[SM-429] Add permission checks to access policy endpoints (#2628)

* Add permission checks to access policy endpoints

* Fix unit tests

* Add service account grant permission checks

* Add service account grant tests

* Add new endpoint unit tests

* Cleanup unit tests add integration tests

* User permission enum in create tests

* Swap to NotFoundException for access checks

* Add filter for potential grantees

* Add in AccessSecretsManager check and test it

* Add code review updates

* Code review updates

* Refactor potential grantees endpoint

* Code review updates

src/Core/SecretsManager/Commands/AccessPolicies/Interfaces/ICreateAccessPoliciesCommand.cs

@@ -4,5 +4,5 @@ namespace Bit.Core.SecretsManager.Commands.AccessPolicies.Interfaces;
 
 public interface ICreateAccessPoliciesCommand
 {
-    Task<List<BaseAccessPolicy>> CreateAsync(List<BaseAccessPolicy> accessPolicies);
+    Task<IEnumerable<BaseAccessPolicy>> CreateForProjectAsync(Guid projectId, List<BaseAccessPolicy> accessPolicies, Guid userId);
 }

src/Core/SecretsManager/Commands/AccessPolicies/Interfaces/IDeleteAccessPolicyCommand.cs

@@ -2,5 +2,5 @@
 
 public interface IDeleteAccessPolicyCommand
 {
-    Task DeleteAsync(Guid id);
+    Task DeleteAsync(Guid id, Guid userId);
 }

src/Core/SecretsManager/Commands/AccessPolicies/Interfaces/IUpdateAccessPolicyCommand.cs

@@ -4,5 +4,5 @@ namespace Bit.Core.SecretsManager.Commands.AccessPolicies.Interfaces;
 
 public interface IUpdateAccessPolicyCommand
 {
-    public Task<BaseAccessPolicy> UpdateAsync(Guid id, bool read, bool write);
+    public Task<BaseAccessPolicy> UpdateAsync(Guid id, bool read, bool write, Guid userId);
 }