1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-10 15:13:29 +01:00

Expand IPolicyStrategy responsibilities

This commit is contained in:
Thomas Rittson 2024-09-26 11:07:28 +10:00
parent 2d0dd90190
commit 267637f212
No known key found for this signature in database
GPG Key ID: CDDDA03861C35E27

View File

@ -1,9 +1,12 @@
using Bit.Core.AdminConsole.Entities; #nullable enable
using Bit.Core.AdminConsole.Entities;
using Bit.Core.AdminConsole.Enums; using Bit.Core.AdminConsole.Enums;
using Bit.Core.Entities;
namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies; namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies;
public interface IPolicyStrategy public interface IPolicyStrategy<TData, TRequirement>
{ {
/// <summary> /// <summary>
/// The PolicyType that the strategy is responsible for handling. /// The PolicyType that the strategy is responsible for handling.
@ -11,20 +14,37 @@ public interface IPolicyStrategy
public PolicyType Type { get; } public PolicyType Type { get; }
/// <summary> /// <summary>
/// A method that is called when the policy state changes from disabled to enabled, before /// A factory that transforms the untyped Policy.Data JSON object to a domain specific object,
/// it is saved to the database. /// usually used for additional policy configuration.
/// For example, this can be used for validation before saving or for side effects.
/// </summary> /// </summary>
/// <param name="policy">The updated policy object.</param> public Func<object, TData>? DataFactory { get; }
/// <param name="savingUserId">The current user who is updating the policy.</param>
public Task HandleEnable(Policy policy, Guid? savingUserId);
/// <summary> /// <summary>
/// A method that is called when the policy state changes from enabled to disabled, before /// A predicate function that returns true if a policy should be enforced against a user
/// it is saved to the database. /// and false otherwise. This does not need to check Organization.UsePolicies or Policy.Enabled.
/// For example, this can be used for validation before saving or for side effects.
/// </summary> /// </summary>
/// <param name="policy">The updated policy object.</param> public Predicate<(OrganizationUser, Policy)> Filter { get; }
/// <param name="savingUserId">The current user who is updating the policy.</param>
public Task HandleDisable(Policy policy, Guid? savingUserId); /// <summary>
/// A reducer function that reduces Policies into policy requirements (as defined by TRequirement).
/// This is used to reconcile policies of the same type from different organizations and combine them into
/// a single object that represents the requirements of the domain.
/// </summary>
public (Func<TRequirement, Policy> reducer, TRequirement initialValue) Reducer { get; }
/// <summary>
/// Validates a policy before saving it.
/// </summary>
/// <param name="currentPolicy">The current policy, if any</param>
/// <param name="modifiedPolicy">The modified policy to be saved</param>
/// <returns>A sequence of validation errors if validation was unsuccessful</returns>
public IEnumerable<string>? Validate(Policy? currentPolicy, Policy modifiedPolicy);
/// <summary>
/// Optionally performs side effects after a policy is validated but before it is saved.
/// For example, this can be used to remove non-compliant users from the organization.
/// </summary>
/// <param name="currentPolicy">The current policy, if any</param>
/// <param name="modifiedPolicy">The modified policy to be saved</param>
public Task OnSaveSideEffects(Policy? currentPolicy, Policy modifiedPolicy);
} }