[PM-12479] - Adding group-details endpoint (#4959)

✨ Added group-details endpoint. Moved group auth handler to AdminConsole directory. --------- Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
2025-12-31 07:33:43 +00:00 · 2024-11-12 11:25:36 -06:00
parent 25afd50ab4
commit f2bf9ea9f8
16 changed files with 323 additions and 225 deletions
--- a/src/Core/AdminConsole/OrganizationFeatures/Groups/Authorization/GroupAuthorizationHandler.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Groups/Authorization/GroupAuthorizationHandler.cs
@@ -0,0 +1,43 @@
+#nullable enable
+using Bit.Core.AdminConsole.OrganizationFeatures.Shared.Authorization;
+using Bit.Core.Context;
+using Bit.Core.Enums;
+using Microsoft.AspNetCore.Authorization;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.Groups.Authorization;
+
+public class GroupAuthorizationHandler(ICurrentContext currentContext)
+    : AuthorizationHandler<GroupOperationRequirement, OrganizationScope>
+{
+    protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context,
+        GroupOperationRequirement requirement, OrganizationScope organizationScope)
+    {
+        var authorized = requirement switch
+        {
+            not null when requirement.Name == nameof(GroupOperations.ReadAll) =>
+                await CanReadAllAsync(organizationScope),
+            not null when requirement.Name == nameof(GroupOperations.ReadAllDetails) =>
+                await CanViewGroupDetailsAsync(organizationScope),
+            _ => false
+        };
+
+        if (requirement is not null && authorized)
+        {
+            context.Succeed(requirement);
+        }
+    }
+
+    private async Task<bool> CanReadAllAsync(OrganizationScope organizationScope) =>
+        currentContext.GetOrganization(organizationScope) is not null
+        || await currentContext.ProviderUserForOrgAsync(organizationScope);
+
+    private async Task<bool> CanViewGroupDetailsAsync(OrganizationScope organizationScope) =>
+        currentContext.GetOrganization(organizationScope) is
+    { Type: OrganizationUserType.Owner } or
+    { Type: OrganizationUserType.Admin } or
+    {
+        Permissions: { ManageGroups: true } or
+        { ManageUsers: true }
+    } ||
+        await currentContext.ProviderUserForOrgAsync(organizationScope);
+}
--- a/src/Core/AdminConsole/OrganizationFeatures/Groups/Authorization/GroupOperations.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Groups/Authorization/GroupOperations.cs
@@ -0,0 +1,17 @@
+using Microsoft.AspNetCore.Authorization.Infrastructure;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.Groups.Authorization;
+
+public class GroupOperationRequirement : OperationAuthorizationRequirement
+{
+    public GroupOperationRequirement(string name)
+    {
+        Name = name;
+    }
+}
+
+public static class GroupOperations
+{
+    public static readonly GroupOperationRequirement ReadAll = new(nameof(ReadAll));
+    public static readonly GroupOperationRequirement ReadAllDetails = new(nameof(ReadAllDetails));
+}