[SM-910] Add service account granted policies management endpoints (#3736)

* Add the ability to get multi projects access

* Add access policy helper + tests

* Add new data/request models

* Add access policy operations to repo

* Add authz handler for new operations

* Add new controller endpoints

* add updating service account revision

src/Api/SecretsManager/Models/Request/ServiceAccountGrantedPoliciesRequestModel.cs

@@ -0,0 +1,28 @@
+#nullable enable
+using Bit.Api.SecretsManager.Utilities;
+using Bit.Core.SecretsManager.Entities;
+using Bit.Core.SecretsManager.Models.Data;
+
+namespace Bit.Api.SecretsManager.Models.Request;
+
+public class ServiceAccountGrantedPoliciesRequestModel
+{
+    public required IEnumerable<GrantedAccessPolicyRequest> ProjectGrantedPolicyRequests { get; set; }
+
+    public ServiceAccountGrantedPolicies ToGrantedPolicies(ServiceAccount serviceAccount)
+    {
+        var projectGrantedPolicies = ProjectGrantedPolicyRequests
+            .Select(x => x.ToServiceAccountProjectAccessPolicy(serviceAccount.Id, serviceAccount.OrganizationId))
+            .ToList();
+
+        AccessPolicyHelpers.CheckForDistinctAccessPolicies(projectGrantedPolicies);
+        AccessPolicyHelpers.CheckAccessPoliciesHaveReadPermission(projectGrantedPolicies);
+
+        return new ServiceAccountGrantedPolicies
+        {
+            ServiceAccountId = serviceAccount.Id,
+            OrganizationId = serviceAccount.OrganizationId,
+            ProjectGrantedPolicies = projectGrantedPolicies
+        };
+    }
+}

src/Api/SecretsManager/Models/Response/ServiceAccountGrantedPoliciesPermissionDetailsResponseModel.cs

@@ -0,0 +1,30 @@
+#nullable enable
+using Bit.Core.Models.Api;
+using Bit.Core.SecretsManager.Models.Data;
+
+namespace Bit.Api.SecretsManager.Models.Response;
+
+public class ServiceAccountGrantedPoliciesPermissionDetailsResponseModel : ResponseModel
+{
+    private const string _objectName = "ServiceAccountGrantedPoliciesPermissionDetails";
+
+    public ServiceAccountGrantedPoliciesPermissionDetailsResponseModel(
+        ServiceAccountGrantedPoliciesPermissionDetails? grantedPoliciesPermissionDetails)
+        : base(_objectName)
+    {
+        if (grantedPoliciesPermissionDetails == null)
+        {
+            return;
+        }
+
+        GrantedProjectPolicies = grantedPoliciesPermissionDetails.ProjectGrantedPolicies
+            .Select(x => new ServiceAccountProjectAccessPolicyPermissionDetailsResponseModel(x)).ToList();
+    }
+
+    public ServiceAccountGrantedPoliciesPermissionDetailsResponseModel() : base(_objectName)
+    {
+    }
+
+    public List<ServiceAccountProjectAccessPolicyPermissionDetailsResponseModel> GrantedProjectPolicies { get; set; } =
+        [];
+}

src/Api/SecretsManager/Models/Response/ServiceAccountProjectAccessPolicyPermissionDetailsResponseModel.cs

@@ -0,0 +1,25 @@
+#nullable enable
+using Bit.Core.Models.Api;
+using Bit.Core.SecretsManager.Models.Data;
+
+namespace Bit.Api.SecretsManager.Models.Response;
+
+public class ServiceAccountProjectAccessPolicyPermissionDetailsResponseModel : ResponseModel
+{
+    private const string _objectName = "serviceAccountProjectAccessPolicyPermissionDetails";
+
+    public ServiceAccountProjectAccessPolicyPermissionDetailsResponseModel(
+        ServiceAccountProjectAccessPolicyPermissionDetails apPermissionDetails, string obj = _objectName) : base(obj)
+    {
+        AccessPolicy = new ServiceAccountProjectAccessPolicyResponseModel(apPermissionDetails.AccessPolicy);
+        HasPermission = apPermissionDetails.HasPermission;
+    }
+
+    public ServiceAccountProjectAccessPolicyPermissionDetailsResponseModel()
+        : base(_objectName)
+    {
+    }
+
+    public ServiceAccountProjectAccessPolicyResponseModel AccessPolicy { get; set; } = new();
+    public bool HasPermission { get; set; }
+}