusion: success

.github/workflows/version-bump.yml

@@ -23,7 +23,7 @@ jobs:
 
       - name: Retrieve secrets
         id: retrieve-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@f1125802b1ccae8c601d7c4f61ce39ea254b10c8
+        uses: bitwarden/gh-actions/get-keyvault-secrets@c970b0fb89bd966749280e832928db62040812bf
         with:
           keyvault: "bitwarden-ci"
           secrets: "github-gpg-private-key, github-gpg-private-key-passphrase"
@@ -40,7 +40,7 @@ jobs:
         run: git switch -c version_bump_${{ github.event.inputs.version_number }}
 
       - name: Bump Version - Props
-        uses: bitwarden/gh-actions/version-bump@f1125802b1ccae8c601d7c4f61ce39ea254b10c8
+        uses: bitwarden/gh-actions/version-bump@c970b0fb89bd966749280e832928db62040812bf
         with:
           version: ${{ github.event.inputs.version_number }}
           file_path: "Directory.Build.props"

.github/workflows/workflow-linter.yml

@@ -8,4 +8,4 @@ on:
 
 jobs:
   call-workflow:
-    uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@f1125802b1ccae8c601d7c4f61ce39ea254b10c8
+    uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@c970b0fb89bd966749280e832928db62040812bf

.gitignore

@@ -225,4 +225,4 @@ src/Identity/Identity.zip
 src/Notifications/Notifications.zip
 bitwarden_license/src/Portal/Portal.zip
 bitwarden_license/src/Sso/Sso.zip
-src/Api/flags.json
+**/src/*/flags.json

bitwarden_license/src/Commercial.Core/SecretsManager/AuthorizationHandlers/AccessPolicies/AccessPolicyAuthorizationHandler.cs

@@ -1,4 +1,5 @@
-using Bit.Core.Context;
+using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.Context;
 using Bit.Core.Enums;
 using Bit.Core.Repositories;
 using Bit.Core.SecretsManager.AuthorizationRequirements;

bitwarden_license/src/Commercial.Core/SecretsManager/AuthorizationHandlers/ServiceAccounts/ServiceAccountAuthorizationHandler.cs

@@ -56,6 +56,9 @@ public class
             case not null when requirement == ServiceAccountOperations.RevokeAccessTokens:
                 await CanRevokeAccessTokensAsync(context, requirement, resource);
                 break;
+            case not null when requirement == ServiceAccountOperations.ReadEvents:
+                await CanReadEventsAsync(context, requirement, resource);
+                break;
             default:
                 throw new ArgumentException("Unsupported operation requirement type provided.",
                     nameof(requirement));
@@ -169,4 +172,19 @@ public class
             context.Succeed(requirement);
         }
     }
+
+    private async Task CanReadEventsAsync(AuthorizationHandlerContext context,
+        ServiceAccountOperationRequirement requirement, ServiceAccount resource)
+    {
+        var (accessClient, userId) =
+            await _accessClientQuery.GetAccessClientAsync(context.User, resource.OrganizationId);
+        var access =
+            await _serviceAccountRepository.AccessToServiceAccountAsync(resource.Id, userId,
+                accessClient);
+
+        if (access.Read)
+        {
+            context.Succeed(requirement);
+        }
+    }
 }

bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs

@@ -1,6 +1,7 @@
-using Bit.Core.Enums;
+using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces;
+using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.Enums;
 using Bit.Core.Exceptions;
-using Bit.Core.OrganizationFeatures.Groups.Interfaces;
 using Bit.Core.Repositories;
 using Bit.Scim.Groups.Interfaces;
 using Bit.Scim.Models;

bitwarden_license/src/Scim/Groups/GetGroupsListQuery.cs

@@ -1,5 +1,5 @@
-using Bit.Core.Entities;
+using Bit.Core.AdminConsole.Entities;
-using Bit.Core.Repositories;
+using Bit.Core.AdminConsole.Repositories;
 using Bit.Scim.Groups.Interfaces;
 
 namespace Bit.Scim.Groups;

bitwarden_license/src/Scim/Groups/Interfaces/IGetGroupsListQuery.cs

@@ -1,4 +1,4 @@
-using Bit.Core.Entities;
+using Bit.Core.AdminConsole.Entities;
 
 namespace Bit.Scim.Groups.Interfaces;
 

bitwarden_license/src/Scim/Groups/Interfaces/IPostGroupCommand.cs

@@ -1,4 +1,5 @@
-using Bit.Core.Entities;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.Entities;
 using Bit.Scim.Models;
 
 namespace Bit.Scim.Groups.Interfaces;

bitwarden_license/src/Scim/Groups/Interfaces/IPutGroupCommand.cs

@@ -1,4 +1,5 @@
-using Bit.Core.Entities;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.Entities;
 using Bit.Scim.Models;
 
 namespace Bit.Scim.Groups.Interfaces;

bitwarden_license/src/Scim/Groups/PatchGroupCommand.cs

@@ -1,10 +1,10 @@
 using System.Text.Json;
+using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces;
+using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.AdminConsole.Services;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
-using Bit.Core.OrganizationFeatures.Groups.Interfaces;
-using Bit.Core.Repositories;
-using Bit.Core.Services;
 using Bit.Scim.Groups.Interfaces;
 using Bit.Scim.Models;
 

bitwarden_license/src/Scim/Groups/PostGroupCommand.cs

@@ -1,8 +1,10 @@
-using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces;
+using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
-using Bit.Core.OrganizationFeatures.Groups.Interfaces;
 using Bit.Core.Repositories;
 using Bit.Scim.Context;
 using Bit.Scim.Groups.Interfaces;

bitwarden_license/src/Scim/Groups/PutGroupCommand.cs

@@ -1,9 +1,10 @@
-using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces;
+using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
-using Bit.Core.OrganizationFeatures.Groups.Interfaces;
-using Bit.Core.Repositories;
 using Bit.Scim.Context;
 using Bit.Scim.Groups.Interfaces;
 using Bit.Scim.Models;

bitwarden_license/src/Scim/Models/ScimGroupRequestModel.cs

@@ -1,4 +1,4 @@
-using Bit.Core.Entities;
+using Bit.Core.AdminConsole.Entities;
 using Bit.Core.Utilities;
 
 namespace Bit.Scim.Models;

bitwarden_license/src/Scim/Models/ScimGroupResponseModel.cs

@@ -1,4 +1,4 @@
-using Bit.Core.Entities;
+using Bit.Core.AdminConsole.Entities;
 
 namespace Bit.Scim.Models;
 

bitwarden_license/test/Commercial.Core.Test/SecretsManager/AuthorizationHandlers/AccessPolicies/AccessPolicyAuthorizationHandlerTests.cs

@@ -2,6 +2,8 @@
 using System.Security.Claims;
 using Bit.Commercial.Core.SecretsManager.AuthorizationHandlers.AccessPolicies;
 using Bit.Commercial.Core.Test.SecretsManager.Enums;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Context;
 using Bit.Core.Entities;
 using Bit.Core.Enums;

bitwarden_license/test/Commercial.Core.Test/SecretsManager/AuthorizationHandlers/ServiceAccounts/ServiceAccountAuthorizationHandlerTests.cs

@@ -497,4 +497,63 @@ public class ServiceAccountAuthorizationHandlerTests
 
         Assert.Equal(expected, authzContext.HasSucceeded);
     }
+
+    [Theory]
+    [BitAutoData]
+    public async Task CanReadEvents_AccessToSecretsManagerFalse_DoesNotSucceed(
+        SutProvider<ServiceAccountAuthorizationHandler> sutProvider, ServiceAccount serviceAccount,
+        ClaimsPrincipal claimsPrincipal)
+    {
+        var requirement = ServiceAccountOperations.ReadEvents;
+        sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(serviceAccount.OrganizationId)
+            .Returns(false);
+        var authzContext = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, serviceAccount);
+
+        await sutProvider.Sut.HandleAsync(authzContext);
+
+        Assert.False(authzContext.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task CanReadEvents_NullResource_DoesNotSucceed(
+        SutProvider<ServiceAccountAuthorizationHandler> sutProvider, ServiceAccount serviceAccount,
+        ClaimsPrincipal claimsPrincipal,
+        Guid userId)
+    {
+        var requirement = ServiceAccountOperations.ReadEvents;
+        SetupPermission(sutProvider, PermissionType.RunAsAdmin, serviceAccount.OrganizationId, userId);
+        var authzContext = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, null);
+
+        await sutProvider.Sut.HandleAsync(authzContext);
+
+        Assert.False(authzContext.HasSucceeded);
+    }
+
+    [Theory]
+    [BitAutoData(PermissionType.RunAsAdmin, true, true, true)]
+    [BitAutoData(PermissionType.RunAsUserWithPermission, false, false, false)]
+    [BitAutoData(PermissionType.RunAsUserWithPermission, false, true, false)]
+    [BitAutoData(PermissionType.RunAsUserWithPermission, true, false, true)]
+    [BitAutoData(PermissionType.RunAsUserWithPermission, true, true, true)]
+    public async Task CanReadEvents_AccessCheck(PermissionType permissionType, bool read, bool write,
+        bool expected,
+        SutProvider<ServiceAccountAuthorizationHandler> sutProvider, ServiceAccount serviceAccount,
+        ClaimsPrincipal claimsPrincipal,
+        Guid userId)
+    {
+        var requirement = ServiceAccountOperations.ReadEvents;
+        SetupPermission(sutProvider, permissionType, serviceAccount.OrganizationId, userId);
+        sutProvider.GetDependency<IServiceAccountRepository>()
+            .AccessToServiceAccountAsync(serviceAccount.Id, userId, Arg.Any<AccessClientType>())
+            .Returns((read, write));
+        var authzContext = new AuthorizationHandlerContext(new List<IAuthorizationRequirement> { requirement },
+            claimsPrincipal, serviceAccount);
+
+        await sutProvider.Sut.HandleAsync(authzContext);
+
+        Assert.Equal(expected, authzContext.HasSucceeded);
+    }
 }

bitwarden_license/test/Scim.Test/Groups/GetGroupsListQueryTests.cs

@@ -1,5 +1,5 @@
-using Bit.Core.Entities;
+using Bit.Core.AdminConsole.Entities;
-using Bit.Core.Repositories;
+using Bit.Core.AdminConsole.Repositories;
 using Bit.Scim.Groups;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;

bitwarden_license/test/Scim.Test/Groups/PatchGroupCommandTests.cs

@@ -1,10 +1,11 @@
 using System.Text.Json;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces;
+using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.AdminConsole.Services;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
-using Bit.Core.OrganizationFeatures.Groups.Interfaces;
-using Bit.Core.Repositories;
-using Bit.Core.Services;
 using Bit.Scim.Groups;
 using Bit.Scim.Models;
 using Bit.Scim.Utilities;

bitwarden_license/test/Scim.Test/Groups/PostGroupCommandTests.cs

@@ -1,9 +1,10 @@
-using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces;
+using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
-using Bit.Core.OrganizationFeatures.Groups.Interfaces;
-using Bit.Core.Repositories;
 using Bit.Scim.Context;
 using Bit.Scim.Groups;
 using Bit.Scim.Models;

bitwarden_license/test/Scim.Test/Groups/PutGroupCommandTests.cs

@@ -1,9 +1,10 @@
-using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces;
+using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
-using Bit.Core.OrganizationFeatures.Groups.Interfaces;
-using Bit.Core.Repositories;
 using Bit.Scim.Context;
 using Bit.Scim.Groups;
 using Bit.Scim.Models;

src/Admin/Controllers/OrganizationsController.cs

@@ -2,6 +2,8 @@
 using Bit.Admin.Models;
 using Bit.Admin.Services;
 using Bit.Admin.Utilities;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Context;
 using Bit.Core.Entities;
 using Bit.Core.Enums;

src/Admin/Models/OrganizationEditModel.cs

@@ -1,4 +1,5 @@
 using System.ComponentModel.DataAnnotations;
+using Bit.Core.AdminConsole.Entities;
 using Bit.Core.Entities;
 using Bit.Core.Entities.Provider;
 using Bit.Core.Enums;

src/Admin/Models/OrganizationViewModel.cs

@@ -1,4 +1,5 @@
-using Bit.Core.Entities;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.Entities;
 using Bit.Core.Entities.Provider;
 using Bit.Core.Enums;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;

src/Api/AdminConsole/Controllers/GroupsController.cs

@@ -1,14 +1,16 @@
-using Bit.Api.Models.Request;
+using Bit.Api.AdminConsole.Models.Request;
+using Bit.Api.AdminConsole.Models.Response;
 using Bit.Api.Models.Response;
+using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces;
+using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.AdminConsole.Services;
 using Bit.Core.Context;
 using Bit.Core.Exceptions;
-using Bit.Core.OrganizationFeatures.Groups.Interfaces;
 using Bit.Core.Repositories;
-using Bit.Core.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
-namespace Bit.Api.Controllers;
+namespace Bit.Api.AdminConsole.Controllers;
 
 [Route("organizations/{orgId}/groups")]
 [Authorize("Application")]

src/Api/AdminConsole/Controllers/OrganizationUsersController.cs

@@ -1,6 +1,8 @@
-using Bit.Api.Models.Request.Organizations;
+using Bit.Api.AdminConsole.Models.Request.Organizations;
+using Bit.Api.AdminConsole.Models.Response.Organizations;
+using Bit.Api.Models.Request.Organizations;
 using Bit.Api.Models.Response;
-using Bit.Api.Models.Response.Organizations;
+using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Context;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
@@ -14,7 +16,7 @@ using Bit.Core.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
-namespace Bit.Api.Controllers;
+namespace Bit.Api.AdminConsole.Controllers;
 
 [Route("organizations/{orgId}/users")]
 [Authorize("Application")]

src/Api/AdminConsole/Controllers/OrganizationsController.cs

@@ -1,4 +1,8 @@
 using System.Text.Json;
+using Bit.Api.AdminConsole.Models.Request;
+using Bit.Api.AdminConsole.Models.Request.Organizations;
+using Bit.Api.AdminConsole.Models.Response;
+using Bit.Api.AdminConsole.Models.Response.Organizations;
 using Bit.Api.Auth.Models.Request.Accounts;
 using Bit.Api.Auth.Models.Request.Organizations;
 using Bit.Api.Auth.Models.Response.Organizations;
@@ -6,7 +10,6 @@ using Bit.Api.Models.Request;
 using Bit.Api.Models.Request.Accounts;
 using Bit.Api.Models.Request.Organizations;
 using Bit.Api.Models.Response;
-using Bit.Api.Models.Response.Organizations;
 using Bit.Core;
 using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Repositories;
@@ -26,7 +29,7 @@ using Bit.Core.Utilities;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
-namespace Bit.Api.Controllers;
+namespace Bit.Api.AdminConsole.Controllers;
 
 [Route("organizations")]
 [Authorize("Application")]

src/Api/AdminConsole/Controllers/PoliciesController.cs

@@ -1,4 +1,4 @@
-using Bit.Api.Models.Request;
+using Bit.Api.AdminConsole.Models.Request;
 using Bit.Api.Models.Response;
 using Bit.Core.Context;
 using Bit.Core.Enums;
@@ -12,7 +12,7 @@ using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Mvc;
 
-namespace Bit.Api.Controllers;
+namespace Bit.Api.AdminConsole.Controllers;
 
 [Route("organizations/{orgId}/policies")]
 [Authorize("Application")]

src/Api/AdminConsole/Controllers/ProviderOrganizationsController.cs

@@ -1,6 +1,6 @@
-using Bit.Api.Models.Request.Providers;
+using Bit.Api.AdminConsole.Models.Request.Providers;
+using Bit.Api.AdminConsole.Models.Response.Providers;
 using Bit.Api.Models.Response;
-using Bit.Api.Models.Response.Providers;
 using Bit.Core.Context;
 using Bit.Core.Exceptions;
 using Bit.Core.Repositories;
@@ -9,7 +9,7 @@ using Bit.Core.Utilities;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
-namespace Bit.Api.Controllers;
+namespace Bit.Api.AdminConsole.Controllers;
 
 [Route("providers/{providerId:guid}/organizations")]
 [Authorize("Application")]

src/Api/AdminConsole/Controllers/ProviderUsersController.cs

@@ -1,6 +1,6 @@
-using Bit.Api.Models.Request.Providers;
+using Bit.Api.AdminConsole.Models.Request.Providers;
+using Bit.Api.AdminConsole.Models.Response.Providers;
 using Bit.Api.Models.Response;
-using Bit.Api.Models.Response.Providers;
 using Bit.Core.Context;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Business.Provider;
@@ -9,7 +9,7 @@ using Bit.Core.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
-namespace Bit.Api.Controllers;
+namespace Bit.Api.AdminConsole.Controllers;
 
 [Route("providers/{providerId:guid}/users")]
 [Authorize("Application")]

src/Api/AdminConsole/Controllers/ProvidersController.cs

@@ -1,5 +1,5 @@
-using Bit.Api.Models.Request.Providers;
+using Bit.Api.AdminConsole.Models.Request.Providers;
-using Bit.Api.Models.Response.Providers;
+using Bit.Api.AdminConsole.Models.Response.Providers;
 using Bit.Core.Context;
 using Bit.Core.Exceptions;
 using Bit.Core.Repositories;
@@ -8,7 +8,7 @@ using Bit.Core.Settings;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
-namespace Bit.Api.Controllers;
+namespace Bit.Api.AdminConsole.Controllers;
 
 [Route("providers")]
 [Authorize("Application")]

src/Api/AdminConsole/Models/Request/GroupRequestModel.cs

@@ -1,7 +1,8 @@
 using System.ComponentModel.DataAnnotations;
-using Bit.Core.Entities;
+using Bit.Api.Models.Request;
+using Bit.Core.AdminConsole.Entities;
 
-namespace Bit.Api.Models.Request;
+namespace Bit.Api.AdminConsole.Models.Request;
 
 public class GroupRequestModel
 {

src/Api/AdminConsole/Models/Request/ImportOrganizationUsersRequestModel.cs

@@ -1,7 +1,8 @@
 using System.ComponentModel.DataAnnotations;
+using Bit.Core.AdminConsole.Models.Business;
 using Bit.Core.Models.Business;
 
-namespace Bit.Api.Models.Request.Organizations;
+namespace Bit.Api.AdminConsole.Models.Request;
 
 public class ImportOrganizationUsersRequestModel
 {
@@ -24,7 +25,7 @@ public class ImportOrganizationUsersRequestModel
         {
             var importedGroup = new ImportedGroup
             {
-                Group = new Core.Entities.Group
+                Group = new Core.AdminConsole.Entities.Group
                 {
                     OrganizationId = organizationId,
                     Name = Name,

src/Api/AdminConsole/Models/Request/Organizations/OrganizationApiKeyRequestModel.cs

@@ -1,7 +1,7 @@
 using Bit.Api.Auth.Models.Request.Accounts;
 using Bit.Core.Enums;
 
-namespace Bit.Api.Models.Request.Accounts;
+namespace Bit.Api.AdminConsole.Models.Request.Organizations;
 
 public class OrganizationApiKeyRequestModel : SecretVerificationRequestModel
 {

src/Api/AdminConsole/Models/Request/Organizations/OrganizationCreateRequestModel.cs

@@ -4,7 +4,7 @@ using Bit.Core.Enums;
 using Bit.Core.Models.Business;
 using Bit.Core.Utilities;
 
-namespace Bit.Api.Models.Request.Organizations;
+namespace Bit.Api.AdminConsole.Models.Request.Organizations;
 
 public class OrganizationCreateRequestModel : IValidatableObject
 {

src/Api/AdminConsole/Models/Request/Organizations/OrganizationKeysRequestModel.cs

@@ -2,7 +2,7 @@
 using Bit.Core.Entities;
 using Bit.Core.Models.Business;
 
-namespace Bit.Api.Models.Request.Organizations;
+namespace Bit.Api.AdminConsole.Models.Request.Organizations;
 
 public class OrganizationKeysRequestModel
 {

src/Api/AdminConsole/Models/Request/Organizations/OrganizationSeatRequestModel.cs

@@ -1,6 +1,6 @@
 using System.ComponentModel.DataAnnotations;
 
-namespace Bit.Api.Models.Request.Organizations;
+namespace Bit.Api.AdminConsole.Models.Request.Organizations;
 
 public class OrganizationSeatRequestModel : IValidatableObject
 {

src/Api/AdminConsole/Models/Request/Organizations/OrganizationUpdateRequestModel.cs

@@ -3,7 +3,7 @@ using Bit.Core.Entities;
 using Bit.Core.Models.Data;
 using Bit.Core.Settings;
 
-namespace Bit.Api.Models.Request.Organizations;
+namespace Bit.Api.AdminConsole.Models.Request.Organizations;
 
 public class OrganizationUpdateRequestModel
 {

src/Api/AdminConsole/Models/Request/Organizations/OrganizationUpgradeRequestModel.cs

@@ -2,7 +2,7 @@
 using Bit.Core.Enums;
 using Bit.Core.Models.Business;
 
-namespace Bit.Api.Models.Request.Organizations;
+namespace Bit.Api.AdminConsole.Models.Request.Organizations;
 
 public class OrganizationUpgradeRequestModel
 {

src/Api/AdminConsole/Models/Request/Organizations/OrganizationUserRequestModels.cs

@@ -1,11 +1,12 @@
 using System.ComponentModel.DataAnnotations;
+using Bit.Api.Models.Request;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Models.Data;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Utilities;
 
-namespace Bit.Api.Models.Request.Organizations;
+namespace Bit.Api.AdminConsole.Models.Request.Organizations;
 
 public class OrganizationUserInviteRequestModel
 {

src/Api/AdminConsole/Models/Request/PolicyRequestModel.cs

@@ -3,7 +3,7 @@ using System.Text.Json;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 
-namespace Bit.Api.Models.Request;
+namespace Bit.Api.AdminConsole.Models.Request;
 
 public class PolicyRequestModel
 {

src/Api/AdminConsole/Models/Request/Providers/ProviderOrganizationAddRequestModel.cs

@@ -1,6 +1,6 @@
 using System.ComponentModel.DataAnnotations;
 
-namespace Bit.Api.Models.Request.Providers;
+namespace Bit.Api.AdminConsole.Models.Request.Providers;
 
 public class ProviderOrganizationAddRequestModel
 {

src/Api/AdminConsole/Models/Request/Providers/ProviderOrganizationCreateRequestModel.cs

@@ -1,8 +1,8 @@
 using System.ComponentModel.DataAnnotations;
-using Bit.Api.Models.Request.Organizations;
+using Bit.Api.AdminConsole.Models.Request.Organizations;
 using Bit.Core.Utilities;
 
-namespace Bit.Api.Models.Request.Providers;
+namespace Bit.Api.AdminConsole.Models.Request.Providers;
 
 public class ProviderOrganizationCreateRequestModel
 {

src/Api/AdminConsole/Models/Request/Providers/ProviderSetupRequestModel.cs

@@ -1,7 +1,7 @@
 using System.ComponentModel.DataAnnotations;
 using Bit.Core.Entities.Provider;
 
-namespace Bit.Api.Models.Request.Providers;
+namespace Bit.Api.AdminConsole.Models.Request.Providers;
 
 public class ProviderSetupRequestModel
 {

src/Api/AdminConsole/Models/Request/Providers/ProviderUpdateRequestModel.cs

@@ -2,7 +2,7 @@
 using Bit.Core.Entities.Provider;
 using Bit.Core.Settings;
 
-namespace Bit.Api.Models.Request.Providers;
+namespace Bit.Api.AdminConsole.Models.Request.Providers;
 
 public class ProviderUpdateRequestModel
 {

src/Api/AdminConsole/Models/Request/Providers/ProviderUserRequestModels.cs

@@ -3,7 +3,7 @@ using Bit.Core.Entities.Provider;
 using Bit.Core.Enums.Provider;
 using Bit.Core.Utilities;
 
-namespace Bit.Api.Models.Request.Providers;
+namespace Bit.Api.AdminConsole.Models.Request.Providers;
 
 public class ProviderUserInviteRequestModel
 {

src/Api/AdminConsole/Models/Response/GroupResponseModel.cs

@@ -1,8 +1,9 @@
-using Bit.Core.Entities;
+using Bit.Api.Models.Response;
+using Bit.Core.AdminConsole.Entities;
 using Bit.Core.Models.Api;
 using Bit.Core.Models.Data;
 
-namespace Bit.Api.Models.Response;
+namespace Bit.Api.AdminConsole.Models.Response;
 
 public class GroupResponseModel : ResponseModel
 {

src/Api/AdminConsole/Models/Response/Organizations/OrganizationApiKeyInformationResponseModel.cs

@@ -2,7 +2,7 @@
 using Bit.Core.Enums;
 using Bit.Core.Models.Api;
 
-namespace Bit.Api.Models.Response.Organizations;
+namespace Bit.Api.AdminConsole.Models.Response.Organizations;
 
 public class OrganizationApiKeyInformation : ResponseModel
 {

src/Api/AdminConsole/Models/Response/Organizations/OrganizationAutoEnrollStatusResponseModel.cs

@@ -1,6 +1,6 @@
 using Bit.Core.Models.Api;
 
-namespace Bit.Api.Models.Response.Organizations;
+namespace Bit.Api.AdminConsole.Models.Response.Organizations;
 
 public class OrganizationAutoEnrollStatusResponseModel : ResponseModel
 {

src/Api/AdminConsole/Models/Response/Organizations/OrganizationKeysResponseModel.cs

@@ -1,7 +1,7 @@
 using Bit.Core.Entities;
 using Bit.Core.Models.Api;
 
-namespace Bit.Api.Models.Response.Organizations;
+namespace Bit.Api.AdminConsole.Models.Response.Organizations;
 
 public class OrganizationKeysResponseModel : ResponseModel
 {

src/Api/AdminConsole/Models/Response/Organizations/OrganizationPublicKeyResponseModel.cs

@@ -1,7 +1,7 @@
 using Bit.Core.Entities;
 using Bit.Core.Models.Api;
 
-namespace Bit.Api.Models.Response.Organizations;
+namespace Bit.Api.AdminConsole.Models.Response.Organizations;
 
 public class OrganizationPublicKeyResponseModel : ResponseModel
 {

src/Api/AdminConsole/Models/Response/Organizations/OrganizationResponseModel.cs

@@ -1,11 +1,12 @@
-using Bit.Core.Entities;
+using Bit.Api.Models.Response;
+using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Models.Api;
 using Bit.Core.Models.Business;
 using Bit.Core.Utilities;
 using Constants = Bit.Core.Constants;
 
-namespace Bit.Api.Models.Response.Organizations;
+namespace Bit.Api.AdminConsole.Models.Response.Organizations;
 
 public class OrganizationResponseModel : ResponseModel
 {

src/Api/AdminConsole/Models/Response/Organizations/OrganizationUserResponseModel.cs

@@ -1,4 +1,5 @@
 using System.Text.Json.Serialization;
+using Bit.Api.Models.Response;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Models.Api;
@@ -6,7 +7,7 @@ using Bit.Core.Models.Data;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Utilities;
 
-namespace Bit.Api.Models.Response.Organizations;
+namespace Bit.Api.AdminConsole.Models.Response.Organizations;
 
 public class OrganizationUserResponseModel : ResponseModel
 {

src/Api/AdminConsole/Models/Response/ProfileOrganizationResponseModel.cs

@@ -7,7 +7,7 @@ using Bit.Core.Models.Data;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Utilities;
 
-namespace Bit.Api.Models.Response;
+namespace Bit.Api.AdminConsole.Models.Response;
 
 public class ProfileOrganizationResponseModel : ResponseModel
 {

src/Api/AdminConsole/Models/Response/ProfileProviderOrganizationResponseModel.cs

@@ -2,7 +2,7 @@
 using Bit.Core.Models.Data;
 using Bit.Core.Utilities;
 
-namespace Bit.Api.Models.Response;
+namespace Bit.Api.AdminConsole.Models.Response;
 
 public class ProfileProviderOrganizationResponseModel : ProfileOrganizationResponseModel
 {

src/Api/AdminConsole/Models/Response/Providers/ProfileProviderResponseModel.cs

@@ -3,7 +3,7 @@ using Bit.Core.Models.Api;
 using Bit.Core.Models.Data;
 using Bit.Core.Utilities;
 
-namespace Bit.Api.Models.Response.Providers;
+namespace Bit.Api.AdminConsole.Models.Response.Providers;
 
 public class ProfileProviderResponseModel : ResponseModel
 {

src/Api/AdminConsole/Models/Response/Providers/ProviderOrganizationResponseModel.cs

@@ -2,7 +2,7 @@
 using Bit.Core.Models.Api;
 using Bit.Core.Models.Data;
 
-namespace Bit.Api.Models.Response.Providers;
+namespace Bit.Api.AdminConsole.Models.Response.Providers;
 
 public class ProviderOrganizationResponseModel : ResponseModel
 {

src/Api/AdminConsole/Models/Response/Providers/ProviderResponseModel.cs

@@ -1,7 +1,7 @@
 using Bit.Core.Entities.Provider;
 using Bit.Core.Models.Api;
 
-namespace Bit.Api.Models.Response.Providers;
+namespace Bit.Api.AdminConsole.Models.Response.Providers;
 
 public class ProviderResponseModel : ResponseModel
 {

src/Api/AdminConsole/Models/Response/Providers/ProviderUserResponseModel.cs

@@ -4,7 +4,7 @@ using Bit.Core.Models.Api;
 using Bit.Core.Models.Data;
 using Bit.Core.Utilities;
 
-namespace Bit.Api.Models.Response.Providers;
+namespace Bit.Api.AdminConsole.Models.Response.Providers;
 
 public class ProviderUserResponseModel : ResponseModel
 {

src/Api/AdminConsole/Public/Controllers/GroupsController.cs

@@ -1,13 +1,15 @@
 using System.Net;
-using Bit.Api.Models.Public.Request;
+using Bit.Api.AdminConsole.Public.Models.Request;
+using Bit.Api.AdminConsole.Public.Models.Response;
 using Bit.Api.Models.Public.Response;
+using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces;
+using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Context;
-using Bit.Core.OrganizationFeatures.Groups.Interfaces;
 using Bit.Core.Repositories;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
-namespace Bit.Api.Public.Controllers;
+namespace Bit.Api.AdminConsole.Public.Controllers;
 
 [Route("public/groups")]
 [Authorize("Organization")]

src/Api/AdminConsole/Public/Controllers/MembersController.cs

@@ -1,6 +1,8 @@
 using System.Net;
-using Bit.Api.Models.Public.Request;
+using Bit.Api.AdminConsole.Public.Models.Request;
+using Bit.Api.AdminConsole.Public.Models.Response;
 using Bit.Api.Models.Public.Response;
+using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Context;
 using Bit.Core.Models.Business;
 using Bit.Core.OrganizationFeatures.OrganizationUsers.Interfaces;
@@ -9,7 +11,7 @@ using Bit.Core.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
-namespace Bit.Api.Public.Controllers;
+namespace Bit.Api.AdminConsole.Public.Controllers;
 
 [Route("public/members")]
 [Authorize("Organization")]

src/Api/AdminConsole/Public/Controllers/OrganizationController.cs

@@ -1,5 +1,6 @@
 using System.Net;
-using Bit.Api.Models.Public.Request;
+using Bit.Api.AdminConsole.Public.Models.Request;
+using Bit.Api.AdminConsole.Public.Models.Response;
 using Bit.Api.Models.Public.Response;
 using Bit.Core.Context;
 using Bit.Core.Exceptions;
@@ -8,7 +9,7 @@ using Bit.Core.Settings;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
-namespace Bit.Api.Public.Controllers;
+namespace Bit.Api.AdminConsole.Public.Controllers;
 
 [Route("public/organization")]
 [Authorize("Organization")]

src/Api/AdminConsole/Public/Controllers/PoliciesController.cs

@@ -1,5 +1,6 @@
 using System.Net;
-using Bit.Api.Models.Public.Request;
+using Bit.Api.AdminConsole.Public.Models.Request;
+using Bit.Api.AdminConsole.Public.Models.Response;
 using Bit.Api.Models.Public.Response;
 using Bit.Core.Context;
 using Bit.Core.Enums;
@@ -8,7 +9,7 @@ using Bit.Core.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
-namespace Bit.Api.Public.Controllers;
+namespace Bit.Api.AdminConsole.Public.Controllers;
 
 [Route("public/policies")]
 [Authorize("Organization")]

src/Api/AdminConsole/Public/Models/GroupBaseModel.cs

@@ -1,6 +1,6 @@
 using System.ComponentModel.DataAnnotations;
 
-namespace Bit.Api.Models.Public;
+namespace Bit.Api.AdminConsole.Public.Models;
 
 public abstract class GroupBaseModel
 {

src/Api/AdminConsole/Public/Models/MemberBaseModel.cs

@@ -3,7 +3,7 @@ using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 
-namespace Bit.Api.Models.Public;
+namespace Bit.Api.AdminConsole.Public.Models;
 
 public abstract class MemberBaseModel
 {

src/Api/AdminConsole/Public/Models/PolicyBaseModel.cs

@@ -1,6 +1,6 @@
 using System.ComponentModel.DataAnnotations;
 
-namespace Bit.Api.Models.Public;
+namespace Bit.Api.AdminConsole.Public.Models;
 
 public abstract class PolicyBaseModel
 {

src/Api/AdminConsole/Public/Models/Request/GroupCreateUpdateRequestModel.cs

@@ -1,7 +1,7 @@
 using Bit.Api.Auth.Models.Public.Request;
-using Bit.Core.Entities;
+using Bit.Core.AdminConsole.Entities;
 
-namespace Bit.Api.Models.Public.Request;
+namespace Bit.Api.AdminConsole.Public.Models.Request;
 
 public class GroupCreateUpdateRequestModel : GroupBaseModel
 {

src/Api/AdminConsole/Public/Models/Request/MemberCreateRequestModel.cs

@@ -2,7 +2,7 @@
 using Bit.Core.Entities;
 using Bit.Core.Utilities;
 
-namespace Bit.Api.Models.Public.Request;
+namespace Bit.Api.AdminConsole.Public.Models.Request;
 
 public class MemberCreateRequestModel : MemberUpdateRequestModel
 {

src/Api/AdminConsole/Public/Models/Request/MemberUpdateRequestModel.cs

@@ -1,7 +1,7 @@
 using Bit.Api.Auth.Models.Public.Request;
 using Bit.Core.Entities;
 
-namespace Bit.Api.Models.Public.Request;
+namespace Bit.Api.AdminConsole.Public.Models.Request;
 
 public class MemberUpdateRequestModel : MemberBaseModel
 {

src/Api/AdminConsole/Public/Models/Request/OrganizationImportRequestModel.cs

@@ -1,10 +1,11 @@
 using System.ComponentModel.DataAnnotations;
 using System.Text.Json.Serialization;
-using Bit.Core.Entities;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Models.Business;
 using Bit.Core.Models.Business;
 using Bit.Core.Utilities;
 
-namespace Bit.Api.Models.Public.Request;
+namespace Bit.Api.AdminConsole.Public.Models.Request;
 
 public class OrganizationImportRequestModel
 {

src/Api/AdminConsole/Public/Models/Request/PolicyUpdateRequestModel.cs

@@ -1,7 +1,7 @@
 using System.Text.Json;
 using Bit.Core.Entities;
 
-namespace Bit.Api.Models.Public.Request;
+namespace Bit.Api.AdminConsole.Public.Models.Request;
 
 public class PolicyUpdateRequestModel : PolicyBaseModel
 {

src/Api/AdminConsole/Public/Models/Request/UpdateGroupIdsRequestModel.cs

@@ -1,4 +1,4 @@
-namespace Bit.Api.Models.Public.Request;
+namespace Bit.Api.AdminConsole.Public.Models.Request;
 
 public class UpdateGroupIdsRequestModel
 {

src/Api/AdminConsole/Public/Models/Request/UpdateMemberIdsRequestModel.cs

@@ -1,4 +1,4 @@
-namespace Bit.Api.Models.Public.Request;
+namespace Bit.Api.AdminConsole.Public.Models.Request;
 
 public class UpdateMemberIdsRequestModel
 {

src/Api/AdminConsole/Public/Models/Response/GroupResponseModel.cs

@@ -1,9 +1,10 @@
 using System.ComponentModel.DataAnnotations;
 using Bit.Api.Auth.Models.Public.Response;
-using Bit.Core.Entities;
+using Bit.Api.Models.Public.Response;
+using Bit.Core.AdminConsole.Entities;
 using Bit.Core.Models.Data;
 
-namespace Bit.Api.Models.Public.Response;
+namespace Bit.Api.AdminConsole.Public.Models.Response;
 
 /// <summary>
 /// A user group.

src/Api/AdminConsole/Public/Models/Response/MemberResponseModel.cs

@@ -1,11 +1,12 @@
 using System.ComponentModel.DataAnnotations;
 using Bit.Api.Auth.Models.Public.Response;
+using Bit.Api.Models.Public.Response;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Models.Data;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 
-namespace Bit.Api.Models.Public.Response;
+namespace Bit.Api.AdminConsole.Public.Models.Response;
 
 /// <summary>
 /// An organization member.

src/Api/AdminConsole/Public/Models/Response/PolicyResponseModel.cs

@@ -1,9 +1,10 @@
 using System.ComponentModel.DataAnnotations;
 using System.Text.Json;
+using Bit.Api.Models.Public.Response;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 
-namespace Bit.Api.Models.Public.Response;
+namespace Bit.Api.AdminConsole.Public.Models.Response;
 
 /// <summary>
 /// A policy.

src/Api/Auth/Controllers/EmergencyAccessController.cs

@@ -1,6 +1,6 @@
-using Bit.Api.Auth.Models.Request;
+using Bit.Api.AdminConsole.Models.Request.Organizations;
+using Bit.Api.Auth.Models.Request;
 using Bit.Api.Auth.Models.Response;
-using Bit.Api.Models.Request.Organizations;
 using Bit.Api.Models.Response;
 using Bit.Api.Vault.Models.Response;
 using Bit.Core.Auth.Services;

src/Api/Controllers/AccountsController.cs

@@ -1,4 +1,5 @@
-using Bit.Api.Auth.Models.Request.Accounts;
+using Bit.Api.AdminConsole.Models.Response;
+using Bit.Api.Auth.Models.Request.Accounts;
 using Bit.Api.Models.Request;
 using Bit.Api.Models.Request.Accounts;
 using Bit.Api.Models.Response;

src/Api/Controllers/EventsController.cs

@@ -1,4 +1,5 @@
 using Bit.Api.Models.Response;
+using Bit.Api.Utilities;
 using Bit.Core.Context;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Data;
@@ -41,7 +42,7 @@ public class EventsController : Controller
     public async Task<ListResponseModel<EventResponseModel>> GetUser(
         [FromQuery] DateTime? start = null, [FromQuery] DateTime? end = null, [FromQuery] string continuationToken = null)
     {
-        var dateRange = GetDateRange(start, end);
+        var dateRange = ApiHelpers.GetDateRange(start, end);
         var userId = _userService.GetProperUserId(User).Value;
         var result = await _eventRepository.GetManyByUserAsync(userId, dateRange.Item1, dateRange.Item2,
             new PageOptions { ContinuationToken = continuationToken });
@@ -75,7 +76,7 @@ public class EventsController : Controller
             throw new NotFoundException();
         }
 
-        var dateRange = GetDateRange(start, end);
+        var dateRange = ApiHelpers.GetDateRange(start, end);
         var result = await _eventRepository.GetManyByCipherAsync(cipher, dateRange.Item1, dateRange.Item2,
             new PageOptions { ContinuationToken = continuationToken });
         var responses = result.Data.Select(e => new EventResponseModel(e));
@@ -92,7 +93,7 @@ public class EventsController : Controller
             throw new NotFoundException();
         }
 
-        var dateRange = GetDateRange(start, end);
+        var dateRange = ApiHelpers.GetDateRange(start, end);
         var result = await _eventRepository.GetManyByOrganizationAsync(orgId, dateRange.Item1, dateRange.Item2,
             new PageOptions { ContinuationToken = continuationToken });
         var responses = result.Data.Select(e => new EventResponseModel(e));
@@ -110,7 +111,7 @@ public class EventsController : Controller
             throw new NotFoundException();
         }
 
-        var dateRange = GetDateRange(start, end);
+        var dateRange = ApiHelpers.GetDateRange(start, end);
         var result = await _eventRepository.GetManyByOrganizationActingUserAsync(organizationUser.OrganizationId,
             organizationUser.UserId.Value, dateRange.Item1, dateRange.Item2,
             new PageOptions { ContinuationToken = continuationToken });
@@ -127,7 +128,7 @@ public class EventsController : Controller
             throw new NotFoundException();
         }
 
-        var dateRange = GetDateRange(start, end);
+        var dateRange = ApiHelpers.GetDateRange(start, end);
         var result = await _eventRepository.GetManyByProviderAsync(providerId, dateRange.Item1, dateRange.Item2,
             new PageOptions { ContinuationToken = continuationToken });
         var responses = result.Data.Select(e => new EventResponseModel(e));
@@ -145,33 +146,11 @@ public class EventsController : Controller
             throw new NotFoundException();
         }
 
-        var dateRange = GetDateRange(start, end);
+        var dateRange = ApiHelpers.GetDateRange(start, end);
         var result = await _eventRepository.GetManyByProviderActingUserAsync(providerUser.ProviderId,
             providerUser.UserId.Value, dateRange.Item1, dateRange.Item2,
             new PageOptions { ContinuationToken = continuationToken });
         var responses = result.Data.Select(e => new EventResponseModel(e));
         return new ListResponseModel<EventResponseModel>(responses, result.ContinuationToken);
     }
-
-    private Tuple<DateTime, DateTime> GetDateRange(DateTime? start, DateTime? end)
-    {
-        if (!end.HasValue || !start.HasValue)
-        {
-            end = DateTime.UtcNow.Date.AddDays(1).AddMilliseconds(-1);
-            start = DateTime.UtcNow.Date.AddDays(-30);
-        }
-        else if (start.Value > end.Value)
-        {
-            var newEnd = start;
-            start = end;
-            end = newEnd;
-        }
-
-        if ((end.Value - start.Value) > TimeSpan.FromDays(367))
-        {
-            throw new BadRequestException("Range too large.");
-        }
-
-        return new Tuple<DateTime, DateTime>(start.Value, end.Value);
-    }
 }

src/Api/Controllers/OrganizationConnectionsController.cs

@@ -78,7 +78,12 @@ public class OrganizationConnectionsController : Controller
     [HttpPut("{organizationConnectionId}")]
     public async Task<OrganizationConnectionResponseModel> UpdateConnection(Guid organizationConnectionId, [FromBody] OrganizationConnectionRequestModel model)
     {
-        var existingOrganizationConnection = await _organizationConnectionRepository.GetByIdAsync(organizationConnectionId);
+        if (model == null)
+        {
+            throw new NotFoundException();
+        }
+
+        var existingOrganizationConnection = await _organizationConnectionRepository.GetByIdOrganizationIdAsync(organizationConnectionId, model.OrganizationId);
         if (existingOrganizationConnection == null)
         {
             throw new NotFoundException();

src/Api/Controllers/OrganizationDomainController.cs

@@ -19,7 +19,7 @@ public class OrganizationDomainController : Controller
     private readonly ICreateOrganizationDomainCommand _createOrganizationDomainCommand;
     private readonly IVerifyOrganizationDomainCommand _verifyOrganizationDomainCommand;
     private readonly IDeleteOrganizationDomainCommand _deleteOrganizationDomainCommand;
-    private readonly IGetOrganizationDomainByIdQuery _getOrganizationDomainByIdQuery;
+    private readonly IGetOrganizationDomainByIdOrganizationIdQuery _getOrganizationDomainByIdAndOrganizationIdQuery;
     private readonly IGetOrganizationDomainByOrganizationIdQuery _getOrganizationDomainByOrganizationIdQuery;
     private readonly ICurrentContext _currentContext;
     private readonly IOrganizationRepository _organizationRepository;
@@ -29,7 +29,7 @@ public class OrganizationDomainController : Controller
         ICreateOrganizationDomainCommand createOrganizationDomainCommand,
         IVerifyOrganizationDomainCommand verifyOrganizationDomainCommand,
         IDeleteOrganizationDomainCommand deleteOrganizationDomainCommand,
-        IGetOrganizationDomainByIdQuery getOrganizationDomainByIdQuery,
+        IGetOrganizationDomainByIdOrganizationIdQuery getOrganizationDomainByIdAndOrganizationIdQuery,
         IGetOrganizationDomainByOrganizationIdQuery getOrganizationDomainByOrganizationIdQuery,
         ICurrentContext currentContext,
         IOrganizationRepository organizationRepository,
@@ -38,7 +38,7 @@ public class OrganizationDomainController : Controller
         _createOrganizationDomainCommand = createOrganizationDomainCommand;
         _verifyOrganizationDomainCommand = verifyOrganizationDomainCommand;
         _deleteOrganizationDomainCommand = deleteOrganizationDomainCommand;
-        _getOrganizationDomainByIdQuery = getOrganizationDomainByIdQuery;
+        _getOrganizationDomainByIdAndOrganizationIdQuery = getOrganizationDomainByIdAndOrganizationIdQuery;
         _getOrganizationDomainByOrganizationIdQuery = getOrganizationDomainByOrganizationIdQuery;
         _currentContext = currentContext;
         _organizationRepository = organizationRepository;
@@ -46,71 +46,78 @@ public class OrganizationDomainController : Controller
     }
 
     [HttpGet("{orgId}/domain")]
-    public async Task<ListResponseModel<OrganizationDomainResponseModel>> Get(string orgId)
+    public async Task<ListResponseModel<OrganizationDomainResponseModel>> Get(Guid orgId)
     {
-        var orgIdGuid = new Guid(orgId);
+        await ValidateOrganizationAccessAsync(orgId);
-        await ValidateOrganizationAccessAsync(orgIdGuid);
 
         var domains = await _getOrganizationDomainByOrganizationIdQuery
-            .GetDomainsByOrganizationId(orgIdGuid);
+            .GetDomainsByOrganizationIdAsync(orgId);
         var response = domains.Select(x => new OrganizationDomainResponseModel(x)).ToList();
         return new ListResponseModel<OrganizationDomainResponseModel>(response);
     }
 
     [HttpGet("{orgId}/domain/{id}")]
-    public async Task<OrganizationDomainResponseModel> Get(string orgId, string id)
+    public async Task<OrganizationDomainResponseModel> Get(Guid orgId, Guid id)
     {
-        var orgIdGuid = new Guid(orgId);
+        await ValidateOrganizationAccessAsync(orgId);
-        var IdGuid = new Guid(id);
-        await ValidateOrganizationAccessAsync(orgIdGuid);
 
-        var domain = await _getOrganizationDomainByIdQuery.GetOrganizationDomainById(IdGuid);
+        var organizationDomain = await _getOrganizationDomainByIdAndOrganizationIdQuery
+            .GetOrganizationDomainByIdOrganizationIdAsync(id, orgId);
+        if (organizationDomain is null)
+        {
+            throw new NotFoundException();
+        }
+
+        return new OrganizationDomainResponseModel(organizationDomain);
+    }
+
+    [HttpPost("{orgId}/domain")]
+    public async Task<OrganizationDomainResponseModel> Post(Guid orgId,
+        [FromBody] OrganizationDomainRequestModel model)
+    {
+        await ValidateOrganizationAccessAsync(orgId);
+
+        var organizationDomain = new OrganizationDomain
+        {
+            OrganizationId = orgId,
+            Txt = model.Txt,
+            DomainName = model.DomainName.ToLower()
+        };
+
+        organizationDomain = await _createOrganizationDomainCommand.CreateAsync(organizationDomain);
+
+        return new OrganizationDomainResponseModel(organizationDomain);
+    }
+
+    [HttpPost("{orgId}/domain/{id}/verify")]
+    public async Task<OrganizationDomainResponseModel> Verify(Guid orgId, Guid id)
+    {
+        await ValidateOrganizationAccessAsync(orgId);
+
+        var organizationDomain = await _organizationDomainRepository.GetDomainByIdOrganizationIdAsync(id, orgId);
+        if (organizationDomain is null)
+        {
+            throw new NotFoundException();
+        }
+
+        organizationDomain = await _verifyOrganizationDomainCommand.VerifyOrganizationDomainAsync(organizationDomain);
+
+        return new OrganizationDomainResponseModel(organizationDomain);
+    }
+
+    [HttpDelete("{orgId}/domain/{id}")]
+    [HttpPost("{orgId}/domain/{id}/remove")]
+    public async Task RemoveDomain(Guid orgId, Guid id)
+    {
+        await ValidateOrganizationAccessAsync(orgId);
+
+        var domain = await _organizationDomainRepository.GetDomainByIdOrganizationIdAsync(id, orgId);
         if (domain is null)
         {
             throw new NotFoundException();
         }
 
-        return new OrganizationDomainResponseModel(domain);
+        await _deleteOrganizationDomainCommand.DeleteAsync(domain);
-    }
-
-    [HttpPost("{orgId}/domain")]
-    public async Task<OrganizationDomainResponseModel> Post(string orgId,
-        [FromBody] OrganizationDomainRequestModel model)
-    {
-        var orgIdGuid = new Guid(orgId);
-        await ValidateOrganizationAccessAsync(orgIdGuid);
-
-        var organizationDomain = new OrganizationDomain
-        {
-            OrganizationId = orgIdGuid,
-            Txt = model.Txt,
-            DomainName = model.DomainName.ToLower()
-        };
-
-        var domain = await _createOrganizationDomainCommand.CreateAsync(organizationDomain);
-        return new OrganizationDomainResponseModel(domain);
-    }
-
-    [HttpPost("{orgId}/domain/{id}/verify")]
-    public async Task<OrganizationDomainResponseModel> Verify(string orgId, string id)
-    {
-        var orgIdGuid = new Guid(orgId);
-        var idGuid = new Guid(id);
-        await ValidateOrganizationAccessAsync(orgIdGuid);
-
-        var domain = await _verifyOrganizationDomainCommand.VerifyOrganizationDomain(idGuid);
-        return new OrganizationDomainResponseModel(domain);
-    }
-
-    [HttpDelete("{orgId}/domain/{id}")]
-    [HttpPost("{orgId}/domain/{id}/remove")]
-    public async Task RemoveDomain(string orgId, string id)
-    {
-        var orgIdGuid = new Guid(orgId);
-        var idGuid = new Guid(id);
-        await ValidateOrganizationAccessAsync(orgIdGuid);
-
-        await _deleteOrganizationDomainCommand.DeleteAsync(idGuid);
     }
 
     [AllowAnonymous]

src/Api/Controllers/SelfHosted/SelfHostedOrganizationLicensesController.cs

@@ -1,6 +1,6 @@
-using Bit.Api.Models.Request;
+using Bit.Api.AdminConsole.Models.Response.Organizations;
+using Bit.Api.Models.Request;
 using Bit.Api.Models.Request.Organizations;
-using Bit.Api.Models.Response.Organizations;
 using Bit.Api.Utilities;
 using Bit.Core.Context;
 using Bit.Core.Enums;

src/Api/Models/Request/Organizations/OrganizationCreateLicenseRequestModel.cs

@@ -1,4 +1,5 @@
 using System.ComponentModel.DataAnnotations;
+using Bit.Api.AdminConsole.Models.Request.Organizations;
 using Bit.Core.Utilities;
 
 namespace Bit.Api.Models.Request.Organizations;

src/Api/Models/Response/ProfileResponseModel.cs

@@ -1,4 +1,5 @@
-using Bit.Api.Models.Response.Providers;
+using Bit.Api.AdminConsole.Models.Response;
+using Bit.Api.AdminConsole.Models.Response.Providers;
 using Bit.Core.Entities;
 using Bit.Core.Models.Api;
 using Bit.Core.Models.Data;

src/Api/SecretsManager/Controllers/AccessPoliciesController.cs

@@ -1,6 +1,7 @@
 using Bit.Api.Models.Response;
 using Bit.Api.SecretsManager.Models.Request;
 using Bit.Api.SecretsManager.Models.Response;
+using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Context;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;

src/Api/SecretsManager/Controllers/SecretsManagerEventsController.cs

@@ -0,0 +1,52 @@
+using Bit.Api.Models.Response;
+using Bit.Api.Utilities;
+using Bit.Core.Exceptions;
+using Bit.Core.Models.Data;
+using Bit.Core.Repositories;
+using Bit.Core.SecretsManager.AuthorizationRequirements;
+using Bit.Core.SecretsManager.Repositories;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Bit.Api.SecretsManager.Controllers;
+
+[Authorize("secrets")]
+public class SecretsManagerEventsController : Controller
+{
+    private readonly IAuthorizationService _authorizationService;
+    private readonly IEventRepository _eventRepository;
+    private readonly IServiceAccountRepository _serviceAccountRepository;
+
+    public SecretsManagerEventsController(
+        IEventRepository eventRepository,
+        IServiceAccountRepository serviceAccountRepository,
+        IAuthorizationService authorizationService)
+    {
+        _authorizationService = authorizationService;
+        _serviceAccountRepository = serviceAccountRepository;
+        _eventRepository = eventRepository;
+    }
+
+    [HttpGet("sm/events/service-accounts/{serviceAccountId}")]
+    public async Task<ListResponseModel<EventResponseModel>> GetServiceAccountEventsAsync(Guid serviceAccountId,
+        [FromQuery] DateTime? start = null, [FromQuery] DateTime? end = null,
+        [FromQuery] string continuationToken = null)
+    {
+        var serviceAccount = await _serviceAccountRepository.GetByIdAsync(serviceAccountId);
+        var authorizationResult =
+            await _authorizationService.AuthorizeAsync(User, serviceAccount, ServiceAccountOperations.ReadEvents);
+
+        if (!authorizationResult.Succeeded)
+        {
+            throw new NotFoundException();
+        }
+
+        var dateRange = ApiHelpers.GetDateRange(start, end);
+
+        var result = await _eventRepository.GetManyByOrganizationServiceAccountAsync(serviceAccount.OrganizationId,
+            serviceAccount.Id, dateRange.Item1, dateRange.Item2,
+            new PageOptions { ContinuationToken = continuationToken });
+        var responses = result.Data.Select(e => new EventResponseModel(e));
+        return new ListResponseModel<EventResponseModel>(responses, result.ContinuationToken);
+    }
+}

src/Api/SecretsManager/Models/Response/PotentialGranteeResponseModel.cs

@@ -1,4 +1,4 @@
-using Bit.Core.Entities;
+using Bit.Core.AdminConsole.Entities;
 using Bit.Core.Models.Api;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.SecretsManager.Entities;

src/Api/Utilities/ApiHelpers.cs

@@ -1,6 +1,7 @@
 using System.Text.Json;
 using Azure.Messaging.EventGrid;
 using Azure.Messaging.EventGrid.SystemEvents;
+using Bit.Core.Exceptions;
 using Bit.Core.Utilities;
 using Microsoft.AspNetCore.Mvc;
 
@@ -69,4 +70,35 @@ public static class ApiHelpers
 
         return new OkObjectResult(response);
     }
+
+    /// <summary>
+    /// Validates and returns a date range. Currently used for fetching events.
+    /// </summary>
+    /// <param name="start">start date and time</param>
+    /// <param name="end">end date and time</param>
+    /// <remarks>
+    /// If start or end are null, will return a range of the last 30 days.
+    /// If a time span greater than 367 days is passed will throw BadRequestException.
+    /// </remarks>
+    public static Tuple<DateTime, DateTime> GetDateRange(DateTime? start, DateTime? end)
+    {
+        if (!end.HasValue || !start.HasValue)
+        {
+            end = DateTime.UtcNow.Date.AddDays(1).AddMilliseconds(-1);
+            start = DateTime.UtcNow.Date.AddDays(-30);
+        }
+        else if (start.Value > end.Value)
+        {
+            var newEnd = start;
+            start = end;
+            end = newEnd;
+        }
+
+        if ((end.Value - start.Value) > TimeSpan.FromDays(367))
+        {
+            throw new BadRequestException("Range too large.");
+        }
+
+        return new Tuple<DateTime, DateTime>(start.Value, end.Value);
+    }
 }

src/Billing/Utilities/PayPalIpnClient.cs

@@ -10,18 +10,22 @@ public class PayPalIpnClient
 {
     private readonly HttpClient _httpClient = new HttpClient();
     private readonly Uri _ipnUri;
+    private readonly ILogger<PayPalIpnClient> _logger;
 
-    public PayPalIpnClient(IOptions<BillingSettings> billingSettings)
+    public PayPalIpnClient(IOptions<BillingSettings> billingSettings, ILogger<PayPalIpnClient> logger)
     {
         var bSettings = billingSettings?.Value;
-        _ipnUri = new Uri(bSettings.PayPal.Production ? "https://www.paypal.com/cgi-bin/webscr" :
+        _ipnUri = new Uri(bSettings.PayPal.Production ? "https://ipnpb.paypal.com/cgi-bin/webscr" :
-            "https://www.sandbox.paypal.com/cgi-bin/webscr");
+            "https://ipnpb.sandbox.paypal.com/cgi-bin/webscr");
+        _logger = logger;
     }
 
     public async Task<bool> VerifyIpnAsync(string ipnBody)
     {
+        _logger.LogInformation("Verifying IPN with PayPal at {Timestamp}: {VerificationUri}", DateTime.UtcNow, _ipnUri);
         if (ipnBody == null)
         {
+            _logger.LogError("No IPN body.");
             throw new ArgumentException("No IPN body.");
         }
 
@@ -30,6 +34,7 @@ public class PayPalIpnClient
             Method = HttpMethod.Post,
             RequestUri = _ipnUri
         };
+        _httpClient.DefaultRequestHeaders.Add("User-Agent", "CSharp-IPN-VerificationScript");
         var cmdIpnBody = string.Concat("cmd=_notify-validate&", ipnBody);
         request.Content = new StringContent(cmdIpnBody, Encoding.UTF8, "application/x-www-form-urlencoded");
         var response = await _httpClient.SendAsync(request);
@@ -42,15 +47,15 @@ public class PayPalIpnClient
         {
             return true;
         }
-        else if (responseContent.Equals("INVALID"))
+
+        if (responseContent.Equals("INVALID"))
         {
+            _logger.LogWarning("Received an INVALID response from PayPal: {ResponseContent}", responseContent);
             return false;
         }
-        else
+        _logger.LogError("Failed to verify IPN: {ResponseContent}", responseContent);
-        {
         throw new Exception("Failed to verify IPN.");
     }
-    }
 
     public class IpnTransaction
     {

src/Core/AdminConsole/Entities/Group.cs

@@ -1,8 +1,9 @@
 using System.ComponentModel.DataAnnotations;
+using Bit.Core.Entities;
 using Bit.Core.Models;
 using Bit.Core.Utilities;
 
-namespace Bit.Core.Entities;
+namespace Bit.Core.AdminConsole.Entities;
 
 public class Group : ITableObject<Guid>, IExternal
 {

src/Core/AdminConsole/Entities/GroupUser.cs

@@ -1,4 +1,4 @@
-namespace Bit.Core.Entities;
+namespace Bit.Core.AdminConsole.Entities;
 
 public class GroupUser
 {

src/Core/AdminConsole/Models/Business/ImportedGroup.cs

@@ -1,6 +1,6 @@
-using Bit.Core.Entities;
+using Bit.Core.AdminConsole.Entities;
 
-namespace Bit.Core.Models.Business;
+namespace Bit.Core.AdminConsole.Models.Business;
 
 public class ImportedGroup
 {

src/Core/AdminConsole/Models/Data/GroupWithCollections.cs

@@ -1,7 +1,7 @@
 using System.Data;
-using Bit.Core.Entities;
+using Bit.Core.AdminConsole.Entities;
 
-namespace Bit.Core.Models.Data;
+namespace Bit.Core.AdminConsole.Models.Data;
 
 public class GroupWithCollections : Group
 {

src/Core/AdminConsole/OrganizationFeatures/Groups/CreateGroupCommand.cs

@@ -1,16 +1,18 @@
-using Bit.Core.Context;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces;
+using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.Context;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Data;
-using Bit.Core.OrganizationFeatures.Groups.Interfaces;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Bit.Core.Tools.Enums;
 using Bit.Core.Tools.Models.Business;
 using Bit.Core.Tools.Services;
 
-namespace Bit.Core.OrganizationFeatures.Groups;
+namespace Bit.Core.AdminConsole.OrganizationFeatures.Groups;
 
 public class CreateGroupCommand : ICreateGroupCommand
 {
@@ -46,7 +48,7 @@ public class CreateGroupCommand : ICreateGroupCommand
             await GroupRepositoryUpdateUsersAsync(group, users);
         }
 
-        await _eventService.LogGroupEventAsync(group, Enums.EventType.Group_Created);
+        await _eventService.LogGroupEventAsync(group, Core.Enums.EventType.Group_Created);
     }
 
     public async Task CreateGroupAsync(Group group, Organization organization, EventSystemUser systemUser,
@@ -61,7 +63,7 @@ public class CreateGroupCommand : ICreateGroupCommand
             await GroupRepositoryUpdateUsersAsync(group, users, systemUser);
         }
 
-        await _eventService.LogGroupEventAsync(group, Enums.EventType.Group_Created, systemUser);
+        await _eventService.LogGroupEventAsync(group, Core.Enums.EventType.Group_Created, systemUser);
     }
 
     private async Task GroupRepositoryCreateGroupAsync(Group group, Organization organization, IEnumerable<CollectionAccessSelection> collections = null)

src/Core/AdminConsole/OrganizationFeatures/Groups/DeleteGroupCommand.cs

@@ -1,11 +1,11 @@
-using Bit.Core.Entities;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces;
+using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
-using Bit.Core.OrganizationFeatures.Groups.Interfaces;
-using Bit.Core.Repositories;
 using Bit.Core.Services;
 
-namespace Bit.Core.OrganizationFeatures.Groups;
+namespace Bit.Core.AdminConsole.OrganizationFeatures.Groups;
 
 public class DeleteGroupCommand : IDeleteGroupCommand
 {

src/Core/AdminConsole/OrganizationFeatures/Groups/Interfaces/ICreateGroupCommand.cs

@@ -1,8 +1,9 @@
-using Bit.Core.Entities;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Models.Data;
 
-namespace Bit.Core.OrganizationFeatures.Groups.Interfaces;
+namespace Bit.Core.AdminConsole.OrganizationFeatures.Groups.Interfaces;
 
 public interface ICreateGroupCommand
 {