[PM-11123] Service layer for Notification Center (#4741)

* PM-11123: Service layer

* PM-11123: Service layer for Notification Center

* PM-11123: Throw error on unsupported requirement

* PM-11123: Missing await

* PM-11123: Cleanup

* PM-11123: Unit Test coverage

* PM-11123: Flipping the authorization logic to be exact match of fail, formatting

* PM-11123: Async warning

* PM-11123: Using AuthorizeOrThrowAsync, removal of redundant set new id

* PM-11123: UT typo

* PM-11123: UT fix

src/Core/NotificationCenter/Authorization/NotificationAuthorizationHandler.cs

@@ -0,0 +1,68 @@
+#nullable enable
+using Bit.Core.Context;
+using Bit.Core.NotificationCenter.Entities;
+using Microsoft.AspNetCore.Authorization;
+
+namespace Bit.Core.NotificationCenter.Authorization;
+
+public class NotificationAuthorizationHandler : AuthorizationHandler<NotificationOperationsRequirement, Notification>
+{
+    private readonly ICurrentContext _currentContext;
+
+    public NotificationAuthorizationHandler(ICurrentContext currentContext)
+    {
+        _currentContext = currentContext;
+    }
+
+    protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context,
+        NotificationOperationsRequirement requirement,
+        Notification notification)
+    {
+        if (!_currentContext.UserId.HasValue)
+        {
+            return;
+        }
+
+        var authorized = requirement switch
+        {
+            not null when requirement == NotificationOperations.Read => CanRead(notification),
+            not null when requirement == NotificationOperations.Create => await CanCreate(notification),
+            not null when requirement == NotificationOperations.Update => await CanUpdate(notification),
+            _ => throw new ArgumentException("Unsupported operation requirement type provided.", nameof(requirement))
+        };
+
+        if (authorized)
+        {
+            context.Succeed(requirement);
+        }
+    }
+
+    private bool CanRead(Notification notification)
+    {
+        var userMatching = !notification.UserId.HasValue || notification.UserId.Value == _currentContext.UserId!.Value;
+        var organizationMatching = !notification.OrganizationId.HasValue ||
+                                   _currentContext.GetOrganization(notification.OrganizationId.Value) != null;
+
+        return notification.Global || (userMatching && organizationMatching);
+    }
+
+    private async Task<bool> CanCreate(Notification notification)
+    {
+        var organizationPermissionsMatching = !notification.OrganizationId.HasValue ||
+                                              await _currentContext.AccessReports(notification.OrganizationId.Value);
+        var userNoOrganizationMatching = !notification.UserId.HasValue || notification.OrganizationId.HasValue ||
+                                         notification.UserId.Value == _currentContext.UserId!.Value;
+
+        return !notification.Global && organizationPermissionsMatching && userNoOrganizationMatching;
+    }
+
+    private async Task<bool> CanUpdate(Notification notification)
+    {
+        var organizationPermissionsMatching = !notification.OrganizationId.HasValue ||
+                                              await _currentContext.AccessReports(notification.OrganizationId.Value);
+        var userNoOrganizationMatching = !notification.UserId.HasValue || notification.OrganizationId.HasValue ||
+                                         notification.UserId.Value == _currentContext.UserId!.Value;
+
+        return !notification.Global && organizationPermissionsMatching && userNoOrganizationMatching;
+    }
+}

src/Core/NotificationCenter/Authorization/NotificationOperations.cs

@@ -0,0 +1,19 @@
+#nullable enable
+using Microsoft.AspNetCore.Authorization.Infrastructure;
+
+namespace Bit.Core.NotificationCenter.Authorization;
+
+public class NotificationOperationsRequirement : OperationAuthorizationRequirement
+{
+    public NotificationOperationsRequirement(string name)
+    {
+        Name = name;
+    }
+}
+
+public static class NotificationOperations
+{
+    public static readonly NotificationOperationsRequirement Read = new(nameof(Read));
+    public static readonly NotificationOperationsRequirement Create = new(nameof(Create));
+    public static readonly NotificationOperationsRequirement Update = new(nameof(Update));
+}

src/Core/NotificationCenter/Authorization/NotificationStatusAuthorizationHandler.cs

@@ -0,0 +1,57 @@
+#nullable enable
+using Bit.Core.Context;
+using Bit.Core.NotificationCenter.Entities;
+using Microsoft.AspNetCore.Authorization;
+
+namespace Bit.Core.NotificationCenter.Authorization;
+
+public class NotificationStatusAuthorizationHandler : AuthorizationHandler<NotificationStatusOperationsRequirement,
+    NotificationStatus>
+{
+    private readonly ICurrentContext _currentContext;
+
+    public NotificationStatusAuthorizationHandler(ICurrentContext currentContext)
+    {
+        _currentContext = currentContext;
+    }
+
+    protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
+        NotificationStatusOperationsRequirement requirement,
+        NotificationStatus notificationStatus)
+    {
+        if (!_currentContext.UserId.HasValue)
+        {
+            return Task.CompletedTask;
+        }
+
+        var authorized = requirement switch
+        {
+            not null when requirement == NotificationStatusOperations.Read => CanRead(notificationStatus),
+            not null when requirement == NotificationStatusOperations.Create => CanCreate(notificationStatus),
+            not null when requirement == NotificationStatusOperations.Update => CanUpdate(notificationStatus),
+            _ => throw new ArgumentException("Unsupported operation requirement type provided.", nameof(requirement))
+        };
+
+        if (authorized)
+        {
+            context.Succeed(requirement);
+        }
+
+        return Task.CompletedTask;
+    }
+
+    private bool CanRead(NotificationStatus notificationStatus)
+    {
+        return notificationStatus.UserId == _currentContext.UserId!.Value;
+    }
+
+    private bool CanCreate(NotificationStatus notificationStatus)
+    {
+        return notificationStatus.UserId == _currentContext.UserId!.Value;
+    }
+
+    private bool CanUpdate(NotificationStatus notificationStatus)
+    {
+        return notificationStatus.UserId == _currentContext.UserId!.Value;
+    }
+}

src/Core/NotificationCenter/Authorization/NotificationStatusOperations.cs

@@ -0,0 +1,19 @@
+#nullable enable
+using Microsoft.AspNetCore.Authorization.Infrastructure;
+
+namespace Bit.Core.NotificationCenter.Authorization;
+
+public class NotificationStatusOperationsRequirement : OperationAuthorizationRequirement
+{
+    public NotificationStatusOperationsRequirement(string name)
+    {
+        Name = name;
+    }
+}
+
+public static class NotificationStatusOperations
+{
+    public static readonly NotificationStatusOperationsRequirement Read = new(nameof(Read));
+    public static readonly NotificationStatusOperationsRequirement Create = new(nameof(Create));
+    public static readonly NotificationStatusOperationsRequirement Update = new(nameof(Update));
+}

src/Core/NotificationCenter/Commands/CreateNotificationCommand.cs

@@ -0,0 +1,36 @@
+#nullable enable
+using Bit.Core.Context;
+using Bit.Core.NotificationCenter.Authorization;
+using Bit.Core.NotificationCenter.Commands.Interfaces;
+using Bit.Core.NotificationCenter.Entities;
+using Bit.Core.NotificationCenter.Repositories;
+using Bit.Core.Utilities;
+using Microsoft.AspNetCore.Authorization;
+
+namespace Bit.Core.NotificationCenter.Commands;
+
+public class CreateNotificationCommand : ICreateNotificationCommand
+{
+    private readonly ICurrentContext _currentContext;
+    private readonly IAuthorizationService _authorizationService;
+    private readonly INotificationRepository _notificationRepository;
+
+    public CreateNotificationCommand(ICurrentContext currentContext,
+        IAuthorizationService authorizationService,
+        INotificationRepository notificationRepository)
+    {
+        _currentContext = currentContext;
+        _authorizationService = authorizationService;
+        _notificationRepository = notificationRepository;
+    }
+
+    public async Task<Notification> CreateAsync(Notification notification)
+    {
+        notification.CreationDate = notification.RevisionDate = DateTime.UtcNow;
+
+        await _authorizationService.AuthorizeOrThrowAsync(_currentContext.HttpContext.User, notification,
+            NotificationOperations.Create);
+
+        return await _notificationRepository.CreateAsync(notification);
+    }
+}

src/Core/NotificationCenter/Commands/CreateNotificationStatusCommand.cs

@@ -0,0 +1,47 @@
+#nullable enable
+using Bit.Core.Context;
+using Bit.Core.Exceptions;
+using Bit.Core.NotificationCenter.Authorization;
+using Bit.Core.NotificationCenter.Commands.Interfaces;
+using Bit.Core.NotificationCenter.Entities;
+using Bit.Core.NotificationCenter.Repositories;
+using Bit.Core.Utilities;
+using Microsoft.AspNetCore.Authorization;
+
+namespace Bit.Core.NotificationCenter.Commands;
+
+public class CreateNotificationStatusCommand : ICreateNotificationStatusCommand
+{
+    private readonly ICurrentContext _currentContext;
+    private readonly IAuthorizationService _authorizationService;
+    private readonly INotificationRepository _notificationRepository;
+    private readonly INotificationStatusRepository _notificationStatusRepository;
+
+    public CreateNotificationStatusCommand(ICurrentContext currentContext,
+        IAuthorizationService authorizationService,
+        INotificationRepository notificationRepository,
+        INotificationStatusRepository notificationStatusRepository)
+    {
+        _currentContext = currentContext;
+        _authorizationService = authorizationService;
+        _notificationRepository = notificationRepository;
+        _notificationStatusRepository = notificationStatusRepository;
+    }
+
+    public async Task<NotificationStatus> CreateAsync(NotificationStatus notificationStatus)
+    {
+        var notification = await _notificationRepository.GetByIdAsync(notificationStatus.NotificationId);
+        if (notification == null)
+        {
+            throw new NotFoundException();
+        }
+
+        await _authorizationService.AuthorizeOrThrowAsync(_currentContext.HttpContext.User, notification,
+            NotificationOperations.Read);
+
+        await _authorizationService.AuthorizeOrThrowAsync(_currentContext.HttpContext.User, notificationStatus,
+            NotificationStatusOperations.Create);
+
+        return await _notificationStatusRepository.CreateAsync(notificationStatus);
+    }
+}

src/Core/NotificationCenter/Commands/Interfaces/ICreateNotificationCommand.cs

@@ -0,0 +1,9 @@
+#nullable enable
+using Bit.Core.NotificationCenter.Entities;
+
+namespace Bit.Core.NotificationCenter.Commands.Interfaces;
+
+public interface ICreateNotificationCommand
+{
+    Task<Notification> CreateAsync(Notification notification);
+}

src/Core/NotificationCenter/Commands/Interfaces/ICreateNotificationStatusCommand.cs

@@ -0,0 +1,9 @@
+#nullable enable
+using Bit.Core.NotificationCenter.Entities;
+
+namespace Bit.Core.NotificationCenter.Commands.Interfaces;
+
+public interface ICreateNotificationStatusCommand
+{
+    Task<NotificationStatus> CreateAsync(NotificationStatus notificationStatus);
+}

src/Core/NotificationCenter/Commands/Interfaces/IMarkNotificationDeletedCommand.cs

@@ -0,0 +1,7 @@
+#nullable enable
+namespace Bit.Core.NotificationCenter.Commands.Interfaces;
+
+public interface IMarkNotificationDeletedCommand
+{
+    Task MarkDeletedAsync(Guid notificationId);
+}

src/Core/NotificationCenter/Commands/Interfaces/IMarkNotificationReadCommand.cs

@@ -0,0 +1,7 @@
+#nullable enable
+namespace Bit.Core.NotificationCenter.Commands.Interfaces;
+
+public interface IMarkNotificationReadCommand
+{
+    Task MarkReadAsync(Guid notificationId);
+}

src/Core/NotificationCenter/Commands/Interfaces/IUpdateNotificationCommand.cs

@@ -0,0 +1,9 @@
+#nullable enable
+using Bit.Core.NotificationCenter.Entities;
+
+namespace Bit.Core.NotificationCenter.Commands.Interfaces;
+
+public interface IUpdateNotificationCommand
+{
+    Task UpdateAsync(Notification notification);
+}

src/Core/NotificationCenter/Commands/MarkNotificationDeletedCommand.cs

@@ -0,0 +1,74 @@
+#nullable enable
+using Bit.Core.Context;
+using Bit.Core.Exceptions;
+using Bit.Core.NotificationCenter.Authorization;
+using Bit.Core.NotificationCenter.Commands.Interfaces;
+using Bit.Core.NotificationCenter.Entities;
+using Bit.Core.NotificationCenter.Repositories;
+using Bit.Core.Utilities;
+using Microsoft.AspNetCore.Authorization;
+
+namespace Bit.Core.NotificationCenter.Commands;
+
+public class MarkNotificationDeletedCommand : IMarkNotificationDeletedCommand
+{
+    private readonly ICurrentContext _currentContext;
+    private readonly IAuthorizationService _authorizationService;
+    private readonly INotificationRepository _notificationRepository;
+    private readonly INotificationStatusRepository _notificationStatusRepository;
+
+    public MarkNotificationDeletedCommand(ICurrentContext currentContext,
+        IAuthorizationService authorizationService,
+        INotificationRepository notificationRepository,
+        INotificationStatusRepository notificationStatusRepository)
+    {
+        _currentContext = currentContext;
+        _authorizationService = authorizationService;
+        _notificationRepository = notificationRepository;
+        _notificationStatusRepository = notificationStatusRepository;
+    }
+
+    public async Task MarkDeletedAsync(Guid notificationId)
+    {
+        if (!_currentContext.UserId.HasValue)
+        {
+            throw new NotFoundException();
+        }
+
+        var notification = await _notificationRepository.GetByIdAsync(notificationId);
+        if (notification == null)
+        {
+            throw new NotFoundException();
+        }
+
+        await _authorizationService.AuthorizeOrThrowAsync(_currentContext.HttpContext.User, notification,
+            NotificationOperations.Read);
+
+        var notificationStatus = await _notificationStatusRepository.GetByNotificationIdAndUserIdAsync(notificationId,
+            _currentContext.UserId.Value);
+
+        if (notificationStatus == null)
+        {
+            notificationStatus = new NotificationStatus()
+            {
+                NotificationId = notificationId,
+                UserId = _currentContext.UserId.Value,
+                DeletedDate = DateTime.Now
+            };
+
+            await _authorizationService.AuthorizeOrThrowAsync(_currentContext.HttpContext.User, notificationStatus,
+                NotificationStatusOperations.Create);
+
+            await _notificationStatusRepository.CreateAsync(notificationStatus);
+        }
+        else
+        {
+            await _authorizationService.AuthorizeOrThrowAsync(_currentContext.HttpContext.User, notificationStatus,
+                NotificationStatusOperations.Update);
+
+            notificationStatus.DeletedDate = DateTime.UtcNow;
+
+            await _notificationStatusRepository.UpdateAsync(notificationStatus);
+        }
+    }
+}

src/Core/NotificationCenter/Commands/MarkNotificationReadCommand.cs

@@ -0,0 +1,74 @@
+#nullable enable
+using Bit.Core.Context;
+using Bit.Core.Exceptions;
+using Bit.Core.NotificationCenter.Authorization;
+using Bit.Core.NotificationCenter.Commands.Interfaces;
+using Bit.Core.NotificationCenter.Entities;
+using Bit.Core.NotificationCenter.Repositories;
+using Bit.Core.Utilities;
+using Microsoft.AspNetCore.Authorization;
+
+namespace Bit.Core.NotificationCenter.Commands;
+
+public class MarkNotificationReadCommand : IMarkNotificationReadCommand
+{
+    private readonly ICurrentContext _currentContext;
+    private readonly IAuthorizationService _authorizationService;
+    private readonly INotificationRepository _notificationRepository;
+    private readonly INotificationStatusRepository _notificationStatusRepository;
+
+    public MarkNotificationReadCommand(ICurrentContext currentContext,
+        IAuthorizationService authorizationService,
+        INotificationRepository notificationRepository,
+        INotificationStatusRepository notificationStatusRepository)
+    {
+        _currentContext = currentContext;
+        _authorizationService = authorizationService;
+        _notificationRepository = notificationRepository;
+        _notificationStatusRepository = notificationStatusRepository;
+    }
+
+    public async Task MarkReadAsync(Guid notificationId)
+    {
+        if (!_currentContext.UserId.HasValue)
+        {
+            throw new NotFoundException();
+        }
+
+        var notification = await _notificationRepository.GetByIdAsync(notificationId);
+        if (notification == null)
+        {
+            throw new NotFoundException();
+        }
+
+        await _authorizationService.AuthorizeOrThrowAsync(_currentContext.HttpContext.User, notification,
+            NotificationOperations.Read);
+
+        var notificationStatus = await _notificationStatusRepository.GetByNotificationIdAndUserIdAsync(notificationId,
+            _currentContext.UserId.Value);
+
+        if (notificationStatus == null)
+        {
+            notificationStatus = new NotificationStatus()
+            {
+                NotificationId = notificationId,
+                UserId = _currentContext.UserId.Value,
+                ReadDate = DateTime.Now
+            };
+
+            await _authorizationService.AuthorizeOrThrowAsync(_currentContext.HttpContext.User, notificationStatus,
+                NotificationStatusOperations.Create);
+
+            await _notificationStatusRepository.CreateAsync(notificationStatus);
+        }
+        else
+        {
+            await _authorizationService.AuthorizeOrThrowAsync(_currentContext.HttpContext.User,
+                notificationStatus, NotificationStatusOperations.Update);
+
+            notificationStatus.ReadDate = DateTime.UtcNow;
+
+            await _notificationStatusRepository.UpdateAsync(notificationStatus);
+        }
+    }
+}

src/Core/NotificationCenter/Commands/UpdateNotificationCommand.cs

@@ -0,0 +1,47 @@
+#nullable enable
+using Bit.Core.Context;
+using Bit.Core.Exceptions;
+using Bit.Core.NotificationCenter.Authorization;
+using Bit.Core.NotificationCenter.Commands.Interfaces;
+using Bit.Core.NotificationCenter.Entities;
+using Bit.Core.NotificationCenter.Repositories;
+using Bit.Core.Utilities;
+using Microsoft.AspNetCore.Authorization;
+
+namespace Bit.Core.NotificationCenter.Commands;
+
+public class UpdateNotificationCommand : IUpdateNotificationCommand
+{
+    private readonly ICurrentContext _currentContext;
+    private readonly IAuthorizationService _authorizationService;
+    private readonly INotificationRepository _notificationRepository;
+
+    public UpdateNotificationCommand(ICurrentContext currentContext,
+        IAuthorizationService authorizationService,
+        INotificationRepository notificationRepository)
+    {
+        _currentContext = currentContext;
+        _authorizationService = authorizationService;
+        _notificationRepository = notificationRepository;
+    }
+
+    public async Task UpdateAsync(Notification notificationToUpdate)
+    {
+        var notification = await _notificationRepository.GetByIdAsync(notificationToUpdate.Id);
+        if (notification == null)
+        {
+            throw new NotFoundException();
+        }
+
+        await _authorizationService.AuthorizeOrThrowAsync(_currentContext.HttpContext.User,
+            notification, NotificationOperations.Update);
+
+        notification.Priority = notificationToUpdate.Priority;
+        notification.ClientType = notificationToUpdate.ClientType;
+        notification.Title = notificationToUpdate.Title;
+        notification.Body = notificationToUpdate.Body;
+        notification.RevisionDate = DateTime.UtcNow;
+
+        await _notificationRepository.ReplaceAsync(notification);
+    }
+}

src/Core/NotificationCenter/Queries/GetNotificationStatusForUserQuery.cs

@@ -0,0 +1,47 @@
+#nullable enable
+using Bit.Core.Context;
+using Bit.Core.Exceptions;
+using Bit.Core.NotificationCenter.Authorization;
+using Bit.Core.NotificationCenter.Entities;
+using Bit.Core.NotificationCenter.Queries.Interfaces;
+using Bit.Core.NotificationCenter.Repositories;
+using Bit.Core.Utilities;
+using Microsoft.AspNetCore.Authorization;
+
+namespace Bit.Core.NotificationCenter.Queries;
+
+public class GetNotificationStatusForUserQuery : IGetNotificationStatusForUserQuery
+{
+    private readonly ICurrentContext _currentContext;
+    private readonly IAuthorizationService _authorizationService;
+    private readonly INotificationStatusRepository _notificationStatusRepository;
+
+    public GetNotificationStatusForUserQuery(ICurrentContext currentContext,
+        IAuthorizationService authorizationService,
+        INotificationStatusRepository notificationStatusRepository)
+    {
+        _currentContext = currentContext;
+        _authorizationService = authorizationService;
+        _notificationStatusRepository = notificationStatusRepository;
+    }
+
+    public async Task<NotificationStatus> GetByNotificationIdAndUserIdAsync(Guid notificationId)
+    {
+        if (!_currentContext.UserId.HasValue)
+        {
+            throw new NotFoundException();
+        }
+
+        var notificationStatus = await _notificationStatusRepository.GetByNotificationIdAndUserIdAsync(notificationId,
+            _currentContext.UserId.Value);
+        if (notificationStatus == null)
+        {
+            throw new NotFoundException();
+        }
+
+        await _authorizationService.AuthorizeOrThrowAsync(_currentContext.HttpContext.User,
+            notificationStatus, NotificationStatusOperations.Read);
+
+        return notificationStatus;
+    }
+}

src/Core/NotificationCenter/Queries/GetNotificationsForUserQuery.cs

@@ -0,0 +1,37 @@
+#nullable enable
+using Bit.Core.Context;
+using Bit.Core.Exceptions;
+using Bit.Core.NotificationCenter.Entities;
+using Bit.Core.NotificationCenter.Models.Filter;
+using Bit.Core.NotificationCenter.Queries.Interfaces;
+using Bit.Core.NotificationCenter.Repositories;
+using Bit.Core.Utilities;
+
+namespace Bit.Core.NotificationCenter.Queries;
+
+public class GetNotificationsForUserQuery : IGetNotificationsForUserQuery
+{
+    private readonly ICurrentContext _currentContext;
+    private readonly INotificationRepository _notificationRepository;
+
+    public GetNotificationsForUserQuery(ICurrentContext currentContext,
+        INotificationRepository notificationRepository)
+    {
+        _currentContext = currentContext;
+        _notificationRepository = notificationRepository;
+    }
+
+    public async Task<IEnumerable<Notification>> GetByUserIdStatusFilterAsync(NotificationStatusFilter statusFilter)
+    {
+        if (!_currentContext.UserId.HasValue)
+        {
+            throw new NotFoundException();
+        }
+
+        var clientType = DeviceTypes.ToClientType(_currentContext.DeviceType);
+
+        // Note: only returns the user's notifications - no authorization check needed
+        return await _notificationRepository.GetByUserIdAndStatusAsync(_currentContext.UserId.Value, clientType,
+            statusFilter);
+    }
+}

src/Core/NotificationCenter/Queries/Interfaces/IGetNotificationStatusForUserQuery.cs

@@ -0,0 +1,9 @@
+#nullable enable
+using Bit.Core.NotificationCenter.Entities;
+
+namespace Bit.Core.NotificationCenter.Queries.Interfaces;
+
+public interface IGetNotificationStatusForUserQuery
+{
+    Task<NotificationStatus> GetByNotificationIdAndUserIdAsync(Guid notificationId);
+}

src/Core/NotificationCenter/Queries/Interfaces/IGetNotificationsForUserQuery.cs

@@ -0,0 +1,10 @@
+#nullable enable
+using Bit.Core.NotificationCenter.Entities;
+using Bit.Core.NotificationCenter.Models.Filter;
+
+namespace Bit.Core.NotificationCenter.Queries.Interfaces;
+
+public interface IGetNotificationsForUserQuery
+{
+    Task<IEnumerable<Notification>> GetByUserIdStatusFilterAsync(NotificationStatusFilter statusFilter);
+}