bitwarden · r-tome · Apr 7, 2026 · Mar 31, 2026 · Mar 31, 2026 · Mar 31, 2026
@@ -10,7 +10,6 @@
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationDomains.Interfaces;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
-using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyUpdateEvents.Interfaces;
 using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Auth.Models.Business.Tokenables;
 using Bit.Core.Context;
@@ -32,7 +31,7 @@ public class PoliciesController : Controller
     private readonly IOrganizationUserRepository _organizationUserRepository;
     private readonly IDataProtectorTokenFactory<OrgUserInviteTokenable> _orgUserInviteTokenDataFactory;
     private readonly IPolicyRepository _policyRepository;
-    private readonly IVNextSavePolicyCommand _vNextSavePolicyCommand;
+    private readonly ISavePolicyCommand _savePolicyCommand;
     private readonly IPolicyQuery _policyQuery;
 
     public PoliciesController(IPolicyRepository policyRepository,
@@ -41,7 +40,7 @@ public PoliciesController(IPolicyRepository policyRepository,
         IDataProtectorTokenFactory<OrgUserInviteTokenable> orgUserInviteTokenDataFactory,
         IOrganizationHasVerifiedDomainsQuery organizationHasVerifiedDomainsQuery,
         IOrganizationRepository organizationRepository,
-        IVNextSavePolicyCommand vNextSavePolicyCommand,
+        ISavePolicyCommand savePolicyCommand,
         IPolicyQuery policyQuery)
     {
         _policyRepository = policyRepository;
@@ -50,7 +49,7 @@ public PoliciesController(IPolicyRepository policyRepository,
         _organizationRepository = organizationRepository;
         _orgUserInviteTokenDataFactory = orgUserInviteTokenDataFactory;
         _organizationHasVerifiedDomainsQuery = organizationHasVerifiedDomainsQuery;
-        _vNextSavePolicyCommand = vNextSavePolicyCommand;
+        _savePolicyCommand = savePolicyCommand;
         _policyQuery = policyQuery;
     }
 
@@ -146,7 +145,7 @@ public async Task<PolicyResponseModel> PutVNext(Guid orgId, PolicyType type, [Fr
     {
         var savePolicyRequest = await model.ToSavePolicyModelAsync(orgId, type, _currentContext);
 
-        var policy = await _vNextSavePolicyCommand.SaveAsync(savePolicyRequest);
+        var policy = await _savePolicyCommand.SaveAsync(savePolicyRequest);
 
         return new PolicyResponseModel(policy);
     }

@@ -6,7 +6,7 @@
 using Bit.Api.AdminConsole.Public.Models.Response;
 using Bit.Api.Models.Public.Response;
 using Bit.Core.AdminConsole.Enums;
-using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyUpdateEvents.Interfaces;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Context;
 using Microsoft.AspNetCore.Authorization;
@@ -20,16 +20,16 @@ public class PoliciesController : Controller
 {
     private readonly IPolicyRepository _policyRepository;
     private readonly ICurrentContext _currentContext;
-    private readonly IVNextSavePolicyCommand _vNextSavePolicyCommand;
+    private readonly ISavePolicyCommand _savePolicyCommand;
 
     public PoliciesController(
         IPolicyRepository policyRepository,
         ICurrentContext currentContext,
-        IVNextSavePolicyCommand vNextSavePolicyCommand)
+        ISavePolicyCommand savePolicyCommand)
     {
         _policyRepository = policyRepository;
         _currentContext = currentContext;
-        _vNextSavePolicyCommand = vNextSavePolicyCommand;
+        _savePolicyCommand = savePolicyCommand;
     }
 
     /// <summary>
@@ -84,7 +84,7 @@ public async Task<IActionResult> List()
     public async Task<IActionResult> Put(PolicyType type, [FromBody] PolicyUpdateRequestModel model)
     {
         var savePolicyModel = model.ToSavePolicyModel(_currentContext.OrganizationId!.Value, type);
-        var policy = await _vNextSavePolicyCommand.SaveAsync(savePolicyModel);
+        var policy = await _savePolicyCommand.SaveAsync(savePolicyModel);
 
         var response = new PolicyResponseModel(policy);
         return new JsonResult(response);

@@ -4,8 +4,8 @@
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.Models.Data;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationDomains.Interfaces;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Models;
-using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyUpdateEvents.Interfaces;
 using Bit.Core.Context;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
@@ -24,7 +24,7 @@
     IEventService eventService,
     IGlobalSettings globalSettings,
     ICurrentContext currentContext,
-    IVNextSavePolicyCommand vNextSavePolicyCommand,
+    ISavePolicyCommand savePolicyCommand,
     IMailService mailService,
     IOrganizationUserRepository organizationUserRepository,
     IOrganizationRepository organizationRepository,
@@ -142,7 +142,7 @@
         };
 
         var savePolicyModel = new SavePolicyModel(policyUpdate, actingUser);
-        await vNextSavePolicyCommand.SaveAsync(savePolicyModel);
+        await savePolicyCommand.SaveAsync(savePolicyModel);
     }
 
     private async Task SendVerifiedDomainUserEmailAsync(OrganizationDomain domain)
@@ -150,7 +150,7 @@
        var orgUserUsers = await organizationUserRepository.GetManyDetailsByOrganizationAsync(domain.OrganizationId);

        var domainUserEmails = orgUserUsers
            .Where(ou => ou.Email.ToLower().EndsWith($"@{domain.DomainName.ToLower()}") &&
                         ou.Status != OrganizationUserStatusType.Revoked &&
                         ou.Status != OrganizationUserStatusType.Invited)
            .Select(ou => ou.Email);

@@ -1,15 +1,35 @@
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Models;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyUpdateEvents.Interfaces;
+using Bit.Core.Exceptions;
 
 namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 
+/// <summary>
+/// Handles creating or updating organization policies with validation and side effect execution.
+/// </summary>
+/// <remarks>
+/// Workflow:
+/// 1. Validates organization can use policies
+/// 2. Validates required and dependent policies
+/// 3. Runs policy-specific validation (<see cref="IPolicyValidationEvent"/>)
+/// 4. Executes pre-save logic (<see cref="IOnPolicyPreUpdateEvent"/>)
+/// 5. Saves the policy
+/// 6. Logs the event
+/// 7. Executes post-save logic (<see cref="IOnPolicyPostUpdateEvent"/>)
+/// </remarks>
 public interface ISavePolicyCommand
 {
-    Task<Policy> SaveAsync(PolicyUpdate policy);
-
     /// <summary>
-    /// FIXME: this is a first pass at implementing side effects after the policy has been saved, which was not supported by the validator pattern.
-    /// However, this needs to be implemented in a policy-agnostic way rather than building out switch statements in the command itself.
+    /// Performs the necessary validations, saves the policy and any side effects
     /// </summary>
-    Task<Policy> VNextSaveAsync(SavePolicyModel policyRequest);
+    /// <param name="policyRequest">Policy data, acting user, and metadata.</param>
+    /// <returns>The saved policy with updated revision and applied changes.</returns>
+    /// <exception cref="BadRequestException">
+    /// Thrown if:
+    /// - The organization can’t use policies
+    /// - Dependent policies are missing or block changes
+    /// - Custom validation fails
+    /// </exception>
+    Task<Policy> SaveAsync(SavePolicyModel policyRequest);
 }