[PM-14378] SecurityTask Authorization Handler

[shane-melton]

🎟️ Tracking

PM-14378

📔 Objective

Implement the SecurityTask authorization handlers with initial operations.

Adds a new CipherOrganizationPermissions_GetManyByOraganizationId query to list all ciphers and their permissions for a given user and organization. Used by the security task handler to determine if a user has access to a security task for a given operation.

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[shane-melton]

ℹ️ A sproc to list the permission for a particular user for every cipher belonging to a specific organization

[github-actions]

Checkmarx One – Scan Summary & Details – a30e662a-ec2e-4661-9d68-73439fd3e35c

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	CSRF	/src/Billing/Controllers/PayPalController.cs: 66	Attack Vector
	Missing_CSP_Header	/src/Core/MailTemplates/Handlebars/AdminConsole/DomainClaimedByOrganization.html.hbs: 5	Attack Vector

Fixed Issues

Severity	Issue	Source File / Package
	CSRF	/src/Api/AdminConsole/Controllers/PoliciesController.cs: 70
	CSRF	/src/Api/Billing/Controllers/OrganizationsController.cs: 52
	CSRF	/src/Billing/Controllers/RecoveryController.cs: 38
	CSRF	/src/Billing/Controllers/StripeController.cs: 164
	CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 470
	CSRF	/src/Api/AdminConsole/Controllers/PoliciesController.cs: 91

[codecov]

Codecov Report

Attention: Patch coverage is 56.71642% with 116 lines in your changes missing coverage. Please review.

Please upload report for BASE (main@7637cbe). Learn more about missing BASE report.

Files with missing lines	Patch %	Lines
...ries/Queries/CipherOrganizationPermissionsQuery.cs	0.00%	50 Missing ⚠️
...tyFramework/Vault/Repositories/CipherRepository.cs	0.00%	38 Missing ⚠️
.../SecurityTasks/SecurityTaskAuthorizationHandler.cs	85.33%	5 Missing and 6 partials ⚠️
...ture.Dapper/Vault/Repositories/CipherRepository.cs	0.00%	9 Missing ⚠️
.../Vault/Queries/GetCipherPermissionsForUserQuery.cs	92.59%	2 Missing and 2 partials ⚠️
...ks/SecurityTaskOrganizationAuthorizationHandler.cs	87.50%	1 Missing and 2 partials ⚠️
.../Vault/Models/Data/OrganizationCipherPermission.cs	85.71%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #5039   +/-   ##
=======================================
  Coverage        ?   43.23%           
=======================================
  Files           ?     1457           
  Lines           ?    66507           
  Branches        ?     6099           
=======================================
  Hits            ?    28753           
  Misses          ?    36458           
  Partials        ?     1296           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[gbubemismith]

This looks really good. Just one question before I approve

[gbubemismith]

👍🏼

[gbubemismith]

👍🏼