[PM-23921] [BEEEP] Add IOrganizationRequirements for each permission (#6105)

* Add BasePermissionRequirement and implement it for each permission

* Add tests

src/Api/AdminConsole/Authorization/Requirements/BasePermissionRequirement.cs

@@ -0,0 +1,24 @@
+using Bit.Core.Context;
+using Bit.Core.Enums;
+using Bit.Core.Models.Data;
+
+namespace Bit.Api.AdminConsole.Authorization.Requirements;
+
+/// <summary>
+/// A base implementation of <see cref="IOrganizationRequirement"/> which will authorize Owners, Admins, Providers,
+/// and custom users with the permission specified by the permissionPicker constructor parameter. This is suitable
+/// for most requirements related to a custom permission.
+/// </summary>
+/// <param name="permissionPicker">A function that returns a custom permission which will authorize the action.</param>
+public abstract class BasePermissionRequirement(Func<Permissions, bool> permissionPicker) : IOrganizationRequirement
+{
+    public async Task<bool> AuthorizeAsync(CurrentContextOrganization? organizationClaims,
+        Func<Task<bool>> isProviderUserForOrg)
+    => organizationClaims switch
+    {
+        { Type: OrganizationUserType.Owner } => true,
+        { Type: OrganizationUserType.Admin } => true,
+        { Type: OrganizationUserType.Custom } when permissionPicker(organizationClaims.Permissions) => true,
+        _ => await isProviderUserForOrg()
+    };
+}

src/Api/AdminConsole/Authorization/Requirements/ManageAccountRecoveryRequirement.cs

@@ -1,20 +0,0 @@
-#nullable enable
-
-using Bit.Core.Context;
-using Bit.Core.Enums;
-
-namespace Bit.Api.AdminConsole.Authorization.Requirements;
-
-public class ManageAccountRecoveryRequirement : IOrganizationRequirement
-{
-    public async Task<bool> AuthorizeAsync(
-        CurrentContextOrganization? organizationClaims,
-        Func<Task<bool>> isProviderUserForOrg)
-        => organizationClaims switch
-        {
-            { Type: OrganizationUserType.Owner } => true,
-            { Type: OrganizationUserType.Admin } => true,
-            { Permissions.ManageResetPassword: true } => true,
-            _ => await isProviderUserForOrg()
-        };
-}

src/Api/AdminConsole/Authorization/Requirements/ManageUsersRequirement.cs

@@ -1,20 +0,0 @@
-#nullable enable
-
-using Bit.Core.Context;
-using Bit.Core.Enums;
-
-namespace Bit.Api.AdminConsole.Authorization.Requirements;
-
-public class ManageUsersRequirement : IOrganizationRequirement
-{
-    public async Task<bool> AuthorizeAsync(
-        CurrentContextOrganization? organizationClaims,
-        Func<Task<bool>> isProviderUserForOrg)
-        => organizationClaims switch
-        {
-            { Type: OrganizationUserType.Owner } => true,
-            { Type: OrganizationUserType.Admin } => true,
-            { Permissions.ManageUsers: true } => true,
-            _ => await isProviderUserForOrg()
-        };
-}

src/Api/AdminConsole/Authorization/Requirements/PermissionRequirements.cs

@@ -0,0 +1,11 @@
+namespace Bit.Api.AdminConsole.Authorization.Requirements;
+
+public class AccessEventLogsRequirement() : BasePermissionRequirement(p => p.AccessEventLogs);
+public class AccessImportExportRequirement() : BasePermissionRequirement(p => p.AccessImportExport);
+public class AccessReportsRequirement() : BasePermissionRequirement(p => p.AccessReports);
+public class ManageAccountRecoveryRequirement() : BasePermissionRequirement(p => p.ManageResetPassword);
+public class ManageGroupsRequirement() : BasePermissionRequirement(p => p.ManageGroups);
+public class ManagePoliciesRequirement() : BasePermissionRequirement(p => p.ManagePolicies);
+public class ManageScimRequirement() : BasePermissionRequirement(p => p.ManageScim);
+public class ManageSsoRequirement() : BasePermissionRequirement(p => p.ManageSso);
+public class ManageUsersRequirement() : BasePermissionRequirement(p => p.ManageUsers);