From 267637f21242e89e3ab7af5e14cdf624cb973c99 Mon Sep 17 00:00:00 2001 From: Thomas Rittson Date: Thu, 26 Sep 2024 11:07:28 +1000 Subject: [PATCH] Expand IPolicyStrategy responsibilities --- .../Policies/IPolicyStrategy.cs | 48 +++++++++++++------ 1 file changed, 34 insertions(+), 14 deletions(-) diff --git a/src/Core/AdminConsole/OrganizationFeatures/Policies/IPolicyStrategy.cs b/src/Core/AdminConsole/OrganizationFeatures/Policies/IPolicyStrategy.cs index 9b3b43d8f5..931e8c7cc5 100644 --- a/src/Core/AdminConsole/OrganizationFeatures/Policies/IPolicyStrategy.cs +++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/IPolicyStrategy.cs @@ -1,9 +1,12 @@ -using Bit.Core.AdminConsole.Entities; +#nullable enable + +using Bit.Core.AdminConsole.Entities; using Bit.Core.AdminConsole.Enums; +using Bit.Core.Entities; namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies; -public interface IPolicyStrategy +public interface IPolicyStrategy { /// /// The PolicyType that the strategy is responsible for handling. @@ -11,20 +14,37 @@ public interface IPolicyStrategy public PolicyType Type { get; } /// - /// A method that is called when the policy state changes from disabled to enabled, before - /// it is saved to the database. - /// For example, this can be used for validation before saving or for side effects. + /// A factory that transforms the untyped Policy.Data JSON object to a domain specific object, + /// usually used for additional policy configuration. /// - /// The updated policy object. - /// The current user who is updating the policy. - public Task HandleEnable(Policy policy, Guid? savingUserId); + public Func? DataFactory { get; } /// - /// A method that is called when the policy state changes from enabled to disabled, before - /// it is saved to the database. - /// For example, this can be used for validation before saving or for side effects. + /// A predicate function that returns true if a policy should be enforced against a user + /// and false otherwise. This does not need to check Organization.UsePolicies or Policy.Enabled. /// - /// The updated policy object. - /// The current user who is updating the policy. - public Task HandleDisable(Policy policy, Guid? savingUserId); + public Predicate<(OrganizationUser, Policy)> Filter { get; } + + /// + /// A reducer function that reduces Policies into policy requirements (as defined by TRequirement). + /// This is used to reconcile policies of the same type from different organizations and combine them into + /// a single object that represents the requirements of the domain. + /// + public (Func reducer, TRequirement initialValue) Reducer { get; } + + /// + /// Validates a policy before saving it. + /// + /// The current policy, if any + /// The modified policy to be saved + /// A sequence of validation errors if validation was unsuccessful + public IEnumerable? Validate(Policy? currentPolicy, Policy modifiedPolicy); + + /// + /// Optionally performs side effects after a policy is validated but before it is saved. + /// For example, this can be used to remove non-compliant users from the organization. + /// + /// The current policy, if any + /// The modified policy to be saved + public Task OnSaveSideEffects(Policy? currentPolicy, Policy modifiedPolicy); }