bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2025-12-20 10:13:39 +00:00
Code Issues Releases Wiki Activity
Files
84a984a9e6595e6499ce0477d1099bc2cc954476
server/src/Api/AdminConsole/Authorization/OrganizationRequirementHandler.cs
Thomas Rittson 84a984a9e6 [PM-19585] Use Authorize attributes for simple role authorization (#5555) 
- Add Authorize<T> attribute
- Add IOrganizationRequirement and example implementation
- Add OrganizationRequirementHandler
- Add extension methods (replacing ICurrentContext)
- Move custom permissions claim definitions

---
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by:  Audrey  <ajensen@bitwarden.com>
2025-04-15 14:36:00 +10:00

50 lines
1.9 KiB
C#
Raw Blame History

#nullable enable
using Bit.Core.AdminConsole.Repositories;
using Bit.Core.Services;
using Microsoft.AspNetCore.Authorization;
namespace Bit.Api.AdminConsole.Authorization;
/// <summary>
/// Handles any requirement that implements <see cref="IOrganizationRequirement"/>.
/// Retrieves the Organization ID from the route and then passes it to the requirement's AuthorizeAsync callback to
/// determine whether the action is authorized.
/// </summary>
public class OrganizationRequirementHandler(
IHttpContextAccessor httpContextAccessor,
IProviderUserRepository providerUserRepository,
IUserService userService)
: AuthorizationHandler<IOrganizationRequirement>
{
public const string NoHttpContextError = "This method should only be called in the context of an HTTP Request.";
public const string NoUserIdError = "This method should only be called on the private api with a logged in user.";
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, IOrganizationRequirement requirement)
{
var httpContext = httpContextAccessor.HttpContext;
if (httpContext == null)
{
throw new InvalidOperationException(NoHttpContextError);
}
var organizationId = httpContext.GetOrganizationId();
var organizationClaims = httpContext.User.GetCurrentContextOrganization(organizationId);
var userId = userService.GetProperUserId(httpContext.User);
if (userId == null)
{
throw new InvalidOperationException(NoUserIdError);
}
Task<bool> IsProviderUserForOrg() => httpContext.IsProviderUserForOrgAsync(providerUserRepository, userId.Value, organizationId);
var authorized = await requirement.AuthorizeAsync(organizationClaims, IsProviderUserForOrg);
if (authorized)
{
context.Succeed(requirement);
}
}
}
Reference in New Issue View Git Blame Copy Permalink