mirror of
https://github.com/bitwarden/server.git
synced 2025-05-06 12:12:18 -05:00
84a984a9e6
- Add Authorize<T> attribute - Add IOrganizationRequirement and example implementation - Add OrganizationRequirementHandler - Add extension methods (replacing ICurrentContext) - Move custom permissions claim definitions --- Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> Co-authored-by: ✨ Audrey ✨ <ajensen@bitwarden.com>
32 lines
1.3 KiB
C#
32 lines
1.3 KiB
C#
#nullable enable
|
|
|
|
using Bit.Core.Context;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
|
|
namespace Bit.Api.AdminConsole.Authorization;
|
|
|
|
/// <summary>
|
|
/// A requirement that implements this interface will be handled by <see cref="OrganizationRequirementHandler"/>,
|
|
/// which calls AuthorizeAsync with the organization details from the route.
|
|
/// This is used for simple role-based checks.
|
|
/// This may only be used on endpoints with {orgId} in their path.
|
|
/// </summary>
|
|
public interface IOrganizationRequirement : IAuthorizationRequirement
|
|
{
|
|
/// <summary>
|
|
/// Whether to authorize a request that has this requirement.
|
|
/// </summary>
|
|
/// <param name="organizationClaims">
|
|
/// The CurrentContextOrganization for the user if they are a member of the organization.
|
|
/// This is null if they are not a member.
|
|
/// </param>
|
|
/// <param name="isProviderUserForOrg">
|
|
/// A callback that returns true if the user is a ProviderUser that manages the organization, otherwise false.
|
|
/// This requires a database query, call it last.
|
|
/// </param>
|
|
/// <returns>True if the requirement has been satisfied, otherwise false.</returns>
|
|
public Task<bool> AuthorizeAsync(
|
|
CurrentContextOrganization? organizationClaims,
|
|
Func<Task<bool>> isProviderUserForOrg);
|
|
}
|