[SM-702] Extract access policy checks from create/update project commands (#2842)

* Move to access query for project commands * Swap to hasAccess method per action * Swap to authorization handler pattern * Move ProjectOperationRequirement to Core * Add default throw + tests * Swap to reflection for testing switch
2026-01-21 03:43:53 +00:00 · 2023-05-03 09:40:24 -05:00
parent 7be19b53f4
commit 5474d3da18
28 changed files with 490 additions and 166 deletions
--- a/bitwarden_license/src/Commercial.Core/SecretsManager/SecretsManagerCollectionExtensions.cs
+++ b/bitwarden_license/src/Commercial.Core/SecretsManager/SecretsManagerCollectionExtensions.cs
@@ -1,4 +1,5 @@
-using Bit.Commercial.Core.SecretsManager.Commands.AccessPolicies;
+using Bit.Commercial.Core.SecretsManager.AuthorizationHandlers.Projects;
+using Bit.Commercial.Core.SecretsManager.Commands.AccessPolicies;
 using Bit.Commercial.Core.SecretsManager.Commands.AccessTokens;
 using Bit.Commercial.Core.SecretsManager.Commands.Porting;
 using Bit.Commercial.Core.SecretsManager.Commands.Projects;
@@ -12,6 +13,7 @@ using Bit.Core.SecretsManager.Commands.Projects.Interfaces;
 using Bit.Core.SecretsManager.Commands.Secrets.Interfaces;
 using Bit.Core.SecretsManager.Commands.ServiceAccounts.Interfaces;
 using Bit.Core.SecretsManager.Commands.Trash.Interfaces;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.Extensions.DependencyInjection;

 namespace Bit.Commercial.Core.SecretsManager;
@@ -20,6 +22,7 @@ public static class SecretsManagerCollectionExtensions
 {
    public static void AddSecretsManagerServices(this IServiceCollection services)
    {
+        services.AddScoped<IAuthorizationHandler, ProjectAuthorizationHandler>();
        services.AddScoped<ICreateSecretCommand, CreateSecretCommand>();
        services.AddScoped<IUpdateSecretCommand, UpdateSecretCommand>();
        services.AddScoped<IDeleteSecretCommand, DeleteSecretCommand>();