mirror of
https://github.com/bitwarden/browser.git
synced 2025-01-02 18:17:46 +01:00
Split Organization.LimitCollectionCreationDeletion
into two separate business rules (#11223)
* Declare feature flag * Introduce new model properties * Reference feature toggle in template * Fix bugs caught during manual testing
This commit is contained in:
parent
80e6b1afd1
commit
073ee4739b
@ -52,7 +52,11 @@
|
||||
<form
|
||||
*ngIf="org && !loading"
|
||||
[bitSubmit]="submitCollectionManagement"
|
||||
[formGroup]="collectionManagementFormGroup"
|
||||
[formGroup]="
|
||||
limitCollectionCreationDeletionSplitFeatureFlagIsEnabled
|
||||
? collectionManagementFormGroup_VNext
|
||||
: collectionManagementFormGroup
|
||||
"
|
||||
>
|
||||
<h1 bitTypography="h1" class="tw-mt-16 tw-pb-2.5">{{ "collectionManagement" | i18n }}</h1>
|
||||
<p bitTypography="body1">{{ "collectionManagementDesc" | i18n }}</p>
|
||||
@ -60,12 +64,24 @@
|
||||
<bit-label>{{ "allowAdminAccessToAllCollectionItemsDesc" | i18n }}</bit-label>
|
||||
<input type="checkbox" bitCheckbox formControlName="allowAdminAccessToAllCollectionItems" />
|
||||
</bit-form-control>
|
||||
<ng-container *ngIf="limitCollectionCreationDeletionSplitFeatureFlagIsEnabled">
|
||||
<bit-form-control>
|
||||
<bit-label>{{ "limitCollectionCreationDesc" | i18n }}</bit-label>
|
||||
<input type="checkbox" bitCheckbox formControlName="limitCollectionCreation" />
|
||||
</bit-form-control>
|
||||
<bit-form-control>
|
||||
<bit-label>{{ "limitCollectionDeletionDesc" | i18n }}</bit-label>
|
||||
<input type="checkbox" bitCheckbox formControlName="limitCollectionDeletion" />
|
||||
</bit-form-control>
|
||||
</ng-container>
|
||||
<ng-container *ngIf="!limitCollectionCreationDeletionSplitFeatureFlagIsEnabled">
|
||||
<bit-form-control>
|
||||
<bit-label>{{ "limitCollectionCreationDeletionDesc" | i18n }}</bit-label>
|
||||
<input type="checkbox" bitCheckbox formControlName="limitCollectionCreationDeletion" />
|
||||
</bit-form-control>
|
||||
</ng-container>
|
||||
<button
|
||||
*ngIf="!selfHosted"
|
||||
*ngIf="!selfHosted || limitCollectionCreationDeletionSplitFeatureFlagIsEnabled"
|
||||
type="submit"
|
||||
bitButton
|
||||
bitFormButton
|
||||
|
@ -10,6 +10,8 @@ import { OrganizationCollectionManagementUpdateRequest } from "@bitwarden/common
|
||||
import { OrganizationKeysRequest } from "@bitwarden/common/admin-console/models/request/organization-keys.request";
|
||||
import { OrganizationUpdateRequest } from "@bitwarden/common/admin-console/models/request/organization-update.request";
|
||||
import { OrganizationResponse } from "@bitwarden/common/admin-console/models/response/organization.response";
|
||||
import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
|
||||
import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
|
||||
import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
|
||||
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
|
||||
import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
|
||||
@ -38,6 +40,8 @@ export class AccountComponent implements OnInit, OnDestroy {
|
||||
org: OrganizationResponse;
|
||||
taxFormPromise: Promise<unknown>;
|
||||
|
||||
limitCollectionCreationDeletionSplitFeatureFlagIsEnabled: boolean;
|
||||
|
||||
// FormGroup validators taken from server Organization domain object
|
||||
protected formGroup = this.formBuilder.group({
|
||||
orgName: this.formBuilder.control(
|
||||
@ -53,6 +57,7 @@ export class AccountComponent implements OnInit, OnDestroy {
|
||||
),
|
||||
});
|
||||
|
||||
// Deprecated. Delete with https://bitwarden.atlassian.net/browse/PM-10863
|
||||
protected collectionManagementFormGroup = this.formBuilder.group({
|
||||
limitCollectionCreationDeletion: this.formBuilder.control({ value: false, disabled: true }),
|
||||
allowAdminAccessToAllCollectionItems: this.formBuilder.control({
|
||||
@ -61,6 +66,15 @@ export class AccountComponent implements OnInit, OnDestroy {
|
||||
}),
|
||||
});
|
||||
|
||||
protected collectionManagementFormGroup_VNext = this.formBuilder.group({
|
||||
limitCollectionCreation: this.formBuilder.control({ value: false, disabled: false }),
|
||||
limitCollectionDeletion: this.formBuilder.control({ value: false, disabled: false }),
|
||||
allowAdminAccessToAllCollectionItems: this.formBuilder.control({
|
||||
value: false,
|
||||
disabled: false,
|
||||
}),
|
||||
});
|
||||
|
||||
protected organizationId: string;
|
||||
protected publicKeyBuffer: Uint8Array;
|
||||
|
||||
@ -78,11 +92,17 @@ export class AccountComponent implements OnInit, OnDestroy {
|
||||
private dialogService: DialogService,
|
||||
private formBuilder: FormBuilder,
|
||||
private toastService: ToastService,
|
||||
private configService: ConfigService,
|
||||
) {}
|
||||
|
||||
async ngOnInit() {
|
||||
this.selfHosted = this.platformUtilsService.isSelfHost();
|
||||
|
||||
this.configService
|
||||
.getFeatureFlag$(FeatureFlag.LimitCollectionCreationDeletionSplit)
|
||||
.pipe(takeUntil(this.destroy$))
|
||||
.subscribe((x) => (this.limitCollectionCreationDeletionSplitFeatureFlagIsEnabled = x));
|
||||
|
||||
this.route.params
|
||||
.pipe(
|
||||
switchMap((params) => this.organizationService.get$(params.organizationId)),
|
||||
@ -104,11 +124,16 @@ export class AccountComponent implements OnInit, OnDestroy {
|
||||
this.canUseApi = organization.useApi;
|
||||
|
||||
// Update disabled states - reactive forms prefers not using disabled attribute
|
||||
// Disabling these fields for self hosted orgs is deprecated
|
||||
// This block can be completely removed as part of
|
||||
// https://bitwarden.atlassian.net/browse/PM-10863
|
||||
if (!this.limitCollectionCreationDeletionSplitFeatureFlagIsEnabled) {
|
||||
if (!this.selfHosted) {
|
||||
this.formGroup.get("orgName").enable();
|
||||
this.collectionManagementFormGroup.get("limitCollectionCreationDeletion").enable();
|
||||
this.collectionManagementFormGroup.get("allowAdminAccessToAllCollectionItems").enable();
|
||||
}
|
||||
}
|
||||
|
||||
if (!this.selfHosted && this.canEditSubscription) {
|
||||
this.formGroup.get("billingEmail").enable();
|
||||
@ -125,10 +150,18 @@ export class AccountComponent implements OnInit, OnDestroy {
|
||||
orgName: this.org.name,
|
||||
billingEmail: this.org.billingEmail,
|
||||
});
|
||||
if (this.limitCollectionCreationDeletionSplitFeatureFlagIsEnabled) {
|
||||
this.collectionManagementFormGroup_VNext.patchValue({
|
||||
limitCollectionCreation: this.org.limitCollectionCreation,
|
||||
limitCollectionDeletion: this.org.limitCollectionDeletion,
|
||||
allowAdminAccessToAllCollectionItems: this.org.allowAdminAccessToAllCollectionItems,
|
||||
});
|
||||
} else {
|
||||
this.collectionManagementFormGroup.patchValue({
|
||||
limitCollectionCreationDeletion: this.org.limitCollectionCreationDeletion,
|
||||
allowAdminAccessToAllCollectionItems: this.org.allowAdminAccessToAllCollectionItems,
|
||||
});
|
||||
}
|
||||
|
||||
this.loading = false;
|
||||
});
|
||||
@ -177,15 +210,23 @@ export class AccountComponent implements OnInit, OnDestroy {
|
||||
|
||||
submitCollectionManagement = async () => {
|
||||
// Early exit if self-hosted
|
||||
if (this.selfHosted) {
|
||||
if (this.selfHosted && !this.limitCollectionCreationDeletionSplitFeatureFlagIsEnabled) {
|
||||
return;
|
||||
}
|
||||
|
||||
const request = new OrganizationCollectionManagementUpdateRequest();
|
||||
if (this.limitCollectionCreationDeletionSplitFeatureFlagIsEnabled) {
|
||||
request.limitCollectionCreation =
|
||||
this.collectionManagementFormGroup_VNext.value.limitCollectionCreation;
|
||||
request.limitCollectionDeletion =
|
||||
this.collectionManagementFormGroup_VNext.value.limitCollectionDeletion;
|
||||
request.allowAdminAccessToAllCollectionItems =
|
||||
this.collectionManagementFormGroup_VNext.value.allowAdminAccessToAllCollectionItems;
|
||||
} else {
|
||||
request.limitCreateDeleteOwnerAdmin =
|
||||
this.collectionManagementFormGroup.value.limitCollectionCreationDeletion;
|
||||
request.allowAdminAccessToAllCollectionItems =
|
||||
this.collectionManagementFormGroup.value.allowAdminAccessToAllCollectionItems;
|
||||
}
|
||||
|
||||
await this.organizationApiService.updateCollectionManagement(this.organizationId, request);
|
||||
|
||||
|
@ -8201,6 +8201,12 @@
|
||||
"limitCollectionCreationDeletionDesc": {
|
||||
"message": "Limit collection creation and deletion to owners and admins"
|
||||
},
|
||||
"limitCollectionCreationDesc": {
|
||||
"message": "Limit collection creation to owners and admins"
|
||||
},
|
||||
"limitCollectionDeletionDesc": {
|
||||
"message": "Limit collection deletion to owners and admins"
|
||||
},
|
||||
"allowAdminAccessToAllCollectionItemsDesc": {
|
||||
"message": "Owners and admins can manage all collections and items"
|
||||
},
|
||||
|
@ -74,7 +74,7 @@ export class CollectionView implements View, ITreeNodeObject {
|
||||
);
|
||||
}
|
||||
|
||||
const canDeleteManagedCollections = !org?.limitCollectionCreationDeletion || org.isAdmin;
|
||||
const canDeleteManagedCollections = !org?.limitCollectionDeletion || org.isAdmin;
|
||||
|
||||
// Only use individual permissions, not admin permissions
|
||||
return canDeleteManagedCollections && this.manage;
|
||||
|
@ -51,6 +51,9 @@ describe("ORGANIZATIONS state", () => {
|
||||
keyConnectorEnabled: false,
|
||||
keyConnectorUrl: "kcu",
|
||||
accessSecretsManager: false,
|
||||
limitCollectionCreation: false,
|
||||
limitCollectionDeletion: false,
|
||||
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
|
||||
limitCollectionCreationDeletion: false,
|
||||
allowAdminAccessToAllCollectionItems: false,
|
||||
familySponsorshipLastSyncDate: new Date(),
|
||||
|
@ -52,6 +52,9 @@ export class OrganizationData {
|
||||
familySponsorshipValidUntil?: Date;
|
||||
familySponsorshipToDelete?: boolean;
|
||||
accessSecretsManager: boolean;
|
||||
limitCollectionCreation: boolean;
|
||||
limitCollectionDeletion: boolean;
|
||||
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
|
||||
limitCollectionCreationDeletion: boolean;
|
||||
allowAdminAccessToAllCollectionItems: boolean;
|
||||
|
||||
@ -110,6 +113,9 @@ export class OrganizationData {
|
||||
this.familySponsorshipValidUntil = response.familySponsorshipValidUntil;
|
||||
this.familySponsorshipToDelete = response.familySponsorshipToDelete;
|
||||
this.accessSecretsManager = response.accessSecretsManager;
|
||||
this.limitCollectionCreation = response.limitCollectionCreation;
|
||||
this.limitCollectionDeletion = response.limitCollectionDeletion;
|
||||
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
|
||||
this.limitCollectionCreationDeletion = response.limitCollectionCreationDeletion;
|
||||
this.allowAdminAccessToAllCollectionItems = response.allowAdminAccessToAllCollectionItems;
|
||||
|
||||
|
@ -68,7 +68,11 @@ export class Organization {
|
||||
/**
|
||||
* Refers to the ability for an organization to limit collection creation and deletion to owners and admins only
|
||||
*/
|
||||
limitCollectionCreation: boolean;
|
||||
limitCollectionDeletion: boolean;
|
||||
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
|
||||
limitCollectionCreationDeletion: boolean;
|
||||
|
||||
/**
|
||||
* Refers to the ability for an owner/admin to access all collection items, regardless of assigned collections
|
||||
*/
|
||||
@ -125,6 +129,9 @@ export class Organization {
|
||||
this.familySponsorshipValidUntil = obj.familySponsorshipValidUntil;
|
||||
this.familySponsorshipToDelete = obj.familySponsorshipToDelete;
|
||||
this.accessSecretsManager = obj.accessSecretsManager;
|
||||
this.limitCollectionCreation = obj.limitCollectionCreation;
|
||||
this.limitCollectionDeletion = obj.limitCollectionDeletion;
|
||||
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
|
||||
this.limitCollectionCreationDeletion = obj.limitCollectionCreationDeletion;
|
||||
this.allowAdminAccessToAllCollectionItems = obj.allowAdminAccessToAllCollectionItems;
|
||||
}
|
||||
@ -163,9 +170,7 @@ export class Organization {
|
||||
}
|
||||
|
||||
get canCreateNewCollections() {
|
||||
return (
|
||||
!this.limitCollectionCreationDeletion || this.isAdmin || this.permissions.createNewCollections
|
||||
);
|
||||
return !this.limitCollectionCreation || this.isAdmin || this.permissions.createNewCollections;
|
||||
}
|
||||
|
||||
get canEditAnyCollection() {
|
||||
|
@ -1,4 +1,7 @@
|
||||
export class OrganizationCollectionManagementUpdateRequest {
|
||||
limitCollectionCreation: boolean;
|
||||
limitCollectionDeletion: boolean;
|
||||
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
|
||||
limitCreateDeleteOwnerAdmin: boolean;
|
||||
allowAdminAccessToAllCollectionItems: boolean;
|
||||
}
|
||||
|
@ -32,6 +32,9 @@ export class OrganizationResponse extends BaseResponse {
|
||||
smServiceAccounts?: number;
|
||||
maxAutoscaleSmSeats?: number;
|
||||
maxAutoscaleSmServiceAccounts?: number;
|
||||
limitCollectionCreation: boolean;
|
||||
limitCollectionDeletion: boolean;
|
||||
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
|
||||
limitCollectionCreationDeletion: boolean;
|
||||
allowAdminAccessToAllCollectionItems: boolean;
|
||||
|
||||
@ -69,6 +72,9 @@ export class OrganizationResponse extends BaseResponse {
|
||||
this.smServiceAccounts = this.getResponseProperty("SmServiceAccounts");
|
||||
this.maxAutoscaleSmSeats = this.getResponseProperty("MaxAutoscaleSmSeats");
|
||||
this.maxAutoscaleSmServiceAccounts = this.getResponseProperty("MaxAutoscaleSmServiceAccounts");
|
||||
this.limitCollectionCreation = this.getResponseProperty("LimitCollectionCreation");
|
||||
this.limitCollectionDeletion = this.getResponseProperty("LimitCollectionDeletion");
|
||||
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
|
||||
this.limitCollectionCreationDeletion = this.getResponseProperty(
|
||||
"LimitCollectionCreationDeletion",
|
||||
);
|
||||
|
@ -49,6 +49,9 @@ export class ProfileOrganizationResponse extends BaseResponse {
|
||||
familySponsorshipValidUntil?: Date;
|
||||
familySponsorshipToDelete?: boolean;
|
||||
accessSecretsManager: boolean;
|
||||
limitCollectionCreation: boolean;
|
||||
limitCollectionDeletion: boolean;
|
||||
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
|
||||
limitCollectionCreationDeletion: boolean;
|
||||
allowAdminAccessToAllCollectionItems: boolean;
|
||||
|
||||
@ -109,6 +112,9 @@ export class ProfileOrganizationResponse extends BaseResponse {
|
||||
}
|
||||
this.familySponsorshipToDelete = this.getResponseProperty("FamilySponsorshipToDelete");
|
||||
this.accessSecretsManager = this.getResponseProperty("AccessSecretsManager");
|
||||
this.limitCollectionCreation = this.getResponseProperty("LimitCollectionCreation");
|
||||
this.limitCollectionDeletion = this.getResponseProperty("LimitCollectionDeletion");
|
||||
// Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
|
||||
this.limitCollectionCreationDeletion = this.getResponseProperty(
|
||||
"LimitCollectionCreationDeletion",
|
||||
);
|
||||
|
@ -362,7 +362,8 @@ describe("KeyConnectorService", () => {
|
||||
familySponsorshipValidUntil: null,
|
||||
familySponsorshipToDelete: null,
|
||||
accessSecretsManager: false,
|
||||
limitCollectionCreationDeletion: true,
|
||||
limitCollectionCreation: true,
|
||||
limitCollectionDeletion: true,
|
||||
allowAdminAccessToAllCollectionItems: true,
|
||||
flexibleCollections: false,
|
||||
object: "profileOrganization",
|
||||
|
@ -36,6 +36,7 @@ export enum FeatureFlag {
|
||||
Pm3478RefactorOrganizationUserApi = "pm-3478-refactor-organizationuser-api",
|
||||
AccessIntelligence = "pm-13227-access-intelligence",
|
||||
Pm13322AddPolicyDefinitions = "pm-13322-add-policy-definitions",
|
||||
LimitCollectionCreationDeletionSplit = "pm-10863-limit-collection-creation-deletion-split",
|
||||
}
|
||||
|
||||
export type AllowedFeatureFlagTypes = boolean | number | string;
|
||||
@ -82,6 +83,7 @@ export const DefaultFeatureFlagValue = {
|
||||
[FeatureFlag.Pm3478RefactorOrganizationUserApi]: FALSE,
|
||||
[FeatureFlag.AccessIntelligence]: FALSE,
|
||||
[FeatureFlag.Pm13322AddPolicyDefinitions]: FALSE,
|
||||
[FeatureFlag.LimitCollectionCreationDeletionSplit]: FALSE,
|
||||
} satisfies Record<FeatureFlag, AllowedFeatureFlagTypes>;
|
||||
|
||||
export type DefaultFeatureFlagValueType = typeof DefaultFeatureFlagValue;
|
||||
|
Loading…
Reference in New Issue
Block a user