[SM-896] restricting access to disabled orgs

[cd-bitwarden]

Type of change

- [ ] Bug fix
- [ x ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

Disabled access to api endpoints that are not longer enabled

Code changes

src/Core/Context/CurrentContextOrganization.cs - Added check for orgUser.Enabled
src/Identity/IdentityServer/ClientStore.cs - Added a check for org.Enabled

Before you submit

• Please check for formatting errors (dotnet format --verify-no-changes) (required)
• If making database changes - make sure you also update Entity Framework queries and/or migrations
• Please add unit tests where it makes sense to do so (encouraged but not required)
• If this change requires a documentation update - notify the documentation team
• If this change has particular deployment requirements - notify the DevOps team

[bitwarden-bot]

Checkmarx One – Scan Summary & Details – 45a11e7b-e103-4730-86d0-98b2d90271e7

No New Or Fixed Issues Found

[Thomas-Avery]

Looks good!

We should update all the Secrets Manager endpoint SmNotEnabled integration tests to test for this new condition.

Here is an example of one

server/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs

Lines 58 to 69 in 90d600d

	[Theory]
	[InlineData(false, false)]
	[InlineData(true, false)]
	[InlineData(false, true)]
	public async Task ListByOrganization_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets)
	{
	var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets);
	await LoginAsync(_email);
	var response = await _client.GetAsync($"/organizations/{org.Id}/secrets");
	Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
	}

[Thomas-Avery]

Changes look good from SM side.

We will want auth to review as well.

[JaredSnider-Bitwarden]

This is looking great! Only two minor questions.

[JaredSnider-Bitwarden]

LGTM!

[Thomas-Avery]

Looks good, thank you!