nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-01 16:12:49 -05:00
Code Activity
Files
52eb87a8c037911a9da68127bbadac3d8140990a
bitwarden/src/Api/Tools/Authorization/VaultExportAuthorizationHandler.cs
Thomas Rittson 6a9b7ece2b [PM-11360] Remove export permission for providers (#5051) 
- also fix managed collections export from CLI
2024-12-06 08:07:04 +10:00

39 lines
1.4 KiB
C#
Raw Blame History

using Bit.Core.AdminConsole.OrganizationFeatures.Shared.Authorization;
using Bit.Core.Context;
using Bit.Core.Enums;
using Microsoft.AspNetCore.Authorization;
namespace Bit.Api.Tools.Authorization;
public class VaultExportAuthorizationHandler(ICurrentContext currentContext)
: AuthorizationHandler<VaultExportOperationRequirement, OrganizationScope>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
VaultExportOperationRequirement requirement, OrganizationScope organizationScope)
{
var org = currentContext.GetOrganization(organizationScope);
var authorized = requirement switch
{
not null when requirement == VaultExportOperations.ExportWholeVault =>
CanExportWholeVault(org),
not null when requirement == VaultExportOperations.ExportManagedCollections =>
CanExportManagedCollections(org),
_ => false
};
if (authorized)
{
context.Succeed(requirement);
}
return Task.FromResult(0);
}
private bool CanExportWholeVault(CurrentContextOrganization organization) => organization is
{ Type: OrganizationUserType.Owner or OrganizationUserType.Admin } or
{ Type: OrganizationUserType.Custom, Permissions.AccessImportExport: true };
private bool CanExportManagedCollections(CurrentContextOrganization organization) => organization is not null;
}
View Git Blame Copy Permalink