[SM-923] Add project service accounts access policies management endpoints (#3993)

* Add new models * Update repositories * Add new authz handler * Add new query * Add new command * Add authz, command, and query to DI * Add new endpoint to controller * Add query unit tests * Add api unit tests * Add api integration tests
2025-12-13 14:53:34 +00:00 · 2024-05-02 11:06:20 -05:00
parent e302ee1520
commit 7f8cea58d0
23 changed files with 1559 additions and 29 deletions
--- a/src/Api/SecretsManager/Models/Request/ProjectServiceAccountsAccessPoliciesRequestModel.cs
+++ b/src/Api/SecretsManager/Models/Request/ProjectServiceAccountsAccessPoliciesRequestModel.cs
@@ -0,0 +1,28 @@
+#nullable enable
+using Bit.Api.SecretsManager.Utilities;
+using Bit.Core.SecretsManager.Entities;
+using Bit.Core.SecretsManager.Models.Data;
+
+namespace Bit.Api.SecretsManager.Models.Request;
+
+public class ProjectServiceAccountsAccessPoliciesRequestModel
+{
+    public required IEnumerable<AccessPolicyRequest> ServiceAccountAccessPolicyRequests { get; set; }
+
+    public ProjectServiceAccountsAccessPolicies ToProjectServiceAccountsAccessPolicies(Project project)
+    {
+        var serviceAccountAccessPolicies = ServiceAccountAccessPolicyRequests
+            .Select(x => x.ToServiceAccountProjectAccessPolicy(project.Id, project.OrganizationId))
+            .ToList();
+
+        AccessPolicyHelpers.CheckForDistinctAccessPolicies(serviceAccountAccessPolicies);
+        AccessPolicyHelpers.CheckAccessPoliciesHaveReadPermission(serviceAccountAccessPolicies);
+
+        return new ProjectServiceAccountsAccessPolicies
+        {
+            ProjectId = project.Id,
+            OrganizationId = project.OrganizationId,
+            ServiceAccountAccessPolicies = serviceAccountAccessPolicies
+        };
+    }
+}