1
0
mirror of https://github.com/bitwarden/browser.git synced 2025-01-19 20:51:35 +01:00

Split Organization.LimitCollectionCreationDeletion into two separate business rules (#11223)

* Declare feature flag

* Introduce new model properties

* Reference feature toggle in template

* Fix bugs caught during manual testing
This commit is contained in:
Addison Beck 2024-10-17 06:34:34 -04:00 committed by GitHub
parent 80e6b1afd1
commit 073ee4739b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
12 changed files with 120 additions and 25 deletions

View File

@ -52,7 +52,11 @@
<form <form
*ngIf="org && !loading" *ngIf="org && !loading"
[bitSubmit]="submitCollectionManagement" [bitSubmit]="submitCollectionManagement"
[formGroup]="collectionManagementFormGroup" [formGroup]="
limitCollectionCreationDeletionSplitFeatureFlagIsEnabled
? collectionManagementFormGroup_VNext
: collectionManagementFormGroup
"
> >
<h1 bitTypography="h1" class="tw-mt-16 tw-pb-2.5">{{ "collectionManagement" | i18n }}</h1> <h1 bitTypography="h1" class="tw-mt-16 tw-pb-2.5">{{ "collectionManagement" | i18n }}</h1>
<p bitTypography="body1">{{ "collectionManagementDesc" | i18n }}</p> <p bitTypography="body1">{{ "collectionManagementDesc" | i18n }}</p>
@ -60,12 +64,24 @@
<bit-label>{{ "allowAdminAccessToAllCollectionItemsDesc" | i18n }}</bit-label> <bit-label>{{ "allowAdminAccessToAllCollectionItemsDesc" | i18n }}</bit-label>
<input type="checkbox" bitCheckbox formControlName="allowAdminAccessToAllCollectionItems" /> <input type="checkbox" bitCheckbox formControlName="allowAdminAccessToAllCollectionItems" />
</bit-form-control> </bit-form-control>
<ng-container *ngIf="limitCollectionCreationDeletionSplitFeatureFlagIsEnabled">
<bit-form-control>
<bit-label>{{ "limitCollectionCreationDesc" | i18n }}</bit-label>
<input type="checkbox" bitCheckbox formControlName="limitCollectionCreation" />
</bit-form-control>
<bit-form-control>
<bit-label>{{ "limitCollectionDeletionDesc" | i18n }}</bit-label>
<input type="checkbox" bitCheckbox formControlName="limitCollectionDeletion" />
</bit-form-control>
</ng-container>
<ng-container *ngIf="!limitCollectionCreationDeletionSplitFeatureFlagIsEnabled">
<bit-form-control> <bit-form-control>
<bit-label>{{ "limitCollectionCreationDeletionDesc" | i18n }}</bit-label> <bit-label>{{ "limitCollectionCreationDeletionDesc" | i18n }}</bit-label>
<input type="checkbox" bitCheckbox formControlName="limitCollectionCreationDeletion" /> <input type="checkbox" bitCheckbox formControlName="limitCollectionCreationDeletion" />
</bit-form-control> </bit-form-control>
</ng-container>
<button <button
*ngIf="!selfHosted" *ngIf="!selfHosted || limitCollectionCreationDeletionSplitFeatureFlagIsEnabled"
type="submit" type="submit"
bitButton bitButton
bitFormButton bitFormButton

View File

@ -10,6 +10,8 @@ import { OrganizationCollectionManagementUpdateRequest } from "@bitwarden/common
import { OrganizationKeysRequest } from "@bitwarden/common/admin-console/models/request/organization-keys.request"; import { OrganizationKeysRequest } from "@bitwarden/common/admin-console/models/request/organization-keys.request";
import { OrganizationUpdateRequest } from "@bitwarden/common/admin-console/models/request/organization-update.request"; import { OrganizationUpdateRequest } from "@bitwarden/common/admin-console/models/request/organization-update.request";
import { OrganizationResponse } from "@bitwarden/common/admin-console/models/response/organization.response"; import { OrganizationResponse } from "@bitwarden/common/admin-console/models/response/organization.response";
import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service"; import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service"; import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service"; import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
@ -38,6 +40,8 @@ export class AccountComponent implements OnInit, OnDestroy {
org: OrganizationResponse; org: OrganizationResponse;
taxFormPromise: Promise<unknown>; taxFormPromise: Promise<unknown>;
limitCollectionCreationDeletionSplitFeatureFlagIsEnabled: boolean;
// FormGroup validators taken from server Organization domain object // FormGroup validators taken from server Organization domain object
protected formGroup = this.formBuilder.group({ protected formGroup = this.formBuilder.group({
orgName: this.formBuilder.control( orgName: this.formBuilder.control(
@ -53,6 +57,7 @@ export class AccountComponent implements OnInit, OnDestroy {
), ),
}); });
// Deprecated. Delete with https://bitwarden.atlassian.net/browse/PM-10863
protected collectionManagementFormGroup = this.formBuilder.group({ protected collectionManagementFormGroup = this.formBuilder.group({
limitCollectionCreationDeletion: this.formBuilder.control({ value: false, disabled: true }), limitCollectionCreationDeletion: this.formBuilder.control({ value: false, disabled: true }),
allowAdminAccessToAllCollectionItems: this.formBuilder.control({ allowAdminAccessToAllCollectionItems: this.formBuilder.control({
@ -61,6 +66,15 @@ export class AccountComponent implements OnInit, OnDestroy {
}), }),
}); });
protected collectionManagementFormGroup_VNext = this.formBuilder.group({
limitCollectionCreation: this.formBuilder.control({ value: false, disabled: false }),
limitCollectionDeletion: this.formBuilder.control({ value: false, disabled: false }),
allowAdminAccessToAllCollectionItems: this.formBuilder.control({
value: false,
disabled: false,
}),
});
protected organizationId: string; protected organizationId: string;
protected publicKeyBuffer: Uint8Array; protected publicKeyBuffer: Uint8Array;
@ -78,11 +92,17 @@ export class AccountComponent implements OnInit, OnDestroy {
private dialogService: DialogService, private dialogService: DialogService,
private formBuilder: FormBuilder, private formBuilder: FormBuilder,
private toastService: ToastService, private toastService: ToastService,
private configService: ConfigService,
) {} ) {}
async ngOnInit() { async ngOnInit() {
this.selfHosted = this.platformUtilsService.isSelfHost(); this.selfHosted = this.platformUtilsService.isSelfHost();
this.configService
.getFeatureFlag$(FeatureFlag.LimitCollectionCreationDeletionSplit)
.pipe(takeUntil(this.destroy$))
.subscribe((x) => (this.limitCollectionCreationDeletionSplitFeatureFlagIsEnabled = x));
this.route.params this.route.params
.pipe( .pipe(
switchMap((params) => this.organizationService.get$(params.organizationId)), switchMap((params) => this.organizationService.get$(params.organizationId)),
@ -104,11 +124,16 @@ export class AccountComponent implements OnInit, OnDestroy {
this.canUseApi = organization.useApi; this.canUseApi = organization.useApi;
// Update disabled states - reactive forms prefers not using disabled attribute // Update disabled states - reactive forms prefers not using disabled attribute
// Disabling these fields for self hosted orgs is deprecated
// This block can be completely removed as part of
// https://bitwarden.atlassian.net/browse/PM-10863
if (!this.limitCollectionCreationDeletionSplitFeatureFlagIsEnabled) {
if (!this.selfHosted) { if (!this.selfHosted) {
this.formGroup.get("orgName").enable(); this.formGroup.get("orgName").enable();
this.collectionManagementFormGroup.get("limitCollectionCreationDeletion").enable(); this.collectionManagementFormGroup.get("limitCollectionCreationDeletion").enable();
this.collectionManagementFormGroup.get("allowAdminAccessToAllCollectionItems").enable(); this.collectionManagementFormGroup.get("allowAdminAccessToAllCollectionItems").enable();
} }
}
if (!this.selfHosted && this.canEditSubscription) { if (!this.selfHosted && this.canEditSubscription) {
this.formGroup.get("billingEmail").enable(); this.formGroup.get("billingEmail").enable();
@ -125,10 +150,18 @@ export class AccountComponent implements OnInit, OnDestroy {
orgName: this.org.name, orgName: this.org.name,
billingEmail: this.org.billingEmail, billingEmail: this.org.billingEmail,
}); });
if (this.limitCollectionCreationDeletionSplitFeatureFlagIsEnabled) {
this.collectionManagementFormGroup_VNext.patchValue({
limitCollectionCreation: this.org.limitCollectionCreation,
limitCollectionDeletion: this.org.limitCollectionDeletion,
allowAdminAccessToAllCollectionItems: this.org.allowAdminAccessToAllCollectionItems,
});
} else {
this.collectionManagementFormGroup.patchValue({ this.collectionManagementFormGroup.patchValue({
limitCollectionCreationDeletion: this.org.limitCollectionCreationDeletion, limitCollectionCreationDeletion: this.org.limitCollectionCreationDeletion,
allowAdminAccessToAllCollectionItems: this.org.allowAdminAccessToAllCollectionItems, allowAdminAccessToAllCollectionItems: this.org.allowAdminAccessToAllCollectionItems,
}); });
}
this.loading = false; this.loading = false;
}); });
@ -177,15 +210,23 @@ export class AccountComponent implements OnInit, OnDestroy {
submitCollectionManagement = async () => { submitCollectionManagement = async () => {
// Early exit if self-hosted // Early exit if self-hosted
if (this.selfHosted) { if (this.selfHosted && !this.limitCollectionCreationDeletionSplitFeatureFlagIsEnabled) {
return; return;
} }
const request = new OrganizationCollectionManagementUpdateRequest(); const request = new OrganizationCollectionManagementUpdateRequest();
if (this.limitCollectionCreationDeletionSplitFeatureFlagIsEnabled) {
request.limitCollectionCreation =
this.collectionManagementFormGroup_VNext.value.limitCollectionCreation;
request.limitCollectionDeletion =
this.collectionManagementFormGroup_VNext.value.limitCollectionDeletion;
request.allowAdminAccessToAllCollectionItems =
this.collectionManagementFormGroup_VNext.value.allowAdminAccessToAllCollectionItems;
} else {
request.limitCreateDeleteOwnerAdmin = request.limitCreateDeleteOwnerAdmin =
this.collectionManagementFormGroup.value.limitCollectionCreationDeletion; this.collectionManagementFormGroup.value.limitCollectionCreationDeletion;
request.allowAdminAccessToAllCollectionItems = request.allowAdminAccessToAllCollectionItems =
this.collectionManagementFormGroup.value.allowAdminAccessToAllCollectionItems; this.collectionManagementFormGroup.value.allowAdminAccessToAllCollectionItems;
}
await this.organizationApiService.updateCollectionManagement(this.organizationId, request); await this.organizationApiService.updateCollectionManagement(this.organizationId, request);

View File

@ -8201,6 +8201,12 @@
"limitCollectionCreationDeletionDesc": { "limitCollectionCreationDeletionDesc": {
"message": "Limit collection creation and deletion to owners and admins" "message": "Limit collection creation and deletion to owners and admins"
}, },
"limitCollectionCreationDesc": {
"message": "Limit collection creation to owners and admins"
},
"limitCollectionDeletionDesc": {
"message": "Limit collection deletion to owners and admins"
},
"allowAdminAccessToAllCollectionItemsDesc": { "allowAdminAccessToAllCollectionItemsDesc": {
"message": "Owners and admins can manage all collections and items" "message": "Owners and admins can manage all collections and items"
}, },

View File

@ -74,7 +74,7 @@ export class CollectionView implements View, ITreeNodeObject {
); );
} }
const canDeleteManagedCollections = !org?.limitCollectionCreationDeletion || org.isAdmin; const canDeleteManagedCollections = !org?.limitCollectionDeletion || org.isAdmin;
// Only use individual permissions, not admin permissions // Only use individual permissions, not admin permissions
return canDeleteManagedCollections && this.manage; return canDeleteManagedCollections && this.manage;

View File

@ -51,6 +51,9 @@ describe("ORGANIZATIONS state", () => {
keyConnectorEnabled: false, keyConnectorEnabled: false,
keyConnectorUrl: "kcu", keyConnectorUrl: "kcu",
accessSecretsManager: false, accessSecretsManager: false,
limitCollectionCreation: false,
limitCollectionDeletion: false,
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
limitCollectionCreationDeletion: false, limitCollectionCreationDeletion: false,
allowAdminAccessToAllCollectionItems: false, allowAdminAccessToAllCollectionItems: false,
familySponsorshipLastSyncDate: new Date(), familySponsorshipLastSyncDate: new Date(),

View File

@ -52,6 +52,9 @@ export class OrganizationData {
familySponsorshipValidUntil?: Date; familySponsorshipValidUntil?: Date;
familySponsorshipToDelete?: boolean; familySponsorshipToDelete?: boolean;
accessSecretsManager: boolean; accessSecretsManager: boolean;
limitCollectionCreation: boolean;
limitCollectionDeletion: boolean;
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
limitCollectionCreationDeletion: boolean; limitCollectionCreationDeletion: boolean;
allowAdminAccessToAllCollectionItems: boolean; allowAdminAccessToAllCollectionItems: boolean;
@ -110,6 +113,9 @@ export class OrganizationData {
this.familySponsorshipValidUntil = response.familySponsorshipValidUntil; this.familySponsorshipValidUntil = response.familySponsorshipValidUntil;
this.familySponsorshipToDelete = response.familySponsorshipToDelete; this.familySponsorshipToDelete = response.familySponsorshipToDelete;
this.accessSecretsManager = response.accessSecretsManager; this.accessSecretsManager = response.accessSecretsManager;
this.limitCollectionCreation = response.limitCollectionCreation;
this.limitCollectionDeletion = response.limitCollectionDeletion;
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
this.limitCollectionCreationDeletion = response.limitCollectionCreationDeletion; this.limitCollectionCreationDeletion = response.limitCollectionCreationDeletion;
this.allowAdminAccessToAllCollectionItems = response.allowAdminAccessToAllCollectionItems; this.allowAdminAccessToAllCollectionItems = response.allowAdminAccessToAllCollectionItems;

View File

@ -68,7 +68,11 @@ export class Organization {
/** /**
* Refers to the ability for an organization to limit collection creation and deletion to owners and admins only * Refers to the ability for an organization to limit collection creation and deletion to owners and admins only
*/ */
limitCollectionCreation: boolean;
limitCollectionDeletion: boolean;
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
limitCollectionCreationDeletion: boolean; limitCollectionCreationDeletion: boolean;
/** /**
* Refers to the ability for an owner/admin to access all collection items, regardless of assigned collections * Refers to the ability for an owner/admin to access all collection items, regardless of assigned collections
*/ */
@ -125,6 +129,9 @@ export class Organization {
this.familySponsorshipValidUntil = obj.familySponsorshipValidUntil; this.familySponsorshipValidUntil = obj.familySponsorshipValidUntil;
this.familySponsorshipToDelete = obj.familySponsorshipToDelete; this.familySponsorshipToDelete = obj.familySponsorshipToDelete;
this.accessSecretsManager = obj.accessSecretsManager; this.accessSecretsManager = obj.accessSecretsManager;
this.limitCollectionCreation = obj.limitCollectionCreation;
this.limitCollectionDeletion = obj.limitCollectionDeletion;
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
this.limitCollectionCreationDeletion = obj.limitCollectionCreationDeletion; this.limitCollectionCreationDeletion = obj.limitCollectionCreationDeletion;
this.allowAdminAccessToAllCollectionItems = obj.allowAdminAccessToAllCollectionItems; this.allowAdminAccessToAllCollectionItems = obj.allowAdminAccessToAllCollectionItems;
} }
@ -163,9 +170,7 @@ export class Organization {
} }
get canCreateNewCollections() { get canCreateNewCollections() {
return ( return !this.limitCollectionCreation || this.isAdmin || this.permissions.createNewCollections;
!this.limitCollectionCreationDeletion || this.isAdmin || this.permissions.createNewCollections
);
} }
get canEditAnyCollection() { get canEditAnyCollection() {

View File

@ -1,4 +1,7 @@
export class OrganizationCollectionManagementUpdateRequest { export class OrganizationCollectionManagementUpdateRequest {
limitCollectionCreation: boolean;
limitCollectionDeletion: boolean;
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
limitCreateDeleteOwnerAdmin: boolean; limitCreateDeleteOwnerAdmin: boolean;
allowAdminAccessToAllCollectionItems: boolean; allowAdminAccessToAllCollectionItems: boolean;
} }

View File

@ -32,6 +32,9 @@ export class OrganizationResponse extends BaseResponse {
smServiceAccounts?: number; smServiceAccounts?: number;
maxAutoscaleSmSeats?: number; maxAutoscaleSmSeats?: number;
maxAutoscaleSmServiceAccounts?: number; maxAutoscaleSmServiceAccounts?: number;
limitCollectionCreation: boolean;
limitCollectionDeletion: boolean;
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
limitCollectionCreationDeletion: boolean; limitCollectionCreationDeletion: boolean;
allowAdminAccessToAllCollectionItems: boolean; allowAdminAccessToAllCollectionItems: boolean;
@ -69,6 +72,9 @@ export class OrganizationResponse extends BaseResponse {
this.smServiceAccounts = this.getResponseProperty("SmServiceAccounts"); this.smServiceAccounts = this.getResponseProperty("SmServiceAccounts");
this.maxAutoscaleSmSeats = this.getResponseProperty("MaxAutoscaleSmSeats"); this.maxAutoscaleSmSeats = this.getResponseProperty("MaxAutoscaleSmSeats");
this.maxAutoscaleSmServiceAccounts = this.getResponseProperty("MaxAutoscaleSmServiceAccounts"); this.maxAutoscaleSmServiceAccounts = this.getResponseProperty("MaxAutoscaleSmServiceAccounts");
this.limitCollectionCreation = this.getResponseProperty("LimitCollectionCreation");
this.limitCollectionDeletion = this.getResponseProperty("LimitCollectionDeletion");
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
this.limitCollectionCreationDeletion = this.getResponseProperty( this.limitCollectionCreationDeletion = this.getResponseProperty(
"LimitCollectionCreationDeletion", "LimitCollectionCreationDeletion",
); );

View File

@ -49,6 +49,9 @@ export class ProfileOrganizationResponse extends BaseResponse {
familySponsorshipValidUntil?: Date; familySponsorshipValidUntil?: Date;
familySponsorshipToDelete?: boolean; familySponsorshipToDelete?: boolean;
accessSecretsManager: boolean; accessSecretsManager: boolean;
limitCollectionCreation: boolean;
limitCollectionDeletion: boolean;
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
limitCollectionCreationDeletion: boolean; limitCollectionCreationDeletion: boolean;
allowAdminAccessToAllCollectionItems: boolean; allowAdminAccessToAllCollectionItems: boolean;
@ -109,6 +112,9 @@ export class ProfileOrganizationResponse extends BaseResponse {
} }
this.familySponsorshipToDelete = this.getResponseProperty("FamilySponsorshipToDelete"); this.familySponsorshipToDelete = this.getResponseProperty("FamilySponsorshipToDelete");
this.accessSecretsManager = this.getResponseProperty("AccessSecretsManager"); this.accessSecretsManager = this.getResponseProperty("AccessSecretsManager");
this.limitCollectionCreation = this.getResponseProperty("LimitCollectionCreation");
this.limitCollectionDeletion = this.getResponseProperty("LimitCollectionDeletion");
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
this.limitCollectionCreationDeletion = this.getResponseProperty( this.limitCollectionCreationDeletion = this.getResponseProperty(
"LimitCollectionCreationDeletion", "LimitCollectionCreationDeletion",
); );

View File

@ -362,7 +362,8 @@ describe("KeyConnectorService", () => {
familySponsorshipValidUntil: null, familySponsorshipValidUntil: null,
familySponsorshipToDelete: null, familySponsorshipToDelete: null,
accessSecretsManager: false, accessSecretsManager: false,
limitCollectionCreationDeletion: true, limitCollectionCreation: true,
limitCollectionDeletion: true,
allowAdminAccessToAllCollectionItems: true, allowAdminAccessToAllCollectionItems: true,
flexibleCollections: false, flexibleCollections: false,
object: "profileOrganization", object: "profileOrganization",

View File

@ -36,6 +36,7 @@ export enum FeatureFlag {
Pm3478RefactorOrganizationUserApi = "pm-3478-refactor-organizationuser-api", Pm3478RefactorOrganizationUserApi = "pm-3478-refactor-organizationuser-api",
AccessIntelligence = "pm-13227-access-intelligence", AccessIntelligence = "pm-13227-access-intelligence",
Pm13322AddPolicyDefinitions = "pm-13322-add-policy-definitions", Pm13322AddPolicyDefinitions = "pm-13322-add-policy-definitions",
LimitCollectionCreationDeletionSplit = "pm-10863-limit-collection-creation-deletion-split",
} }
export type AllowedFeatureFlagTypes = boolean | number | string; export type AllowedFeatureFlagTypes = boolean | number | string;
@ -82,6 +83,7 @@ export const DefaultFeatureFlagValue = {
[FeatureFlag.Pm3478RefactorOrganizationUserApi]: FALSE, [FeatureFlag.Pm3478RefactorOrganizationUserApi]: FALSE,
[FeatureFlag.AccessIntelligence]: FALSE, [FeatureFlag.AccessIntelligence]: FALSE,
[FeatureFlag.Pm13322AddPolicyDefinitions]: FALSE, [FeatureFlag.Pm13322AddPolicyDefinitions]: FALSE,
[FeatureFlag.LimitCollectionCreationDeletionSplit]: FALSE,
} satisfies Record<FeatureFlag, AllowedFeatureFlagTypes>; } satisfies Record<FeatureFlag, AllowedFeatureFlagTypes>;
export type DefaultFeatureFlagValueType = typeof DefaultFeatureFlagValue; export type DefaultFeatureFlagValueType = typeof DefaultFeatureFlagValue;