Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth/pm-48 #2680

Merged
merged 4 commits into from
Feb 14, 2023
Merged

Auth/pm-48 #2680

merged 4 commits into from
Feb 14, 2023

Conversation

dgoodman-bw
Copy link
Contributor

Type of change

- [ ] Bug fix
- [X] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

This is the first step of adding role-based access control to the Bitwarden Admin Portal. In this PR, custom claims-setting middleware is added that retrieves the user's role from the config file, then adds the role as a claim. In upcoming work, the role claim will be used during each permission check to determine if the user has a given permission.

Code changes

  • CustomClaimsPrincipalFactory.cs This sets all the standard claims, and additionally sets the user's role claim. The role is retrieved using the AccessControlService
  • AccessControlService.cs New service added to handle behavior related to access control. The function added here, GetUserRole(), determines the role from the config, and is used to set the claim.

Before you submit

  • Please check for formatting errors (dotnet format --verify-no-changes) (required)
  • If making database changes - make sure you also update Entity Framework queries and/or migrations
  • Please add unit tests where it makes sense to do so (encouraged but not required)
  • If this change requires a documentation update - notify the documentation team
  • If this change has particular deployment requirements - notify the DevOps team

@dgoodman-bw dgoodman-bw requested a review from a team February 9, 2023 05:38
@dgoodman-bw dgoodman-bw changed the base branch from master to feature/rbac-bitwarden-admin-portal February 10, 2023 00:16
@dgoodman-bw
PM-48 - move registration of CustomClaimsPrincipalFactory, replace ro…
4b79770 
…le claim type string with constant, streamline code that retrieves the user's role
@dgoodman-bw dgoodman-bw requested a review from a team February 14, 2023 15:34
trmartin4
trmartin4 approved these changes Feb 14, 2023
View reviewed changes
Copy link
Member

@trmartin4 trmartin4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for making those changes!

@dgoodman-bw dgoodman-bw merged commit 66333e3 into feature/rbac-bitwarden-admin-portal Feb 14, 2023
@dgoodman-bw dgoodman-bw deleted the Auth/PM-48 branch February 14, 2023 17:31
trmartin4 added a commit that referenced this pull request May 4, 2023
@trmartin4 @dgoodman-bw @jlf0dev
Add RBAC to Bitwarden Portal (#2853)
0bd0910 
* Auth/pm-48 (#2680)

* PM-48 - add user's role as a claim and establish access control service

* PM-48 - remove function unrelated to the role claim

* PM-48 - fix whitespace issues

* PM-48 - move registration of CustomClaimsPrincipalFactory, replace role claim type string with constant, streamline code that retrieves the user's role

* Auth/pm-47 (#2699)

* PM-48 - add user's role as a claim and establish access control service

* PM-48 - remove function unrelated to the role claim

* PM-48 - fix whitespace issues

* PM-47 - add list of permission enums, role:permissions mapping, and function that determines if the logged in user has the given permission

* PM-47 - remove unneeded service registration, set role to lowercase

* PM-47 - fix code style issues

* PM-46 - create permission filter attribute (#2753)

* Auth/pm-54 add rbac for users (#2758)

* PM-54 - add permission gates to User elements

* PM-54 - fix formatting

* PM-54 - remove unused function

* PM-54 - fix variable reference, add permission to billing role

* PM-54 - handle Upgrade Premium button functionality and fix spelling

* PM-54 - change permission name to be more accurate

* PM-49 - update role retrieval (#2779)

* Auth/[PM-50] add rbac for logs (#2782)

* PM-50 - add rbac for logs

* PM-50 - remove unnecessary action filter

* PM-51 - add RBAC for tools (#2799)

* Auth/[pm-52] add rbac providers (#2818)

* PM-52 add rbac for providers

* PM-52 - update redirect action

* PM-52 - add back edit functionality and permission

* PM-52 - reverse changes around removing edit functionality

* PM-52 - moved permission check to variable assignement

* PM-53 - add rbac for organizations (#2798)

* PM-52 - add missed permission to billing role (#2836)

* Fixed merge conflicts.

* [PM-1846] Updates to add RBAC back after merge conflicts (#2870)

* Updates to add RBAC to changes from reseller.

* Added back checks for delete and initiating a trial.

* Removed extraneous Razor tag.

---------

Co-authored-by: dgoodman-bw <109169446+dgoodman-bw@users.noreply.github.com>
Co-authored-by: Danielle Goodman <dgoodman@bitwarden.com>
Co-authored-by: Jacob Fink <jfink@bitwarden.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JaredSnider-Bitwarden JaredSnider-Bitwarden JaredSnider-Bitwarden left review comments

@trmartin4 trmartin4 trmartin4 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dgoodman-bw @trmartin4 @JaredSnider-Bitwarden