[PM-12479] - Adding group-details endpoint (#4959)

✨ Added group-details endpoint. Moved group auth handler to AdminConsole directory. --------- Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
2026-01-10 12:33:49 +00:00 · 2024-11-12 11:25:36 -06:00
parent 25afd50ab4
commit f2bf9ea9f8
16 changed files with 323 additions and 225 deletions
--- a/src/Api/Vault/AuthorizationHandlers/Groups/GroupAuthorizationHandler.cs
+++ b/src/Api/Vault/AuthorizationHandlers/Groups/GroupAuthorizationHandler.cs
@@ -1,62 +0,0 @@
-#nullable enable
-using Bit.Core.Context;
-using Microsoft.AspNetCore.Authorization;
-
-namespace Bit.Api.Vault.AuthorizationHandlers.Groups;
-
-/// <summary>
-/// Handles authorization logic for Group operations.
-/// This uses new logic implemented in the Flexible Collections initiative.
-/// </summary>
-public class GroupAuthorizationHandler : AuthorizationHandler<GroupOperationRequirement>
-{
-    private readonly ICurrentContext _currentContext;
-
-    public GroupAuthorizationHandler(ICurrentContext currentContext)
-    {
-        _currentContext = currentContext;
-    }
-
-    protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context,
-        GroupOperationRequirement requirement)
-    {
-        // Acting user is not authenticated, fail
-        if (!_currentContext.UserId.HasValue)
-        {
-            context.Fail();
-            return;
-        }
-
-        if (requirement.OrganizationId == default)
-        {
-            context.Fail();
-            return;
-        }
-
-        var org = _currentContext.GetOrganization(requirement.OrganizationId);
-
-        switch (requirement)
-        {
-            case not null when requirement.Name == nameof(GroupOperations.ReadAll):
-                await CanReadAllAsync(context, requirement, org);
-                break;
-        }
-    }
-
-    private async Task CanReadAllAsync(AuthorizationHandlerContext context, GroupOperationRequirement requirement,
-        CurrentContextOrganization? org)
-    {
-        // All users of an organization can read all groups belonging to the organization for collection access management
-        if (org is not null)
-        {
-            context.Succeed(requirement);
-            return;
-        }
-
-        // Allow provider users to read all groups if they are a provider for the target organization
-        if (await _currentContext.ProviderUserForOrgAsync(requirement.OrganizationId))
-        {
-            context.Succeed(requirement);
-        }
-    }
-}
--- a/src/Api/Vault/AuthorizationHandlers/Groups/GroupOperations.cs
+++ b/src/Api/Vault/AuthorizationHandlers/Groups/GroupOperations.cs
@@ -1,22 +0,0 @@
-using Microsoft.AspNetCore.Authorization.Infrastructure;
-
-namespace Bit.Api.Vault.AuthorizationHandlers.Groups;
-
-public class GroupOperationRequirement : OperationAuthorizationRequirement
-{
-    public Guid OrganizationId { get; init; }
-
-    public GroupOperationRequirement(string name, Guid organizationId)
-    {
-        Name = name;
-        OrganizationId = organizationId;
-    }
-}
-
-public static class GroupOperations
-{
-    public static GroupOperationRequirement ReadAll(Guid organizationId)
-    {
-        return new GroupOperationRequirement(nameof(ReadAll), organizationId);
-    }
-}