[PM-24279] Add vnext policy endpoint (#6253)

2026-01-06 02:23:51 +00:00 · 2025-09-10 10:13:04 -04:00
parent 52045b89fa
commit d43b00dad9
19 changed files with 908 additions and 136 deletions
--- a/src/Api/AdminConsole/Controllers/PoliciesController.cs
+++ b/src/Api/AdminConsole/Controllers/PoliciesController.cs
@@ -1,10 +1,13 @@
 // FIXME: Update this file to be null safe and then delete the line below
 #nullable disable

+using Bit.Api.AdminConsole.Authorization;
+using Bit.Api.AdminConsole.Authorization.Requirements;
 using Bit.Api.AdminConsole.Models.Request;
 using Bit.Api.AdminConsole.Models.Response.Helpers;
 using Bit.Api.AdminConsole.Models.Response.Organizations;
 using Bit.Api.Models.Response;
+using Bit.Core;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationDomains.Interfaces;
@@ -30,7 +33,6 @@ namespace Bit.Api.AdminConsole.Controllers;
 public class PoliciesController : Controller
 {
    private readonly ICurrentContext _currentContext;
-    private readonly IFeatureService _featureService;
    private readonly GlobalSettings _globalSettings;
    private readonly IOrganizationHasVerifiedDomainsQuery _organizationHasVerifiedDomainsQuery;
    private readonly IOrganizationRepository _organizationRepository;
@@ -49,7 +51,6 @@ public class PoliciesController : Controller
        GlobalSettings globalSettings,
        IDataProtectionProvider dataProtectionProvider,
        IDataProtectorTokenFactory<OrgUserInviteTokenable> orgUserInviteTokenDataFactory,
-        IFeatureService featureService,
        IOrganizationHasVerifiedDomainsQuery organizationHasVerifiedDomainsQuery,
        IOrganizationRepository organizationRepository,
        ISavePolicyCommand savePolicyCommand)
@@ -63,7 +64,6 @@ public class PoliciesController : Controller
            "OrganizationServiceDataProtector");
        _organizationRepository = organizationRepository;
        _orgUserInviteTokenDataFactory = orgUserInviteTokenDataFactory;
-        _featureService = featureService;
        _organizationHasVerifiedDomainsQuery = organizationHasVerifiedDomainsQuery;
        _savePolicyCommand = savePolicyCommand;
    }
@@ -212,4 +212,18 @@ public class PoliciesController : Controller
        var policy = await _savePolicyCommand.SaveAsync(policyUpdate);
        return new PolicyResponseModel(policy);
    }
+
+
+    [HttpPut("{type}/vnext")]
+    [RequireFeatureAttribute(FeatureFlagKeys.CreateDefaultLocation)]
+    [Authorize<ManagePoliciesRequirement>]
+    public async Task<PolicyResponseModel> PutVNext(Guid orgId, [FromBody] SavePolicyRequest model)
+    {
+        var savePolicyRequest = await model.ToSavePolicyModelAsync(orgId, _currentContext);
+
+        var policy = await _savePolicyCommand.VNextSaveAsync(savePolicyRequest);
+
+        return new PolicyResponseModel(policy);
+    }
+
 }
--- a/src/Api/AdminConsole/Models/Request/SavePolicyRequest.cs
+++ b/src/Api/AdminConsole/Models/Request/SavePolicyRequest.cs
@@ -0,0 +1,61 @@
+using System.ComponentModel.DataAnnotations;
+using System.Text.Json;
+using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.Models.Data;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Models;
+using Bit.Core.Context;
+using Bit.Core.Utilities;
+
+namespace Bit.Api.AdminConsole.Models.Request;
+
+public class SavePolicyRequest
+{
+    [Required]
+    public PolicyRequestModel Policy { get; set; } = null!;
+
+    public Dictionary<string, object>? Metadata { get; set; }
+
+    public async Task<SavePolicyModel> ToSavePolicyModelAsync(Guid organizationId, ICurrentContext currentContext)
+    {
+        var performedBy = new StandardUser(currentContext.UserId!.Value, await currentContext.OrganizationOwner(organizationId));
+
+        var updatedPolicy = new PolicyUpdate()
+        {
+            Type = Policy.Type!.Value,
+            OrganizationId = organizationId,
+            Data = Policy.Data != null ? JsonSerializer.Serialize(Policy.Data) : null,
+            Enabled = Policy.Enabled.GetValueOrDefault(),
+        };
+
+        var metadata = MapToPolicyMetadata();
+
+        return new SavePolicyModel(updatedPolicy, performedBy, metadata);
+    }
+
+    private IPolicyMetadataModel MapToPolicyMetadata()
+    {
+        if (Metadata == null)
+        {
+            return new EmptyMetadataModel();
+        }
+
+        return Policy?.Type switch
+        {
+            PolicyType.OrganizationDataOwnership => MapToPolicyMetadata<OrganizationModelOwnershipPolicyModel>(),
+            _ => new EmptyMetadataModel()
+        };
+    }
+
+    private IPolicyMetadataModel MapToPolicyMetadata<T>() where T : IPolicyMetadataModel, new()
+    {
+        try
+        {
+            var json = JsonSerializer.Serialize(Metadata);
+            return CoreHelpers.LoadClassFromJsonData<T>(json);
+        }
+        catch
+        {
+            return new EmptyMetadataModel();
+        }
+    }
+}
--- a/src/Api/AdminConsole/Models/Response/Organizations/PolicyResponseModel.cs
+++ b/src/Api/AdminConsole/Models/Response/Organizations/PolicyResponseModel.cs
@@ -10,6 +10,10 @@ namespace Bit.Api.AdminConsole.Models.Response.Organizations;

 public class PolicyResponseModel : ResponseModel
 {
+    public PolicyResponseModel() : base("policy")
+    {
+    }
+
    public PolicyResponseModel(Policy policy, string obj = "policy")
        : base(obj)
    {