From 9cddb769fad6333bd3cb8756d6d7f1e3c7101671 Mon Sep 17 00:00:00 2001
From: Oscar Hinton <Hinton@users.noreply.github.com>
Date: Wed, 22 Feb 2023 11:21:07 +0100
Subject: [PATCH] [SM-504] Fix service account not accessing secrets (#2709)

---
 src/Core/Context/CurrentContext.cs | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/Core/Context/CurrentContext.cs b/src/Core/Context/CurrentContext.cs
index 4411509cd..598f30bbb 100644
--- a/src/Core/Context/CurrentContext.cs
+++ b/src/Core/Context/CurrentContext.cs
@@ -35,6 +35,7 @@ public class CurrentContext : ICurrentContext
     public virtual string ClientId { get; set; }
     public virtual Version ClientVersion { get; set; }
     public virtual ClientType ClientType { get; set; }
+    public virtual Guid? ServiceAccountOrganizationId { get; set; }
 
     public CurrentContext(IProviderUserRepository providerUserRepository)
     {
@@ -146,6 +147,11 @@ public class CurrentContext : ICurrentContext
             ClientType = c;
         }
 
+        if (ClientType == ClientType.ServiceAccount)
+        {
+            ServiceAccountOrganizationId = new Guid(GetClaimValue(claimsDict, Claims.Organization));
+        }
+
         DeviceIdentifier = GetClaimValue(claimsDict, Claims.Device);
 
         Organizations = GetOrganizations(claimsDict, orgApi);
@@ -445,6 +451,11 @@ public class CurrentContext : ICurrentContext
 
     public bool AccessSecretsManager(Guid orgId)
     {
+        if (ServiceAccountOrganizationId.HasValue && ServiceAccountOrganizationId.Value == orgId)
+        {
+            return true;
+        }
+
         return Organizations?.Any(o => o.Id == orgId && o.AccessSecretsManager) ?? false;
     }