Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-21 11:35:34 +01:00
Code Issues Projects Releases Wiki Activity

[AC-1373] Flexible Collections (#6336)

Browse Source 
* [AC-1117] Add manage permission (#5910)

* Add 'manage' option to collection access permissions

* Add 'manage' to collection permissions

* remove service accidentally committed from another branch

* Update CLI commands

* update message casing to be consistent

* access selector model updates

* [AC-1374] Limit collection create/delete (#5963)

* feat: udate request/response/data/domain models for new column, refs AC-1374

* feat: create collection management ui, refs AC-1374

* fix: remove limitCollectionCdOwnerAdmin boolean from org update request, refs AC-1374

* fix: moved collection management UI, removed comments, refs AC-1374

* fix: observable chaining now properly calls API when local org updated, refs AC-1374

* fix: remove unused form template variables, refs AC-1374

* fix: clean up observable chain, refs AC-1374

* fix: remove parent.parent route, refs AC-1374

* fix: add cd explaination, refs AC-1374

* [AC-1649] Remove organizationId from collection-bulk-delete.request (#6343)

* refactor: remove organizationId from collection-bulk-delete-request, refs AC-1649

* refactor: remove request model from dialog component, refs AC-1649

* [AC-1174] Bulk collection management (#6133)

* [AC-1174] Add bulk edit collection access event type

* [AC-1174] Add bulk edit collection access menu option

* [AC-1174] Add initial bulk collections access dialog

* [AC-1174] Add logic to open bulk edit collections dialog

* [AC-1174] Move AccessItemView helper methods to access selector model to be shared

* [AC-1174] Add access selector to bulk collections dialog

* [AC-1174] Add bulk assign access method to collection-admin service

* [AC-1174] Introduce strongly typed BulkCollectionAccessRequest model

* [AC-1174] Update vault item event type name

* Update DialogService dependency

---------

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>

* Rename LimitCollectionCdOwnerAdmin -> LimitCollectionCreationDeletion (#6409)

* Add manage property to synced Collection data

* Revert "Add manage property to synced Collection data"

Pushed to feature branch instead of a new one

This reverts commit 65cd39589c.

* Add manage property to synced Collection data

* Revert "Add manage property to synced Collection data"

This reverts commit f7fa30b79a.

* [AC-1680] Add manage property to collection view and response models (#6417)

* Add manage property to synced Collection data

* Update tests

* feat: add LimitCollectionCreationDeletion conditional to canCreateNewCollections logic, refs AC-1659 (#6429)

* [AC-1669] Enforce Can Manage permission on Collection dialog (#6493)

* [AC-1669] Cleanup unhandled promise warnings

* [AC-1669] Force change detection to ensure AccessSelector has the most recent items

* [AC-1669] Initially select acting member when creating a new collection

* [AC-1669] Add validator to ensure manage permission is selected

* [AC-1669] Update error toast logic to support access tab errors

* [AC-1669] Add error icon

* [AC-1713] [Flexible collections] Add feature flags to clients (#6486)

* Add FlexibleCollections and BulkCollectionAccess flags

* Flag Collection Management settings

* Flag bulk collection access dialog

* Flag collection access modal changes

* [AC-1662] Add LimitCollecitonCreationDeletion conditional to CanDelete logic (#6526)

* feat: implement limitCollectionCreationDeletion into canDelete logic, refs AC-1662

* feat: make canDelete functions backwards compatible with feature flag, refs AC-1662

* feat: update vault-items.component for async getter, refs AC-1662

* feat: update configService injection, refs AC-1662

* feat: add config service to canDelete reference, refs AC-1662

* fix: remove configservice dependency from views, refs AC-1757 (#6686)

* Add missing provider to vault-items.stories (#6690)

* Fix imports after update from master

---------

Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com>
Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com>
Co-authored-by: Shane Melton <smelton@bitwarden.com>
This commit is contained in:
Thomas Rittson 2023-11-01 19:30:59 +10:00 committed by GitHub
parent 2ec3f808d2
commit 0c3b569d0e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
53 changed files with 725 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/cli/src/admin-console/models/selection-read-only.ts
View File

@ -1,15 +1,17 @@
export class SelectionReadOnly {
static template(): SelectionReadOnly {
return new SelectionReadOnly("00000000-0000-0000-0000-000000000000", false, false);
return new SelectionReadOnly("00000000-0000-0000-0000-000000000000", false, false, false);
}
id: string;
readOnly: boolean;
hidePasswords: boolean;
manage: boolean;
constructor(id: string, readOnly: boolean, hidePasswords: boolean) {
constructor(id: string, readOnly: boolean, hidePasswords: boolean, manage: boolean) {
this.id = id;
this.readOnly = readOnly;
this.hidePasswords = hidePasswords || false;
this.manage = manage;
}
}

4
apps/cli/src/commands/edit.command.ts
View File

@ -169,7 +169,9 @@ export class EditCommand {
const groups =
req.groups == null
? null
: req.groups.map((g) => new SelectionReadOnlyRequest(g.id, g.readOnly, g.hidePasswords));
: req.groups.map(
(g) => new SelectionReadOnlyRequest(g.id, g.readOnly, g.hidePasswords, g.manage)
);
const request = new CollectionRequest();
request.name = (await this.cryptoService.encrypt(req.name, orgKey)).encryptedString;
request.externalId = req.externalId;

4
apps/cli/src/commands/get.command.ts
View File

@ -427,7 +427,9 @@ export class GetCommand extends DownloadCommand {
const groups =
response.groups == null
? null
: response.groups.map((g) => new SelectionReadOnly(g.id, g.readOnly, g.hidePasswords));
: response.groups.map(
(g) => new SelectionReadOnly(g.id, g.readOnly, g.hidePasswords, g.manage)
);
const res = new OrganizationCollectionResponse(decCollection, groups);
return Response.success(res);
} catch (e) {

4
apps/cli/src/vault/create.command.ts
View File

@ -184,7 +184,9 @@ export class CreateCommand {
const groups =
req.groups == null
? null
: req.groups.map((g) => new SelectionReadOnlyRequest(g.id, g.readOnly, g.hidePasswords));
: req.groups.map(
(g) => new SelectionReadOnlyRequest(g.id, g.readOnly, g.hidePasswords, g.manage)
);
const request = new CollectionRequest();
request.name = (await this.cryptoService.encrypt(req.name, orgKey)).encryptedString;
request.externalId = req.externalId;

2
apps/web/src/app/admin-console/organizations/core/services/group/group.service.ts
View File

@ -76,7 +76,7 @@ export class InternalGroupService extends GroupService {
request.accessAll = group.accessAll;
request.users = group.members;
request.collections = group.collections.map(
(c) => new SelectionReadOnlyRequest(c.id, c.readOnly, c.hidePasswords)
(c) => new SelectionReadOnlyRequest(c.id, c.readOnly, c.hidePasswords, c.manage)
);
if (group.id == undefined) {

1
apps/web/src/app/admin-console/organizations/core/services/user-admin.service.ts
View File

@ -80,6 +80,7 @@ export class UserAdminService {
id: c.id,
hidePasswords: c.hidePasswords,
readOnly: c.readOnly,
manage: c.manage,
}));
view.groups = u.groups;
view.accessSecretsManager = u.accessSecretsManager;

3
apps/web/src/app/admin-console/organizations/core/views/collection-access-selection.view.ts
View File

@ -4,12 +4,14 @@ interface SelectionResponseLike {
id: string;
readOnly: boolean;
hidePasswords: boolean;
manage: boolean;
}
export class CollectionAccessSelectionView extends View {
readonly id: string;
readonly readOnly: boolean;
readonly hidePasswords: boolean;
readonly manage: boolean;
constructor(response?: SelectionResponseLike) {
super();
@ -21,5 +23,6 @@ export class CollectionAccessSelectionView extends View {
this.id = response.id;
this.readOnly = response.readOnly;
this.hidePasswords = response.hidePasswords;
this.manage = response.manage;
}
}

2
apps/web/src/app/admin-console/organizations/manage/group-add-edit.component.html
View File

@ -40,6 +40,7 @@
[columnHeader]="'member' | i18n"
[selectorLabelText]="'selectMembers' | i18n"
[emptySelectionText]="'noMembersAdded' | i18n"
[flexibleCollectionsEnabled]="flexibleCollectionsEnabled$ | async"
></bit-access-selector>
</bit-tab>
@ -60,6 +61,7 @@
[columnHeader]="'collection' | i18n"
[selectorLabelText]="'selectCollections' | i18n"
[emptySelectionText]="'noCollectionsAdded' | i18n"
[flexibleCollectionsEnabled]="flexibleCollectionsEnabled$ | async"
></bit-access-selector>
</ng-container>
</bit-tab>

10
apps/web/src/app/admin-console/organizations/manage/group-add-edit.component.ts
View File

@ -5,7 +5,9 @@ import { catchError, combineLatest, from, map, of, Subject, switchMap, takeUntil
import { ApiService } from "@bitwarden/common/abstractions/api.service";
import { OrganizationUserService } from "@bitwarden/common/admin-console/abstractions/organization-user/organization-user.service";
import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
import { ErrorResponse } from "@bitwarden/common/models/response/error.response";
import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
@ -78,6 +80,11 @@ export const openGroupAddEditDialog = (
templateUrl: "group-add-edit.component.html",
})
export class GroupAddEditComponent implements OnInit, OnDestroy {
protected flexibleCollectionsEnabled$ = this.configService.getFeatureFlag$(
FeatureFlag.FlexibleCollections,
false
);
protected PermissionMode = PermissionMode;
protected ResultType = GroupAddEditDialogResultType;
@ -181,7 +188,8 @@ export class GroupAddEditComponent implements OnInit, OnDestroy {
private logService: LogService,
private formBuilder: FormBuilder,
private changeDetectorRef: ChangeDetectorRef,
private dialogService: DialogService
private dialogService: DialogService,
private configService: ConfigServiceAbstraction
) {
this.tabIndex = params.initialTab ?? GroupAddEditTabType.Info;
}

2
apps/web/src/app/admin-console/organizations/members/components/member-dialog/member-dialog.component.html
View File

@ -289,6 +289,7 @@
[columnHeader]="'groups' | i18n"
[selectorLabelText]="'selectGroups' | i18n"
[emptySelectionText]="'noGroupsAdded' | i18n"
[flexibleCollectionsEnabled]="flexibleCollectionsEnabled$ | async"
></bit-access-selector>
</bit-tab>
<bit-tab [label]="'collections' | i18n">
@ -321,6 +322,7 @@
[columnHeader]="'collection' | i18n"
[selectorLabelText]="'selectCollections' | i18n"
[emptySelectionText]="'noCollectionsAdded' | i18n"
[flexibleCollectionsEnabled]="flexibleCollectionsEnabled$ | async"
></bit-access-selector
></bit-tab>
</bit-tab-group>

10
apps/web/src/app/admin-console/organizations/members/components/member-dialog/member-dialog.component.ts
View File

@ -11,6 +11,8 @@ import {
} from "@bitwarden/common/admin-console/enums";
import { PermissionsApi } from "@bitwarden/common/admin-console/models/api/permissions.api";
import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
import { CollectionView } from "@bitwarden/common/vault/models/view/collection.view";
@ -64,6 +66,11 @@ export enum MemberDialogResult {
templateUrl: "member-dialog.component.html",
})
export class MemberDialogComponent implements OnInit, OnDestroy {
protected flexibleCollectionsEnabled$ = this.configService.getFeatureFlag$(
FeatureFlag.FlexibleCollections,
false
);
loading = true;
editMode = false;
isRevoked = false;
@ -134,7 +141,8 @@ export class MemberDialogComponent implements OnInit, OnDestroy {
private groupService: GroupService,
private userService: UserAdminService,
private organizationUserService: OrganizationUserService,
private dialogService: DialogService
private dialogService: DialogService,
private configService: ConfigServiceAbstraction
) {}
async ngOnInit() {

23
apps/web/src/app/admin-console/organizations/settings/account.component.html
View File

@ -7,7 +7,7 @@
></i>
<span class="tw-sr-only">{{ "loading" | i18n }}</span>
</div>
<form *ngIf="org && !loading" #form [bitSubmit]="submit" [formGroup]="formGroup">
<form *ngIf="org && !loading" [bitSubmit]="submit" [formGroup]="formGroup">
<div class="tw-grid tw-grid-cols-2 tw-gap-5">
<div>
<bit-form-field>
@ -52,6 +52,27 @@
{{ "rotateApiKey" | i18n }}
</button>
</ng-container>
<form
*ngIf="org && !loading && (showCollectionManagementSettings$ | async)"
[bitSubmit]="submitCollectionManagement"
[formGroup]="collectionManagementFormGroup"
>
<h1 bitTypography="h1" class="tw-mt-16 tw-pb-2.5">{{ "collectionManagement" | i18n }}</h1>
<p>{{ "collectionManagementDesc" | i18n }}</p>
<bit-form-control>
<bit-label>{{ "limitCollectionCreationDeletionDesc" | i18n }}</bit-label>
<input type="checkbox" bitCheckbox formControlName="limitCollectionCreationDeletion" />
</bit-form-control>
<button
type="submit"
bitButton
bitFormButton
buttonType="primary"
id="collectionManagementSubmitButton"
>
{{ "save" | i18n }}
</button>
</form>
<h1 bitTypography="h1" class="tw-mt-16 tw-pb-2.5 !tw-text-danger">{{ "dangerZone" | i18n }}</h1>
<div class="tw-rounded tw-border tw-border-solid tw-border-danger-500 tw-bg-background tw-p-5">
<p>{{ "dangerZoneDesc" | i18n }}</p>

72
apps/web/src/app/admin-console/organizations/settings/account.component.ts
View File

@ -1,17 +1,19 @@
import { Component, ViewChild, ViewContainerRef } from "@angular/core";
import { FormBuilder, Validators } from "@angular/forms";
import { ActivatedRoute, Router } from "@angular/router";
import { combineLatest, lastValueFrom, Subject, switchMap, takeUntil, from } from "rxjs";
import { combineLatest, lastValueFrom, Subject, switchMap, takeUntil, from, of } from "rxjs";
import { ModalService } from "@bitwarden/angular/services/modal.service";
import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
import { OrganizationCollectionManagementUpdateRequest } from "@bitwarden/common/admin-console/models/request/organization-collection-management-update.request";
import { OrganizationKeysRequest } from "@bitwarden/common/admin-console/models/request/organization-keys.request";
import { OrganizationUpdateRequest } from "@bitwarden/common/admin-console/models/request/organization-update.request";
import { OrganizationResponse } from "@bitwarden/common/admin-console/models/response/organization.response";
import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
import { Utils } from "@bitwarden/common/platform/misc/utils";
import { DialogService } from "@bitwarden/components";
@ -38,8 +40,11 @@ export class AccountComponent {
loading = true;
canUseApi = false;
org: OrganizationResponse;
formPromise: Promise<OrganizationResponse>;
taxFormPromise: Promise<unknown>;
showCollectionManagementSettings$ = this.configService.getFeatureFlag$(
FeatureFlag.FlexibleCollections,
false
);
// FormGroup validators taken from server Organization domain object
protected formGroup = this.formBuilder.group({
@ -60,6 +65,10 @@ export class AccountComponent {
),
});
protected collectionManagementFormGroup = this.formBuilder.group({
limitCollectionCreationDeletion: [false],
});
protected organizationId: string;
protected publicKeyBuffer: Uint8Array;
@ -71,27 +80,27 @@ export class AccountComponent {
private route: ActivatedRoute,
private platformUtilsService: PlatformUtilsService,
private cryptoService: CryptoService,
private logService: LogService,
private router: Router,
private organizationService: OrganizationService,
private organizationApiService: OrganizationApiServiceAbstraction,
private dialogService: DialogService,
private formBuilder: FormBuilder
private formBuilder: FormBuilder,
private configService: ConfigServiceAbstraction
) {}
async ngOnInit() {
this.selfHosted = this.platformUtilsService.isSelfHost();
this.route.parent.parent.params
this.route.params
.pipe(
switchMap((params) => {
switchMap((params) => this.organizationService.get$(params.organizationId)),
switchMap((organization) => {
return combineLatest([
// Organization domain
this.organizationService.get$(params.organizationId),
of(organization),
// OrganizationResponse for form population
from(this.organizationApiService.get(params.organizationId)),
from(this.organizationApiService.get(organization.id)),
// Organization Public Key
from(this.organizationApiService.getKeys(params.organizationId)),
from(this.organizationApiService.getKeys(organization.id)),
]);
}),
takeUntil(this.destroy$)
@ -102,6 +111,16 @@ export class AccountComponent {
this.canEditSubscription = organization.canEditSubscription;
this.canUseApi = organization.useApi;
// Update disabled states - reactive forms prefers not using disabled attribute
if (!this.selfHosted) {
this.formGroup.get("orgName").enable();
}
if (!this.selfHosted || this.canEditSubscription) {
this.formGroup.get("billingEmail").enable();
this.formGroup.get("businessName").enable();
}
// Org Response
this.org = orgResponse;
@ -114,16 +133,9 @@ export class AccountComponent {
billingEmail: this.org.billingEmail,
businessName: this.org.businessName,
});
// Update disabled states - reactive forms prefers not using disabled attribute
if (!this.selfHosted) {
this.formGroup.get("orgName").enable();
}
if (!this.selfHosted || this.canEditSubscription) {
this.formGroup.get("billingEmail").enable();
this.formGroup.get("businessName").enable();
}
this.collectionManagementFormGroup.patchValue({
limitCollectionCreationDeletion: this.org.limitCollectionCreationDeletion,
});
this.loading = false;
});
@ -153,11 +165,25 @@ export class AccountComponent {
request.keys = new OrganizationKeysRequest(orgKeys[0], orgKeys[1].encryptedString);
}
this.formPromise = this.organizationApiService.save(this.organizationId, request);
await this.formPromise;
await this.organizationApiService.save(this.organizationId, request);
this.platformUtilsService.showToast("success", null, this.i18nService.t("organizationUpdated"));
};
submitCollectionManagement = async () => {
const request = new OrganizationCollectionManagementUpdateRequest();
request.limitCreateDeleteOwnerAdmin =
this.collectionManagementFormGroup.value.limitCollectionCreationDeletion;
await this.organizationApiService.updateCollectionManagement(this.organizationId, request);
this.platformUtilsService.showToast(
"success",
null,
this.i18nService.t("collectionManagementUpdated")
);
};
async deleteOrganization() {
const dialog = openDeleteOrganizationDialog(this.dialogService, {
data: {

15
apps/web/src/app/admin-console/organizations/shared/components/access-selector/access-selector.component.ts
View File

@ -122,6 +122,10 @@ export class AccessSelectorComponent implements ControlValueAccessor, OnInit, On
{ perm: CollectionPermission.Edit, labelId: "canEdit" },
{ perm: CollectionPermission.EditExceptPass, labelId: "canEditExceptPass" },
];
private canManagePermissionListItem = {
perm: CollectionPermission.Manage,
labelId: "canManage",
};
protected initialPermission = CollectionPermission.View;
disabled: boolean;
@ -192,6 +196,11 @@ export class AccessSelectorComponent implements ControlValueAccessor, OnInit, On
*/
@Input() showGroupColumn: boolean;
/**
* Enable Flexible Collections changes (feature flag)
*/
@Input() flexibleCollectionsEnabled: boolean;
constructor(
private readonly formBuilder: FormBuilder,
private readonly i18nService: I18nService
@ -254,7 +263,7 @@ export class AccessSelectorComponent implements ControlValueAccessor, OnInit, On
this.pauseChangeNotification = false;
}
ngOnInit() {
async ngOnInit() {
// Watch the internal formArray for changes and propagate them
this.selectionList.formArray.valueChanges.pipe(takeUntil(this.destroy$)).subscribe((v) => {
if (!this.notifyOnChange || this.pauseChangeNotification) {
@ -268,6 +277,10 @@ export class AccessSelectorComponent implements ControlValueAccessor, OnInit, On
}
this.notifyOnChange(v);
});
if (this.flexibleCollectionsEnabled) {
this.permissionList.push(this.canManagePermissionListItem);
}
}
ngOnDestroy() {

39
apps/web/src/app/admin-console/organizations/shared/components/access-selector/access-selector.models.ts
View File

@ -1,19 +1,21 @@
import { OrganizationUserUserDetailsResponse } from "@bitwarden/common/admin-console/abstractions/organization-user/responses";
import {
OrganizationUserStatusType,
OrganizationUserType,
} from "@bitwarden/common/admin-console/enums";
import { SelectItemView } from "@bitwarden/components";
import { CollectionAccessSelectionView } from "../../../core";
import { CollectionAccessSelectionView, GroupView } from "../../../core";
/**
* Permission options that replace/correspond with readOnly and hidePassword server fields.
* Permission options that replace/correspond with manage, readOnly, and hidePassword server fields.
*/
export enum CollectionPermission {
View = "view",
ViewExceptPass = "viewExceptPass",
Edit = "edit",
EditExceptPass = "editExceptPass",
Manage = "manage",
}
export enum AccessItemType {
@ -82,7 +84,9 @@ export type AccessItemValue = {
* @param value
*/
export const convertToPermission = (value: CollectionAccessSelectionView) => {
if (value.readOnly) {
if (value.manage) {
return CollectionPermission.Manage;
} else if (value.readOnly) {
return value.hidePasswords ? CollectionPermission.ViewExceptPass : CollectionPermission.View;
} else {
return value.hidePasswords ? CollectionPermission.EditExceptPass : CollectionPermission.Edit;
@ -91,7 +95,7 @@ export const convertToPermission = (value: CollectionAccessSelectionView) => {
/**
* Converts an AccessItemValue back into a CollectionAccessView class using the CollectionPermission
* to determine the values for `readOnly` and `hidePassword`
* to determine the values for `manage`, `readOnly`, and `hidePassword`
* @param value
*/
export const convertToSelectionView = (value: AccessItemValue) => {
@ -99,6 +103,7 @@ export const convertToSelectionView = (value: AccessItemValue) => {
id: value.id,
readOnly: readOnly(value.permission),
hidePasswords: hidePassword(value.permission),
manage: value.permission === CollectionPermission.Manage,
});
};
@ -107,3 +112,29 @@ const readOnly = (perm: CollectionPermission) =>
const hidePassword = (perm: CollectionPermission) =>
[CollectionPermission.ViewExceptPass, CollectionPermission.EditExceptPass].includes(perm);
export function mapGroupToAccessItemView(group: GroupView): AccessItemView {
return {
id: group.id,
type: AccessItemType.Group,
listName: group.name,
labelName: group.name,
accessAllItems: group.accessAll,
readonly: group.accessAll,
};
}
// TODO: Use view when user apis are migrated to a service
export function mapUserToAccessItemView(user: OrganizationUserUserDetailsResponse): AccessItemView {
return {
id: user.id,
type: AccessItemType.Member,
email: user.email,
role: user.type,
listName: user.name?.length > 0 ? `${user.name} (${user.email})` : user.email,
labelName: user.name ?? user.email,
status: user.status,
accessAllItems: user.accessAll,
readonly: user.accessAll,
};
}

8
apps/web/src/app/vault/components/collection-dialog/collection-dialog.component.html
View File

@ -64,6 +64,12 @@
</bit-form-field>
</bit-tab>
<bit-tab label="{{ 'access' | i18n }}">
<div
class="tw-mb-3 tw-text-danger"
*ngIf="formGroup.controls.access.hasError('managePermissionRequired')"
>
<i class="bwi bwi-error"></i> {{ "managePermissionRequired" | i18n }}
</div>
<bit-access-selector
*ngIf="organization.useGroups"
[permissionMode]="PermissionMode.Edit"
@ -73,6 +79,7 @@
[selectorLabelText]="'selectGroupsAndMembers' | i18n"
[selectorHelpText]="'userPermissionOverrideHelper' | i18n"
[emptySelectionText]="'noMembersOrGroupsAdded' | i18n"
[flexibleCollectionsEnabled]="flexibleCollectionsEnabled$ | async"
></bit-access-selector>
<bit-access-selector
*ngIf="!organization.useGroups"
@ -82,6 +89,7 @@
[columnHeader]="'memberColumnHeader' | i18n"
[selectorLabelText]="'selectMembers' | i18n"
[emptySelectionText]="'noMembersAdded' | i18n"
[flexibleCollectionsEnabled]="flexibleCollectionsEnabled$ | async"
></bit-access-selector>
</bit-tab>
</bit-tab-group>

172
apps/web/src/app/vault/components/collection-dialog/collection-dialog.component.ts
View File

@ -1,8 +1,10 @@
import { DIALOG_DATA, DialogConfig, DialogRef } from "@angular/cdk/dialog";
import { Component, Inject, OnDestroy, OnInit } from "@angular/core";
import { FormBuilder, Validators } from "@angular/forms";
import { ChangeDetectorRef, Component, Inject, OnDestroy, OnInit } from "@angular/core";
import { AbstractControl, FormBuilder, Validators } from "@angular/forms";
import {
combineLatest,
firstValueFrom,
from,
map,
Observable,
of,
@ -14,23 +16,27 @@ import {
import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
import { OrganizationUserService } from "@bitwarden/common/admin-console/abstractions/organization-user/organization-user.service";
import { OrganizationUserUserDetailsResponse } from "@bitwarden/common/admin-console/abstractions/organization-user/responses";
import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
import { Utils } from "@bitwarden/common/platform/misc/utils";
import { CollectionResponse } from "@bitwarden/common/vault/models/response/collection.response";
import { CollectionView } from "@bitwarden/common/vault/models/view/collection.view";
import { DialogService, BitValidators } from "@bitwarden/components";
import { BitValidators, DialogService } from "@bitwarden/components";
import { GroupService, GroupView } from "../../../admin-console/organizations/core";
import { PermissionMode } from "../../../admin-console/organizations/shared/components/access-selector/access-selector.component";
import {
AccessItemView,
AccessItemValue,
AccessItemType,
convertToSelectionView,
AccessItemValue,
AccessItemView,
CollectionPermission,
convertToPermission,
convertToSelectionView,
mapGroupToAccessItemView,
mapUserToAccessItemView,
} from "../../../admin-console/organizations/shared/components/access-selector/access-selector.models";
import { CollectionAdminService } from "../../core/collection-admin.service";
import { CollectionAdminView } from "../../core/views/collection-admin.view";
@ -64,6 +70,11 @@ export enum CollectionDialogAction {
templateUrl: "collection-dialog.component.html",
})
export class CollectionDialogComponent implements OnInit, OnDestroy {
protected flexibleCollectionsEnabled$ = this.configService.getFeatureFlag$(
FeatureFlag.FlexibleCollections,
false
);
private destroy$ = new Subject<void>();
protected organizations$: Observable<Organization[]>;
@ -94,7 +105,9 @@ export class CollectionDialogComponent implements OnInit, OnDestroy {
private i18nService: I18nService,
private platformUtilsService: PlatformUtilsService,
private organizationUserService: OrganizationUserService,
private dialogService: DialogService
private dialogService: DialogService,
private changeDetectorRef: ChangeDetectorRef,
private configService: ConfigServiceAbstraction
) {
this.tabIndex = params.initialTab ?? CollectionDialogTabType.Info;
}
@ -118,7 +131,11 @@ export class CollectionDialogComponent implements OnInit, OnDestroy {
} else {
// Opened from the org vault
this.formGroup.patchValue({ selectedOrg: this.params.organizationId });
this.loadOrg(this.params.organizationId, this.params.collectionIds);
await this.loadOrg(this.params.organizationId, this.params.collectionIds);
}
if (await firstValueFrom(this.flexibleCollectionsEnabled$)) {
this.formGroup.controls.access.addValidators(validateCanManagePermission);
}
}
@ -139,51 +156,76 @@ export class CollectionDialogComponent implements OnInit, OnDestroy {
organization: organization$,
collections: this.collectionService.getAll(orgId),
collectionDetails: this.params.collectionId
? this.collectionService.get(orgId, this.params.collectionId)
? from(this.collectionService.get(orgId, this.params.collectionId))
: of(null),
groups: groups$,
users: this.organizationUserService.getAllUsers(orgId),
flexibleCollections: this.flexibleCollectionsEnabled$,
})
.pipe(takeUntil(this.formGroup.controls.selectedOrg.valueChanges), takeUntil(this.destroy$))
.subscribe(({ organization, collections, collectionDetails, groups, users }) => {
this.organization = organization;
this.accessItems = [].concat(
groups.map(mapGroupToAccessItemView),
users.data.map(mapUserToAccessItemView)
);
.subscribe(
({ organization, collections, collectionDetails, groups, users, flexibleCollections }) => {
this.organization = organization;
this.accessItems = [].concat(
groups.map(mapGroupToAccessItemView),
users.data.map(mapUserToAccessItemView)
);
if (collectionIds) {
collections = collections.filter((c) => collectionIds.includes(c.id));
}
// Force change detection to update the access selector's items
this.changeDetectorRef.detectChanges();
if (this.params.collectionId) {
this.collection = collections.find((c) => c.id === this.collectionId);
this.nestOptions = collections.filter((c) => c.id !== this.collectionId);
if (!this.collection) {
throw new Error("Could not find collection to edit.");
if (collectionIds) {
collections = collections.filter((c) => collectionIds.includes(c.id));
}
const { name, parent } = parseName(this.collection);
if (parent !== undefined && !this.nestOptions.find((c) => c.name === parent)) {
this.deletedParentName = parent;
if (this.params.collectionId) {
this.collection = collections.find((c) => c.id === this.collectionId);
this.nestOptions = collections.filter((c) => c.id !== this.collectionId);
if (!this.collection) {
throw new Error("Could not find collection to edit.");
}
const { name, parent } = parseName(this.collection);
if (parent !== undefined && !this.nestOptions.find((c) => c.name === parent)) {
this.deletedParentName = parent;
}
const accessSelections = mapToAccessSelections(collectionDetails);
this.formGroup.patchValue({
name,
externalId: this.collection.externalId,
parent,
access: accessSelections,
});
} else {
this.nestOptions = collections;
const parent = collections.find((c) => c.id === this.params.parentCollectionId);
const currentOrgUserId = users.data.find(
(u) => u.userId === this.organization?.userId
)?.id;
const initialSelection: AccessItemValue[] =
currentOrgUserId !== undefined
? [
{
id: currentOrgUserId,
type: AccessItemType.Member,
permission: flexibleCollections
? CollectionPermission.Manage
: CollectionPermission.Edit,
},
]
: [];
this.formGroup.patchValue({
parent: parent?.name ?? undefined,
access: initialSelection,
});
}
const accessSelections = mapToAccessSelections(collectionDetails);
this.formGroup.patchValue({
name,
externalId: this.collection.externalId,
parent,
access: accessSelections,
});
} else {
this.nestOptions = collections;
const parent = collections.find((c) => c.id === this.params.parentCollectionId);
this.formGroup.patchValue({ parent: parent?.name ?? undefined });
this.loading = false;
}
this.loading = false;
});
);
}
protected get collectionId() {
@ -202,12 +244,20 @@ export class CollectionDialogComponent implements OnInit, OnDestroy {
this.formGroup.markAllAsTouched();
if (this.formGroup.invalid) {
if (this.tabIndex === CollectionDialogTabType.Access) {
const accessTabError = this.formGroup.controls.access.hasError("managePermissionRequired");
if (this.tabIndex === CollectionDialogTabType.Access && !accessTabError) {
this.platformUtilsService.showToast(
"error",
null,
this.i18nService.t("fieldOnTabRequiresAttention", this.i18nService.t("collectionInfo"))
);
} else if (this.tabIndex === CollectionDialogTabType.Info && accessTabError) {
this.platformUtilsService.showToast(
"error",
null,
this.i18nService.t("fieldOnTabRequiresAttention", this.i18nService.t("access"))
);
}
return;
}
@ -284,32 +334,6 @@ function parseName(collection: CollectionView) {
return { name, parent };
}
function mapGroupToAccessItemView(group: GroupView): AccessItemView {
return {
id: group.id,
type: AccessItemType.Group,
listName: group.name,
labelName: group.name,
accessAllItems: group.accessAll,
readonly: group.accessAll,
};
}
// TODO: Use view when user apis are migrated to a service
function mapUserToAccessItemView(user: OrganizationUserUserDetailsResponse): AccessItemView {
return {
id: user.id,
type: AccessItemType.Member,
email: user.email,
role: user.type,
listName: user.name?.length > 0 ? `${user.name} (${user.email})` : user.email,
labelName: user.name ?? user.email,
status: user.status,
accessAllItems: user.accessAll,
readonly: user.accessAll,
};
}
function mapToAccessSelections(collectionDetails: CollectionAdminView): AccessItemValue[] {
if (collectionDetails == undefined) {
return [];
@ -328,6 +352,16 @@ function mapToAccessSelections(collectionDetails: CollectionAdminView): AccessIt
);
}
/**
* Validator to ensure that at least one access item has Manage permission
*/
function validateCanManagePermission(control: AbstractControl) {
const access = control.value as AccessItemValue[];
const hasManagePermission = access.some((a) => a.permission === CollectionPermission.Manage);
return hasManagePermission ? null : { managePermissionRequired: true };
}
/**
* Strongly typed helper to open a CollectionDialog
* @param dialogService Instance of the dialog service that will be used to open the dialog

1
apps/web/src/app/vault/components/vault-items/vault-item-event.ts
View File

@ -6,6 +6,7 @@ import { VaultItem } from "./vault-item";
export type VaultItemEvent =
| { type: "viewAttachments"; item: CipherView }
| { type: "viewCollections"; item: CipherView }
| { type: "bulkEditCollectionAccess"; items: CollectionView[] }
| { type: "viewCollectionAccess"; item: CollectionView }
| { type: "viewEvents"; item: CipherView }
| { type: "editCollection"; item: CollectionView }

9
apps/web/src/app/vault/components/vault-items/vault-items.component.html
View File

@ -34,6 +34,15 @@
<i class="bwi bwi-fw bwi-folder" aria-hidden="true"></i>
{{ "moveSelected" | i18n }}
</button>
<button
*ngIf="showAdminActions && showBulkEditCollectionAccess"
type="button"
bitMenuItem
(click)="bulkEditCollectionAccess()"
>
<i class="bwi bwi-fw bwi-users" aria-hidden="true"></i>
{{ "access" | i18n }}
</button>
<button
*ngIf="bulkMoveAllowed"
type="button"

26
apps/web/src/app/vault/components/vault-items/vault-items.component.ts
View File

@ -2,6 +2,8 @@ import { SelectionModel } from "@angular/cdk/collections";
import { Component, EventEmitter, Input, Output } from "@angular/core";
import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
import { CollectionView } from "@bitwarden/common/vault/models/view/collection.view";
import { TableDataSource } from "@bitwarden/components";
@ -27,6 +29,8 @@ const MaxSelectionCount = 500;
export class VaultItemsComponent {
protected RowHeight = RowHeight;
private flexibleCollectionsEnabled: boolean;
@Input() disabled: boolean;
@Input() showOwner: boolean;
@Input() showCollections: boolean;
@ -36,9 +40,12 @@ export class VaultItemsComponent {
@Input() showPremiumFeatures: boolean;
@Input() showBulkMove: boolean;
@Input() showBulkTrashOptions: boolean;
// Encompasses functionality only available from the organization vault context
@Input() showAdminActions: boolean;
@Input() allOrganizations: Organization[] = [];
@Input() allCollections: CollectionView[] = [];
@Input() allGroups: GroupView[] = [];
@Input() showBulkEditCollectionAccess = false;
private _ciphers?: CipherView[] = [];
@Input() get ciphers(): CipherView[] {
@ -64,6 +71,14 @@ export class VaultItemsComponent {
protected dataSource = new TableDataSource<VaultItem>();
protected selection = new SelectionModel<VaultItem>(true, [], true);
constructor(private configService: ConfigServiceAbstraction) {}
async ngOnInit() {
this.flexibleCollectionsEnabled = await this.configService.getFeatureFlag(
FeatureFlag.FlexibleCollections
);
}
get showExtraColumn() {
return this.showCollections || this.showGroups || this.showOwner;
}
@ -101,7 +116,7 @@ export class VaultItemsComponent {
}
const organization = this.allOrganizations.find((o) => o.id === collection.organizationId);
return collection.canDelete(organization);
return collection.canDelete(organization, this.flexibleCollectionsEnabled);
}
protected toggleAll() {
@ -168,4 +183,13 @@ export class VaultItemsComponent {
);
this.dataSource.data = items;
}
protected bulkEditCollectionAccess() {
this.event({
type: "bulkEditCollectionAccess",
items: this.selection.selected
.filter((item) => item.collection !== undefined)
.map((item) => item.collection),
});
}
}

11
apps/web/src/app/vault/components/vault-items/vault-items.stories.ts
View File

@ -8,6 +8,7 @@ import { SettingsService } from "@bitwarden/common/abstractions/settings.service
import { OrganizationUserType } from "@bitwarden/common/admin-console/enums";
import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
import { TokenService } from "@bitwarden/common/auth/abstractions/token.service";
import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
@ -92,6 +93,15 @@ export default {
},
} as Partial<TokenService>,
},
{
provide: ConfigServiceAbstraction,
useValue: {
getFeatureFlag() {
// does not currently affect any display logic, default all to OFF
return false;
},
},
},
],
}),
applicationConfig({
@ -289,6 +299,7 @@ function createCollectionView(i: number): CollectionAdminView {
id: group.id,
hidePasswords: false,
readOnly: false,
manage: false,
}),
];
}

7
apps/web/src/app/vault/core/bulk-collection-access.request.ts Normal file
View File

@ -0,0 +1,7 @@
import { SelectionReadOnlyRequest } from "@bitwarden/common/admin-console/models/request/selection-read-only.request";
export class BulkCollectionAccessRequest {
collectionIds: string[];
users: SelectionReadOnlyRequest[];
groups: SelectionReadOnlyRequest[];
}

33
apps/web/src/app/vault/core/collection-admin.service.ts
View File

@ -10,6 +10,9 @@ import {
CollectionResponse,
} from "@bitwarden/common/vault/models/response/collection.response";
import { CollectionAccessSelectionView } from "../../admin-console/organizations/core";
import { BulkCollectionAccessRequest } from "./bulk-collection-access.request";
import { CollectionAdminView } from "./views/collection-admin.view";
@Injectable()
@ -68,6 +71,30 @@ export class CollectionAdminService {
await this.apiService.deleteCollection(organizationId, collectionId);
}
async bulkAssignAccess(
organizationId: string,
collectionIds: string[],
users: CollectionAccessSelectionView[],
groups: CollectionAccessSelectionView[]
): Promise<void> {
const request = new BulkCollectionAccessRequest();
request.collectionIds = collectionIds;
request.users = users.map(
(u) => new SelectionReadOnlyRequest(u.id, u.readOnly, u.hidePasswords, u.manage)
);
request.groups = groups.map(
(g) => new SelectionReadOnlyRequest(g.id, g.readOnly, g.hidePasswords, g.manage)
);
await this.apiService.send(
"POST",
`organizations/${organizationId}/collections/bulk-access`,
request,
true,
false
);
}
private async decryptMany(
organizationId: string,
collections: CollectionResponse[] | CollectionAccessDetailsResponse[]
@ -105,10 +132,12 @@ export class CollectionAdminService {
collection.externalId = model.externalId;
collection.name = (await this.cryptoService.encrypt(model.name, key)).encryptedString;
collection.groups = model.groups.map(
(group) => new SelectionReadOnlyRequest(group.id, group.readOnly, group.hidePasswords)
(group) =>
new SelectionReadOnlyRequest(group.id, group.readOnly, group.hidePasswords, group.manage)
);
collection.users = model.users.map(
(user) => new SelectionReadOnlyRequest(user.id, user.readOnly, user.hidePasswords)
(user) =>
new SelectionReadOnlyRequest(user.id, user.readOnly, user.hidePasswords, user.manage)
);
return collection;
}

8
apps/web/src/app/vault/core/views/collection-admin.view.ts
View File

@ -35,7 +35,11 @@ export class CollectionAdminView extends CollectionView {
return org?.canEditAnyCollection || (org?.canEditAssignedCollections && this.assigned);
}
override canDelete(org: Organization): boolean {
return org?.canDeleteAnyCollection || (org?.canDeleteAssignedCollections && this.assigned);
override canDelete(org: Organization, flexibleCollectionsEnabled: boolean): boolean {
if (flexibleCollectionsEnabled) {
return org?.canDeleteAnyCollection;
} else {
return org?.canDeleteAnyCollection || (org?.canDeleteAssignedCollections && this.assigned);
}
}
}

12
apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-delete-dialog/bulk-delete-dialog.component.ts
View File

@ -3,7 +3,6 @@ import { Component, Inject } from "@angular/core";
import { ApiService } from "@bitwarden/common/abstractions/api.service";
import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
import { CollectionBulkDeleteRequest } from "@bitwarden/common/models/request/collection-bulk-delete.request";
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
@ -139,11 +138,7 @@ export class BulkDeleteDialogComponent {
);
return;
}
const deleteRequest = new CollectionBulkDeleteRequest(
this.collectionIds,
this.organization.id
);
return await this.apiService.deleteManyCollections(deleteRequest);
return await this.apiService.deleteManyCollections(this.organization.id, this.collectionIds);
// From individual vault, so there can be multiple organizations
} else if (this.organizations && this.collections) {
const deletePromises: Promise<any>[] = [];
@ -159,8 +154,9 @@ export class BulkDeleteDialogComponent {
const orgCollections = this.collections
.filter((o) => o.organizationId === organization.id)
.map((c) => c.id);
const deleteRequest = new CollectionBulkDeleteRequest(orgCollections, organization.id);
deletePromises.push(this.apiService.deleteManyCollections(deleteRequest));
deletePromises.push(
this.apiService.deleteManyCollections(this.organization.id, orgCollections)
);
}
return await Promise.all(deletePromises);
}

17
apps/web/src/app/vault/individual-vault/vault-header/vault-header.component.ts
View File

@ -1,7 +1,9 @@
import { ChangeDetectionStrategy, Component, EventEmitter, Input, Output } from "@angular/core";
import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
import { TreeNode } from "@bitwarden/common/models/domain/tree-node";
import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import { CollectionView } from "@bitwarden/common/vault/models/view/collection.view";
@ -22,6 +24,8 @@ export class VaultHeaderComponent {
protected All = All;
protected CollectionDialogTabType = CollectionDialogTabType;
private flexibleCollectionsEnabled: boolean;
/**
* Boolean to determine the loading state of the header.
* Shows a loading spinner if set to true
@ -55,7 +59,13 @@ export class VaultHeaderComponent {
/** Emits an event when the delete collection button is clicked in the header */
@Output() onDeleteCollection = new EventEmitter<void>();
constructor(private i18nService: I18nService) {}
constructor(private i18nService: I18nService, private configService: ConfigServiceAbstraction) {}
async ngOnInit() {
this.flexibleCollectionsEnabled = await this.configService.getFeatureFlag(
FeatureFlag.FlexibleCollections
);
}
/**
* The id of the organization that is currently being filtered on.
@ -146,11 +156,12 @@ export class VaultHeaderComponent {
return false;
}
// Otherwise, check if we can edit the specified collection
// Otherwise, check if we can delete the specified collection
const organization = this.organizations.find(
(o) => o.id === this.collection?.node.organizationId
);
return this.collection.node.canDelete(organization);
return this.collection.node.canDelete(organization, this.flexibleCollectionsEnabled);
}
deleteCollection() {

2
apps/web/src/app/vault/individual-vault/vault.component.html
View File

@ -45,7 +45,9 @@
[showBulkTrashOptions]="filter.type === 'trash'"
[useEvents]="false"
[cloneableOrganizationCiphers]="false"
[showAdminActions]="false"
(onEvent)="onVaultItemsEvent($event)"
[showBulkEditCollectionAccess]="showBulkCollectionAccess$ | async"
>
</app-vault-items>
<div

5
apps/web/src/app/vault/individual-vault/vault.component.ts
View File

@ -39,6 +39,7 @@ import { Organization } from "@bitwarden/common/admin-console/models/domain/orga
import { TokenService } from "@bitwarden/common/auth/abstractions/token.service";
import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
import { DEFAULT_PBKDF2_ITERATIONS, EventType, KdfType } from "@bitwarden/common/enums";
import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
import { ServiceUtils } from "@bitwarden/common/misc/serviceUtils";
import { TreeNode } from "@bitwarden/common/models/domain/tree-node";
import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
@ -143,6 +144,10 @@ export class VaultComponent implements OnInit, OnDestroy {
protected selectedCollection: TreeNode<CollectionView> | undefined;
protected canCreateCollections = false;
protected currentSearchText$: Observable<string>;
protected showBulkCollectionAccess$ = this.configService.getFeatureFlag$(
FeatureFlag.BulkCollectionAccess,
false
);
private searchText$ = new Subject<string>();
private refresh$ = new BehaviorSubject<void>(null);

43
apps/web/src/app/vault/org-vault/bulk-collections-dialog/bulk-collections-dialog.component.html Normal file
View File

@ -0,0 +1,43 @@
<form [formGroup]="formGroup" [bitSubmit]="submit">
<bit-dialog [loading]="loading" dialogSize="large">
<span bitDialogTitle>
{{ "assignCollectionAccess" | i18n }}
<span class="tw-text-sm tw-normal-case tw-text-muted">
{{ numCollections }} {{ (numCollections == 1 ? "collection" : "collections") | i18n }}
</span>
</span>
<div bitDialogContent>
<bit-access-selector
*ngIf="organization?.useGroups"
[permissionMode]="PermissionMode.Edit"
formControlName="access"
[items]="accessItems"
[columnHeader]="'groupAndMemberColumnHeader' | i18n"
[selectorLabelText]="'selectGroupsAndMembers' | i18n"
[selectorHelpText]="'userPermissionOverrideHelper' | i18n"
[emptySelectionText]="'noMembersOrGroupsAdded' | i18n"
[flexibleCollectionsEnabled]="flexibleCollectionsEnabled$ | async"
></bit-access-selector>
<bit-access-selector
*ngIf="!organization?.useGroups"
[permissionMode]="PermissionMode.Edit"
formControlName="access"
[items]="accessItems"
[columnHeader]="'memberColumnHeader' | i18n"
[selectorLabelText]="'selectMembers' | i18n"
[emptySelectionText]="'noMembersAdded' | i18n"
[flexibleCollectionsEnabled]="flexibleCollectionsEnabled$ | async"
></bit-access-selector>
</div>
<ng-container bitDialogFooter>
<button type="submit" bitButton bitFormButton buttonType="primary">
{{ "save" | i18n }}
</button>
<button type="button" bitButton bitFormButton buttonType="secondary" bitDialogClose>
{{ "cancel" | i18n }}
</button>
</ng-container>
</bit-dialog>
</form>

137
apps/web/src/app/vault/org-vault/bulk-collections-dialog/bulk-collections-dialog.component.ts Normal file
View File

@ -0,0 +1,137 @@
import { DIALOG_DATA, DialogConfig, DialogRef } from "@angular/cdk/dialog";
import { Component, Inject, OnDestroy } from "@angular/core";
import { FormBuilder } from "@angular/forms";
import { combineLatest, of, Subject, switchMap, takeUntil } from "rxjs";
import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
import { OrganizationUserService } from "@bitwarden/common/admin-console/abstractions/organization-user/organization-user.service";
import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
import { CollectionView } from "@bitwarden/common/vault/models/view/collection.view";
import { DialogService } from "@bitwarden/components";
import { GroupService, GroupView } from "../../../admin-console/organizations/core";
import {
AccessItemType,
AccessItemValue,
AccessItemView,
AccessSelectorModule,
convertToSelectionView,
mapGroupToAccessItemView,
mapUserToAccessItemView,
PermissionMode,
} from "../../../admin-console/organizations/shared/components/access-selector";
import { SharedModule } from "../../../shared";
import { CollectionAdminService } from "../../core/collection-admin.service";
export interface BulkCollectionsDialogParams {
organizationId: string;
collections: CollectionView[];
}
export enum BulkCollectionsDialogResult {
Saved = "saved",
Canceled = "canceled",
}
@Component({
imports: [SharedModule, AccessSelectorModule],
selector: "app-bulk-collections-dialog",
templateUrl: "bulk-collections-dialog.component.html",
standalone: true,
})
export class BulkCollectionsDialogComponent implements OnDestroy {
protected flexibleCollectionsEnabled$ = this.configService.getFeatureFlag$(
FeatureFlag.FlexibleCollections,
false
);
protected readonly PermissionMode = PermissionMode;
protected formGroup = this.formBuilder.group({
access: [[] as AccessItemValue[]],
});
protected loading = true;
protected organization: Organization;
protected accessItems: AccessItemView[] = [];
protected numCollections: number;
private destroy$ = new Subject<void>();
constructor(
@Inject(DIALOG_DATA) private params: BulkCollectionsDialogParams,
private dialogRef: DialogRef<BulkCollectionsDialogResult>,
private formBuilder: FormBuilder,
private organizationService: OrganizationService,
private groupService: GroupService,
private organizationUserService: OrganizationUserService,
private platformUtilsService: PlatformUtilsService,
private i18nService: I18nService,
private collectionAdminService: CollectionAdminService,
private configService: ConfigServiceAbstraction
) {
this.numCollections = this.params.collections.length;
const organization$ = this.organizationService.get$(this.params.organizationId);
const groups$ = organization$.pipe(
switchMap((organization) => {
if (!organization.useGroups) {
return of([] as GroupView[]);
}
return this.groupService.getAll(organization.id);
})
);
combineLatest([
organization$,
groups$,
this.organizationUserService.getAllUsers(this.params.organizationId),
])
.pipe(takeUntil(this.destroy$))
.subscribe(([organization, groups, users]) => {
this.organization = organization;
this.accessItems = [].concat(
groups.map(mapGroupToAccessItemView),
users.data.map(mapUserToAccessItemView)
);
this.loading = false;
});
}
ngOnDestroy() {
this.destroy$.next();
this.destroy$.complete();
}
submit = async () => {
const users = this.formGroup.controls.access.value
.filter((v) => v.type === AccessItemType.Member)
.map(convertToSelectionView);
const groups = this.formGroup.controls.access.value
.filter((v) => v.type === AccessItemType.Group)
.map(convertToSelectionView);
await this.collectionAdminService.bulkAssignAccess(
this.organization.id,
this.params.collections.map((c) => c.id),
users,
groups
);
this.platformUtilsService.showToast("success", null, this.i18nService.t("editedCollections"));
this.dialogRef.close(BulkCollectionsDialogResult.Saved);
};
static open(dialogService: DialogService, config: DialogConfig<BulkCollectionsDialogParams>) {
return dialogService.open<BulkCollectionsDialogResult, BulkCollectionsDialogParams>(
BulkCollectionsDialogComponent,
config
);
}
}

1
apps/web/src/app/vault/org-vault/bulk-collections-dialog/index.ts Normal file
View File

@ -0,0 +1 @@
export * from "./bulk-collections-dialog.component";

15
apps/web/src/app/vault/org-vault/vault-header/vault-header.component.ts
View File

@ -5,7 +5,9 @@ import { firstValueFrom } from "rxjs";
import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
import { ProductType } from "@bitwarden/common/enums";
import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
import { TreeNode } from "@bitwarden/common/models/domain/tree-node";
import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import { DialogService, SimpleDialogOptions } from "@bitwarden/components";
@ -56,14 +58,23 @@ export class VaultHeaderComponent {
protected CollectionDialogTabType = CollectionDialogTabType;
protected organizations$ = this.organizationService.organizations$;
private flexibleCollectionsEnabled: boolean;
constructor(
private organizationService: OrganizationService,
private i18nService: I18nService,
private dialogService: DialogService,
private collectionAdminService: CollectionAdminService,
private router: Router
private router: Router,
private configService: ConfigServiceAbstraction
) {}
async ngOnInit() {
this.flexibleCollectionsEnabled = await this.configService.getFeatureFlag(
FeatureFlag.FlexibleCollections
);
}
get title() {
if (this.collection !== undefined) {
return this.collection.node.name;
@ -171,7 +182,7 @@ export class VaultHeaderComponent {
}
// Otherwise, check if we can delete the specified collection
return this.collection.node.canDelete(this.organization);
return this.collection.node.canDelete(this.organization, this.flexibleCollectionsEnabled);
}
deleteCollection() {

2
apps/web/src/app/vault/org-vault/vault.component.html
View File

@ -52,7 +52,9 @@
[showBulkTrashOptions]="filter.type === 'trash'"
[useEvents]="organization?.useEvents"
[cloneableOrganizationCiphers]="true"
[showAdminActions]="true"
(onEvent)="onVaultItemsEvent($event)"
[showBulkEditCollectionAccess]="showBulkEditCollectionAccess$ | async"
>
</app-vault-items>
<div

38
apps/web/src/app/vault/org-vault/vault.component.ts
View File

@ -38,9 +38,11 @@ import { TotpService } from "@bitwarden/common/abstractions/totp.service";
import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
import { EventType } from "@bitwarden/common/enums";
import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
import { ServiceUtils } from "@bitwarden/common/misc/serviceUtils";
import { TreeNode } from "@bitwarden/common/models/domain/tree-node";
import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
@ -82,6 +84,10 @@ import { getNestedCollectionTree } from "../utils/collection-utils";
import { AddEditComponent } from "./add-edit.component";
import { AttachmentsComponent } from "./attachments.component";
import {
BulkCollectionsDialogComponent,
BulkCollectionsDialogResult,
} from "./bulk-collections-dialog";
import { CollectionsComponent } from "./collections.component";
import { VaultFilterComponent } from "./vault-filter/vault-filter.component";
@ -122,6 +128,10 @@ export class VaultComponent implements OnInit, OnDestroy {
protected isEmpty: boolean;
protected showMissingCollectionPermissionMessage: boolean;
protected currentSearchText$: Observable<string>;
protected showBulkEditCollectionAccess$ = this.configService.getFeatureFlag$(
FeatureFlag.BulkCollectionAccess,
false
);
private searchText$ = new Subject<string>();
private refresh$ = new BehaviorSubject<void>(null);
@ -152,7 +162,8 @@ export class VaultComponent implements OnInit, OnDestroy {
private logService: LogService,
private eventCollectionService: EventCollectionService,
private totpService: TotpService,
private apiService: ApiService
private apiService: ApiService,
protected configService: ConfigServiceAbstraction
) {}
async ngOnInit() {
@ -499,6 +510,8 @@ export class VaultComponent implements OnInit, OnDestroy {
await this.editCollection(event.item, CollectionDialogTabType.Info);
} else if (event.type === "viewCollectionAccess") {
await this.editCollection(event.item, CollectionDialogTabType.Access);
} else if (event.type === "bulkEditCollectionAccess") {
await this.bulkEditCollectionAccess(event.items);
} else if (event.type === "viewEvents") {
await this.viewEvents(event.item);
}
@ -890,6 +903,29 @@ export class VaultComponent implements OnInit, OnDestroy {
}
}
async bulkEditCollectionAccess(collections: CollectionView[]): Promise<void> {
if (collections.length === 0) {
this.platformUtilsService.showToast(
"error",
this.i18nService.t("errorOccurred"),
this.i18nService.t("nothingSelected")
);
return;
}
const dialog = BulkCollectionsDialogComponent.open(this.dialogService, {
data: {
collections,
organizationId: this.organization?.id,
},
});
const result = await lastValueFrom(dialog.closed);
if (result === BulkCollectionsDialogResult.Saved) {
this.refresh();
}
}
async viewEvents(cipher: CipherView) {
await openEntityEventsDialog(this.dialogService, {
data: {

30
apps/web/src/locales/en/messages.json
View File

@ -1545,6 +1545,9 @@
"manage": {
"message": "Manage"
},
"canManage": {
"message": "Can manage"
},
"disable": {
"message": "Turn off"
},
@ -7218,6 +7221,18 @@
}
}
},
"collectionManagement": {
"message": "Collection management"
},
"collectionManagementDesc": {
"message": "Manage the collection behavior for the organization"
},
"limitCollectionCreationDeletionDesc": {
"message": "Limit collection creation and deletion to owners and admins"
},
"collectionManagementUpdated": {
"message": "Collection management behavior saved"
},
"passwordManagerPlanPrice": {
"message": "Password Manager plan price"
},
@ -7264,6 +7279,12 @@
"beta": {
"message": "Beta"
},
"assignCollectionAccess": {
"message": "Assign collection access"
},
"editedCollections": {
"message": "Edited collections"
},
"baseUrl": {
"message": "Server URL"
},
@ -7273,6 +7294,15 @@
"alreadyHaveAccount": {
"message": "Already have an account?"
},
"customBillingStart": {
"message": "Custom billing is not reflected. Visit the "
},
"customBillingEnd": {
"message": " page for latest invoicing."
},
"managePermissionRequired": {
"message": "At least one member or group must have can manage permission."
},
"typePasskey": {
"message": "Passkey"
},

3
libs/common/src/abstractions/api.service.ts
View File

@ -99,7 +99,6 @@ import { PlanResponse } from "../billing/models/response/plan.response";
import { SubscriptionResponse } from "../billing/models/response/subscription.response";
import { TaxInfoResponse } from "../billing/models/response/tax-info.response";
import { TaxRateResponse } from "../billing/models/response/tax-rate.response";
import { CollectionBulkDeleteRequest } from "../models/request/collection-bulk-delete.request";
import { DeleteRecoverRequest } from "../models/request/delete-recover.request";
import { EventRequest } from "../models/request/event.request";
import { IapCheckRequest } from "../models/request/iap-check.request";
@ -301,7 +300,7 @@ export abstract class ApiService {
request: CollectionRequest
) => Promise<CollectionResponse>;
deleteCollection: (organizationId: string, id: string) => Promise<any>;
deleteManyCollections: (request: CollectionBulkDeleteRequest) => Promise<any>;
deleteManyCollections: (organizationId: string, collectionIds: string[]) => Promise<any>;
deleteCollectionUser: (
organizationId: string,
id: string,

5
libs/common/src/admin-console/abstractions/organization/organization-api.service.abstraction.ts
View File

@ -18,6 +18,7 @@ import { StorageRequest } from "../../../models/request/storage.request";
import { VerifyBankRequest } from "../../../models/request/verify-bank.request";
import { ListResponse } from "../../../models/response/list.response";
import { OrganizationApiKeyType } from "../../enums";
import { OrganizationCollectionManagementUpdateRequest } from "../../models/request/organization-collection-management-update.request";
import { OrganizationCreateRequest } from "../../models/request/organization-create.request";
import { OrganizationKeysRequest } from "../../models/request/organization-keys.request";
import { OrganizationUpdateRequest } from "../../models/request/organization-update.request";
@ -73,4 +74,8 @@ export class OrganizationApiServiceAbstraction {
id: string,
request: SecretsManagerSubscribeRequest
) => Promise<ProfileOrganizationResponse>;
updateCollectionManagement: (
id: string,
request: OrganizationCollectionManagementUpdateRequest
) => Promise<OrganizationResponse>;
}

2
libs/common/src/admin-console/models/data/organization.data.ts
View File

@ -49,6 +49,7 @@ export class OrganizationData {
familySponsorshipValidUntil?: Date;
familySponsorshipToDelete?: boolean;
accessSecretsManager: boolean;
limitCollectionCreationDeletion: boolean;
constructor(
response: ProfileOrganizationResponse,
@ -100,6 +101,7 @@ export class OrganizationData {
this.familySponsorshipValidUntil = response.familySponsorshipValidUntil;
this.familySponsorshipToDelete = response.familySponsorshipToDelete;
this.accessSecretsManager = response.accessSecretsManager;
this.limitCollectionCreationDeletion = response.limitCollectionCreationDeletion;
this.isMember = options.isMember;
this.isProviderUser = options.isProviderUser;

9
libs/common/src/admin-console/models/domain/organization.ts
View File

@ -64,6 +64,10 @@ export class Organization {
familySponsorshipValidUntil?: Date;
familySponsorshipToDelete?: boolean;
accessSecretsManager: boolean;
/**
* Refers to the ability for an organization to limit collection creation and deletion to owners and admins only
*/
limitCollectionCreationDeletion: boolean;
constructor(obj?: OrganizationData) {
if (obj == null) {
@ -115,6 +119,7 @@ export class Organization {
this.familySponsorshipValidUntil = obj.familySponsorshipValidUntil;
this.familySponsorshipToDelete = obj.familySponsorshipToDelete;
this.accessSecretsManager = obj.accessSecretsManager;
this.limitCollectionCreationDeletion = obj.limitCollectionCreationDeletion;
}
get canAccess() {
@ -158,7 +163,9 @@ export class Organization {
}
get canCreateNewCollections() {
return this.isManager || this.permissions.createNewCollections;
return (
!this.limitCollectionCreationDeletion || this.isAdmin || this.permissions.createNewCollections
);
}
get canEditAnyCollection() {

3
libs/common/src/admin-console/models/request/organization-collection-management-update.request.ts Normal file
View File

@ -0,0 +1,3 @@
export class OrganizationCollectionManagementUpdateRequest {
limitCreateDeleteOwnerAdmin: boolean;
}

4
libs/common/src/admin-console/models/request/selection-read-only.request.ts
View File

@ -2,10 +2,12 @@ export class SelectionReadOnlyRequest {
id: string;
readOnly: boolean;
hidePasswords: boolean;
manage: boolean;
constructor(id: string, readOnly: boolean, hidePasswords: boolean) {
constructor(id: string, readOnly: boolean, hidePasswords: boolean, manage: boolean) {
this.id = id;
this.readOnly = readOnly;
this.hidePasswords = hidePasswords;
this.manage = manage;
}
}

4
libs/common/src/admin-console/models/response/organization.response.ts
View File

@ -32,6 +32,7 @@ export class OrganizationResponse extends BaseResponse {
smServiceAccounts?: number;
maxAutoscaleSmSeats?: number;
maxAutoscaleSmServiceAccounts?: number;
limitCollectionCreationDeletion: boolean;
constructor(response: any) {
super(response);
@ -67,5 +68,8 @@ export class OrganizationResponse extends BaseResponse {
this.smServiceAccounts = this.getResponseProperty("SmServiceAccounts");
this.maxAutoscaleSmSeats = this.getResponseProperty("MaxAutoscaleSmSeats");
this.maxAutoscaleSmServiceAccounts = this.getResponseProperty("MaxAutoscaleSmServiceAccounts");
this.limitCollectionCreationDeletion = this.getResponseProperty(
"LimitCollectionCreationDeletion"
);
}
}

4
libs/common/src/admin-console/models/response/profile-organization.response.ts
View File

@ -48,6 +48,7 @@ export class ProfileOrganizationResponse extends BaseResponse {
familySponsorshipValidUntil?: Date;
familySponsorshipToDelete?: boolean;
accessSecretsManager: boolean;
limitCollectionCreationDeletion: boolean;
constructor(response: any) {
super(response);
@ -105,5 +106,8 @@ export class ProfileOrganizationResponse extends BaseResponse {
}
this.familySponsorshipToDelete = this.getResponseProperty("FamilySponsorshipToDelete");
this.accessSecretsManager = this.getResponseProperty("AccessSecretsManager");
this.limitCollectionCreationDeletion = this.getResponseProperty(
"LimitCollectionCreationDeletion"
);
}
}

2
libs/common/src/admin-console/models/response/selection-read-only.response.ts
View File

@ -4,11 +4,13 @@ export class SelectionReadOnlyResponse extends BaseResponse {
id: string;
readOnly: boolean;
hidePasswords: boolean;
manage: boolean;
constructor(response: any) {
super(response);
this.id = this.getResponseProperty("Id");
this.readOnly = this.getResponseProperty("ReadOnly");
this.hidePasswords = this.getResponseProperty("HidePasswords");
this.manage = this.getResponseProperty("Manage");
}
}

17
libs/common/src/admin-console/services/organization/organization-api.service.ts
View File

@ -21,6 +21,7 @@ import { ListResponse } from "../../../models/response/list.response";
import { SyncService } from "../../../vault/abstractions/sync/sync.service.abstraction";
import { OrganizationApiServiceAbstraction } from "../../abstractions/organization/organization-api.service.abstraction";
import { OrganizationApiKeyType } from "../../enums";
import { OrganizationCollectionManagementUpdateRequest } from "../../models/request/organization-collection-management-update.request";
import { OrganizationCreateRequest } from "../../models/request/organization-create.request";
import { OrganizationKeysRequest } from "../../models/request/organization-keys.request";
import { OrganizationUpdateRequest } from "../../models/request/organization-update.request";
@ -322,4 +323,20 @@ export class OrganizationApiService implements OrganizationApiServiceAbstraction
);
return new ProfileOrganizationResponse(r);
}
async updateCollectionManagement(
id: string,
request: OrganizationCollectionManagementUpdateRequest
): Promise<OrganizationResponse> {
const r = await this.apiService.send(
"PUT",
"/organizations/" + id + "/collection-management",
request,
true,
true
);
const data = new OrganizationResponse(r);
await this.syncService.fullSync(true);
return data;
}
}

2
libs/common/src/enums/feature-flag.enum.ts
View File

@ -7,6 +7,8 @@ export enum FeatureFlag {
AutofillV2 = "autofill-v2",
BrowserFilelessImport = "browser-fileless-import",
ItemShare = "item-share",
FlexibleCollections = "flexible-collections",
BulkCollectionAccess = "bulk-collection-access",
}
// Replace this with a type safe lookup of the feature flag values in PM-2282

4
libs/common/src/models/request/collection-bulk-delete.request.ts
View File

@ -1,9 +1,7 @@
export class CollectionBulkDeleteRequest {
ids: string[];
organizationId: string;
constructor(ids: string[], organizationId?: string) {
constructor(ids: string[]) {
this.ids = ids == null ? [] : ids;
this.organizationId = organizationId;
}
}

6
libs/common/src/services/api.service.ts
View File

@ -834,11 +834,11 @@ export class ApiService implements ApiServiceAbstraction {
);
}
deleteManyCollections(request: CollectionBulkDeleteRequest): Promise<any> {
deleteManyCollections(organizationId: string, collectionIds: string[]): Promise<any> {
return this.send(
"DELETE",
"/organizations/" + request.organizationId + "/collections",
request,
"/organizations/" + organizationId + "/collections",
new CollectionBulkDeleteRequest(collectionIds),
true,
false
);

2
libs/common/src/vault/models/data/collection.data.ts
View File

@ -6,6 +6,7 @@ export class CollectionData {
name: string;
externalId: string;
readOnly: boolean;
manage: boolean;
hidePasswords: boolean;
constructor(response: CollectionDetailsResponse) {
@ -14,6 +15,7 @@ export class CollectionData {
this.name = response.name;
this.externalId = response.externalId;
this.readOnly = response.readOnly;
this.manage = response.manage;
this.hidePasswords = response.hidePasswords;
}
}

5
libs/common/src/vault/models/domain/collection.spec.ts
View File

@ -13,6 +13,7 @@ describe("Collection", () => {
name: "encName",
externalId: "extId",
readOnly: true,
manage: true,
hidePasswords: true,
};
});
@ -28,6 +29,7 @@ describe("Collection", () => {
name: null,
organizationId: null,
readOnly: null,
manage: null,
});
});
@ -40,6 +42,7 @@ describe("Collection", () => {
name: { encryptedString: "encName", encryptionType: 0 },
externalId: "extId",
readOnly: true,
manage: true,
hidePasswords: true,
});
});
@ -52,6 +55,7 @@ describe("Collection", () => {
collection.externalId = "extId";
collection.readOnly = false;
collection.hidePasswords = false;
collection.manage = true;
const view = await collection.decrypt();
@ -62,6 +66,7 @@ describe("Collection", () => {
name: "encName",
organizationId: "orgId",
readOnly: false,
manage: true,
});
});
});

4
libs/common/src/vault/models/domain/collection.ts
View File

@ -10,6 +10,7 @@ export class Collection extends Domain {
externalId: string;
readOnly: boolean;
hidePasswords: boolean;
manage: boolean;
constructor(obj?: CollectionData) {
super();
@ -27,8 +28,9 @@ export class Collection extends Domain {
externalId: null,
readOnly: null,
hidePasswords: null,
manage: null,
},
["id", "organizationId", "externalId", "readOnly", "hidePasswords"]
["id", "organizationId", "externalId", "readOnly", "hidePasswords", "manage"]
);
}

2
libs/common/src/vault/models/response/collection.response.ts
View File

@ -18,11 +18,13 @@ export class CollectionResponse extends BaseResponse {
export class CollectionDetailsResponse extends CollectionResponse {
readOnly: boolean;
manage: boolean;
hidePasswords: boolean;
constructor(response: any) {
super(response);
this.readOnly = this.getResponseProperty("ReadOnly") || false;
this.manage = this.getResponseProperty("Manage") || false;
this.hidePasswords = this.getResponseProperty("HidePasswords") || false;
}
}

11
libs/common/src/vault/models/view/collection.view.ts
View File

@ -14,6 +14,7 @@ export class CollectionView implements View, ITreeNodeObject {
// readOnly applies to the items within a collection
readOnly: boolean = null;
hidePasswords: boolean = null;
manage: boolean = null;
constructor(c?: Collection | CollectionAccessDetailsResponse) {
if (!c) {
@ -26,6 +27,7 @@ export class CollectionView implements View, ITreeNodeObject {
if (c instanceof Collection) {
this.readOnly = c.readOnly;
this.hidePasswords = c.hidePasswords;
this.manage = c.manage;
}
}
@ -40,12 +42,17 @@ export class CollectionView implements View, ITreeNodeObject {
}
// For deleting a collection, not the items within it.
canDelete(org: Organization): boolean {
canDelete(org: Organization, flexibleCollectionsEnabled: boolean): boolean {
if (org.id !== this.organizationId) {
throw new Error(
"Id of the organization provided does not match the org id of the collection."
);
}
return org?.canDeleteAnyCollection || org?.canDeleteAssignedCollections;
if (flexibleCollectionsEnabled) {
return org?.canDeleteAnyCollection || (!org?.limitCollectionCreationDeletion && this.manage);
} else {
return org?.canDeleteAnyCollection || org?.canDeleteAssignedCollections;
}
}
}