bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2025-12-29 06:33:43 +00:00
Code Issues Releases Wiki Activity
Files
88dd9778482dcbc5cf69319ffe1fed1e866009f1
server/src/Api/AdminConsole/Authorization/Requirements/BasePermissionRequirement.cs
Thomas Rittson 88dd977848 [PM-23921] [BEEEP] Add IOrganizationRequirements for each permission (#6105) 
* Add BasePermissionRequirement and implement it for each permission

* Add tests
2025-07-31 11:22:06 +10:00

25 lines
1.1 KiB
C#
Raw Blame History

using Bit.Core.Context;
using Bit.Core.Enums;
using Bit.Core.Models.Data;
namespace Bit.Api.AdminConsole.Authorization.Requirements;
/// <summary>
/// A base implementation of <see cref="IOrganizationRequirement"/> which will authorize Owners, Admins, Providers,
/// and custom users with the permission specified by the permissionPicker constructor parameter. This is suitable
/// for most requirements related to a custom permission.
/// </summary>
/// <param name="permissionPicker">A function that returns a custom permission which will authorize the action.</param>
public abstract class BasePermissionRequirement(Func<Permissions, bool> permissionPicker) : IOrganizationRequirement
{
public async Task<bool> AuthorizeAsync(CurrentContextOrganization? organizationClaims,
Func<Task<bool>> isProviderUserForOrg)
=> organizationClaims switch
{
{ Type: OrganizationUserType.Owner } => true,
{ Type: OrganizationUserType.Admin } => true,
{ Type: OrganizationUserType.Custom } when permissionPicker(organizationClaims.Permissions) => true,
_ => await isProviderUserForOrg()
};
}
Reference in New Issue View Git Blame Copy Permalink