[PM-12474] Move to authorization to attibutes/handlers/requirements (#6001)

* Created ReadAllOrganizationUsersBasicInformationRequirement for use with Authorize attribute. * Removed unused req and Handler and tests. Moved to new auth attribute * Moved tests to integration tests with new response. * Removed tests that were migrated to integration tests. * Made string params Guids instead of parsing them manually in methods. * Admin and Owner added to requirement. * Added XML docs for basic get endpoint. Removed unused. Added another auth check. Inverted if check. * Removed unused endpoint * Added tests for requirement * Added checks for both User and Custom * Added org id check to validate the user being requested belongs to the org in the route. * typo
2026-01-06 18:43:36 +00:00 · 2025-07-15 07:52:47 -05:00
parent 93a00373d2
commit c4965350d1
8 changed files with 253 additions and 307 deletions
--- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/Authorization/OrganizationUserUserMiniDetailsAuthorizationHandler.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/Authorization/OrganizationUserUserMiniDetailsAuthorizationHandler.cs
@@ -1,50 +0,0 @@
-// FIXME: Update this file to be null safe and then delete the line below
-#nullable disable
-
-using Bit.Core.AdminConsole.OrganizationFeatures.Shared.Authorization;
-using Bit.Core.Context;
-using Microsoft.AspNetCore.Authorization;
-
-namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Authorization;
-
-public class OrganizationUserUserMiniDetailsAuthorizationHandler :
-    AuthorizationHandler<OrganizationUserUserMiniDetailsOperationRequirement, OrganizationScope>
-{
-    private readonly ICurrentContext _currentContext;
-
-    public OrganizationUserUserMiniDetailsAuthorizationHandler(ICurrentContext currentContext)
-    {
-        _currentContext = currentContext;
-    }
-
-    protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context,
-        OrganizationUserUserMiniDetailsOperationRequirement requirement, OrganizationScope organizationScope)
-    {
-        var authorized = false;
-
-        switch (requirement)
-        {
-            case not null when requirement.Name == nameof(OrganizationUserUserMiniDetailsOperations.ReadAll):
-                authorized = await CanReadAllAsync(organizationScope);
-                break;
-        }
-
-        if (authorized)
-        {
-            context.Succeed(requirement);
-        }
-    }
-
-    private async Task<bool> CanReadAllAsync(Guid organizationId)
-    {
-        // All organization users can access this data to manage collection access
-        var organization = _currentContext.GetOrganization(organizationId);
-        if (organization != null)
-        {
-            return true;
-        }
-
-        // Providers can also access this to manage the organization generally
-        return await _currentContext.ProviderUserForOrgAsync(organizationId);
-    }
-}