[SM-429] Add permission checks to access policy endpoints (#2628)

* Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2025-07-02 16:42:50 -05:00 · 2023-02-06 11:26:06 -06:00
parent 9110efa44e
commit cf669286ed
20 changed files with 1710 additions and 146 deletions
--- a/src/Api/SecretsManager/Models/Response/PotentialGranteeResponseModel.cs
+++ b/src/Api/SecretsManager/Models/Response/PotentialGranteeResponseModel.cs
@ -0,0 +1,62 @@
+using Bit.Core.Entities;
+using Bit.Core.Models.Api;
+using Bit.Core.Models.Data.Organizations.OrganizationUsers;
+using Bit.Core.SecretsManager.Entities;
+
+namespace Bit.Api.SecretsManager.Models.Response;
+
+public class PotentialGranteeResponseModel : ResponseModel
+{
+    private const string _objectName = "potentialGrantee";
+
+    public PotentialGranteeResponseModel(Group group)
+        : base(_objectName)
+    {
+        if (group == null)
+        {
+            throw new ArgumentNullException(nameof(group));
+        }
+
+        Id = group.Id.ToString();
+        Name = group.Name;
+        Type = "group";
+    }
+
+    public PotentialGranteeResponseModel(OrganizationUserUserDetails user)
+        : base(_objectName)
+    {
+        if (user == null)
+        {
+            throw new ArgumentNullException(nameof(user));
+        }
+
+        Id = user.Id.ToString();
+        Name = user.Name;
+        Email = user.Email;
+        Type = "user";
+    }
+
+    public PotentialGranteeResponseModel(ServiceAccount serviceAccount)
+        : base(_objectName)
+    {
+        if (serviceAccount == null)
+        {
+            throw new ArgumentNullException(nameof(serviceAccount));
+        }
+
+        Id = serviceAccount.Id.ToString();
+        Name = serviceAccount.Name;
+        Type = "serviceAccount";
+    }
+
+    public PotentialGranteeResponseModel() : base(_objectName)
+    {
+    }
+
+    public string Id { get; set; }
+
+    public string Name { get; set; }
+
+    public string Type { get; set; }
+    public string? Email { get; set; }
+}