[SM-706] Extract Authorization From Create/Update Secret Commands (#2896)

* Extract authorization from commands * Swap to request model validation. * Swap to pattern detection
2025-12-16 16:23:31 +00:00 · 2023-06-08 16:40:35 -05:00
parent 6a9e7a1d0a
commit 05f11a8ee1
15 changed files with 674 additions and 231 deletions
--- a/src/Api/SecretsManager/Models/Request/SecretCreateRequestModel.cs
+++ b/src/Api/SecretsManager/Models/Request/SecretCreateRequestModel.cs
@@ -4,7 +4,7 @@ using Bit.Core.Utilities;

 namespace Bit.Api.SecretsManager.Models.Request;

-public class SecretCreateRequestModel
+public class SecretCreateRequestModel : IValidatableObject
 {
    [Required]
    [EncryptedString]
@@ -32,4 +32,14 @@ public class SecretCreateRequestModel
            Projects = ProjectIds != null && ProjectIds.Any() ? ProjectIds.Select(x => new Project() { Id = x }).ToList() : null,
        };
    }
+
+    public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
+    {
+        if (ProjectIds is { Length: > 1 })
+        {
+            yield return new ValidationResult(
+                $"Only one project assignment is supported.",
+                new[] { nameof(ProjectIds) });
+        }
+    }
 }
--- a/src/Api/SecretsManager/Models/Request/SecretUpdateRequestModel.cs
+++ b/src/Api/SecretsManager/Models/Request/SecretUpdateRequestModel.cs
@@ -4,7 +4,7 @@ using Bit.Core.Utilities;

 namespace Bit.Api.SecretsManager.Models.Request;

-public class SecretUpdateRequestModel
+public class SecretUpdateRequestModel : IValidatableObject
 {
    [Required]
    [EncryptedString]
@@ -20,11 +20,12 @@ public class SecretUpdateRequestModel

    public Guid[] ProjectIds { get; set; }

-    public Secret ToSecret(Guid id)
+    public Secret ToSecret(Guid id, Guid organizationId)
    {
        return new Secret()
        {
            Id = id,
+            OrganizationId = organizationId,
            Key = Key,
            Value = Value,
            Note = Note,
@@ -32,4 +33,14 @@ public class SecretUpdateRequestModel
            Projects = ProjectIds != null && ProjectIds.Any() ? ProjectIds.Select(x => new Project() { Id = x }).ToList() : null,
        };
    }
+
+    public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
+    {
+        if (ProjectIds is { Length: > 1 })
+        {
+            yield return new ValidationResult(
+                $"Only one project assignment is supported.",
+                new[] { nameof(ProjectIds) });
+        }
+    }
 }