[PM-14378] SecurityTask Authorization Handler (#5039)

* [PM-14378] Introduce GetCipherPermissionsForOrganization query for Dapper CipherRepository * [PM-14378] Introduce GetCipherPermissionsForOrganization method for Entity Framework * [PM-14378] Add integration tests for new repository method * [PM-14378] Introduce IGetCipherPermissionsForUserQuery CQRS query * [PM-14378] Introduce SecurityTaskOperationRequirement * [PM-14378] Introduce SecurityTaskAuthorizationHandler.cs * [PM-14378] Introduce SecurityTaskOrganizationAuthorizationHandler.cs * [PM-14378] Register new authorization handlers * [PM-14378] Formatting * [PM-14378] Add unit tests for GetCipherPermissionsForUserQuery * [PM-15378] Cleanup SecurityTaskAuthorizationHandler and add tests * [PM-14378] Add tests for SecurityTaskOrganizationAuthorizationHandler * [PM-14378] Formatting * [PM-14378] Update date in migration file * [PM-14378] Add missing awaits * [PM-14378] Bump migration script date * [PM-14378] Remove Unassigned property from OrganizationCipherPermission as it was making the query too complicated * [PM-14378] Update sproc to use Union All to improve query performance * [PM-14378] Bump migration script date
2026-01-04 17:43:53 +00:00 · 2025-01-09 12:14:24 -08:00
parent fd195e7cf3
commit a99f82dddd
18 changed files with 1669 additions and 0 deletions
--- a/src/Core/Vault/Models/Data/OrganizationCipherPermission.cs
+++ b/src/Core/Vault/Models/Data/OrganizationCipherPermission.cs
@@ -0,0 +1,40 @@
+namespace Bit.Core.Vault.Models.Data;
+
+/// <summary>
+/// Data model that represents a Users permissions for a given cipher
+/// that belongs to an organization.
+/// To be used internally for authorization.
+/// </summary>
+public class OrganizationCipherPermission
+{
+    /// <summary>
+    /// The cipher Id
+    /// </summary>
+    public Guid Id { get; set; }
+
+    /// <summary>
+    /// The organization Id that the cipher belongs to.
+    /// </summary>
+    public Guid OrganizationId { get; set; }
+
+    /// <summary>
+    /// The user can read the cipher.
+    /// See <see cref="ViewPassword"/> for password visibility.
+    /// </summary>
+    public bool Read { get; set; }
+
+    /// <summary>
+    /// The user has permission to view the password of the cipher.
+    /// </summary>
+    public bool ViewPassword { get; set; }
+
+    /// <summary>
+    /// The user has permission to edit the cipher.
+    /// </summary>
+    public bool Edit { get; set; }
+
+    /// <summary>
+    /// The user has manage level access to the cipher.
+    /// </summary>
+    public bool Manage { get; set; }
+}