nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 15:42:48 -05:00
Code Activity

[SM-704] Extract Authorization For ServiceAccounts (#2869)

Browse Source 
* Move to access query for project commands

* Swap to hasAccess method per action

* Swap to authorization handler pattern

* Move ProjectOperationRequirement to Core

* Add default throw + tests

* Extract authorization out of commands

* Unit tests for authorization handler

* Formatting

* Swap to reflection for testing switch

* Swap to check read & reflections in test

* fix wording on exception

* Refactor GetAccessClient into its own query

* Use accessClientQuery in project handler
This commit is contained in:
Thomas Avery
2023-05-31 13:49:58 -05:00
committed by GitHub
parent c08e2a7473
commit d1155ee376
16 changed files with 694 additions and 249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/Core/SecretsManager/AuthorizationRequirements/ServiceAccountOperationRequirement.cs Normal file
View File

@ -0,0 +1,14 @@
using Microsoft.AspNetCore.Authorization.Infrastructure;
namespace Bit.Core.SecretsManager.AuthorizationRequirements;
public class ServiceAccountOperationRequirement : OperationAuthorizationRequirement
{
}
public static class ServiceAccountOperations
{
public static readonly ServiceAccountOperationRequirement Create = new() { Name = nameof(Create) };
public static readonly ServiceAccountOperationRequirement Read = new() { Name = nameof(Read) };
public static readonly ServiceAccountOperationRequirement Update = new() { Name = nameof(Update) };
}

2
src/Core/SecretsManager/Commands/ServiceAccounts/Interfaces/IUpdateServiceAccountCommand.cs
View File

@ -4,5 +4,5 @@ namespace Bit.Core.SecretsManager.Commands.ServiceAccounts.Interfaces;
public interface IUpdateServiceAccountCommand
{
Task<ServiceAccount> UpdateAsync(ServiceAccount serviceAccount, Guid userId);
Task<ServiceAccount> UpdateAsync(ServiceAccount serviceAccount);
}

9
src/Core/SecretsManager/Queries/Interfaces/IAccessClientQuery.cs Normal file
View File

@ -0,0 +1,9 @@
using System.Security.Claims;
using Bit.Core.Enums;
namespace Bit.Core.SecretsManager.Queries.Interfaces;
public interface IAccessClientQuery
{
Task<(AccessClientType AccessClientType, Guid UserId)> GetAccessClientAsync(ClaimsPrincipal claimsPrincipal, Guid organizationId);
}

1
src/Core/SecretsManager/Repositories/IServiceAccountRepository.cs
View File

@ -14,4 +14,5 @@ public interface IServiceAccountRepository
Task<bool> UserHasReadAccessToServiceAccount(Guid id, Guid userId);
Task<bool> UserHasWriteAccessToServiceAccount(Guid id, Guid userId);
Task<IEnumerable<ServiceAccount>> GetManyByOrganizationIdWriteAccessAsync(Guid organizationId, Guid userId, AccessClientType accessType);
Task<(bool Read, bool Write)> AccessToServiceAccountAsync(Guid id, Guid userId, AccessClientType accessType);
}