[PM-12474] Move to authorization to attibutes/handlers/requirements (#6001)

* Created ReadAllOrganizationUsersBasicInformationRequirement for use with Authorize attribute. * Removed unused req and Handler and tests. Moved to new auth attribute * Moved tests to integration tests with new response. * Removed tests that were migrated to integration tests. * Made string params Guids instead of parsing them manually in methods. * Admin and Owner added to requirement. * Added XML docs for basic get endpoint. Removed unused. Added another auth check. Inverted if check. * Removed unused endpoint * Added tests for requirement * Added checks for both User and Custom * Added org id check to validate the user being requested belongs to the org in the route. * typo
2026-01-04 17:43:53 +00:00 · 2025-07-15 07:52:47 -05:00
parent 93a00373d2
commit c4965350d1
8 changed files with 253 additions and 307 deletions
--- a/src/Api/AdminConsole/Authorization/Requirements/ManageGroupsOrUsersRequirement.cs
+++ b/src/Api/AdminConsole/Authorization/Requirements/ManageGroupsOrUsersRequirement.cs
@@ -0,0 +1,17 @@
+using Bit.Core.Context;
+using Bit.Core.Enums;
+
+namespace Bit.Api.AdminConsole.Authorization.Requirements;
+
+public class ManageGroupsOrUsersRequirement : IOrganizationRequirement
+{
+    public async Task<bool> AuthorizeAsync(CurrentContextOrganization organizationClaims, Func<Task<bool>> isProviderUserForOrg) =>
+        organizationClaims switch
+        {
+            { Type: OrganizationUserType.Owner } => true,
+            { Type: OrganizationUserType.Admin } => true,
+            { Permissions.ManageGroups: true } => true,
+            { Permissions.ManageUsers: true } => true,
+            _ => await isProviderUserForOrg()
+        };
+}