[PM-12273] use organization properties for access permissions (#12358)

* use organization properties for access permissions * clean up refactor * simplify logic * refactor canAccessIntegrationEditor to have all the permission checks
2024-12-18 15:47:57 +01:00 · 2024-12-15 17:33:46 -05:00 · 2024-12-15 17:33:46 -05:00 · 31be6a7c88
commit 31be6a7c88
parent 407a571e31
5 changed files with 43 additions and 18 deletions
--- a/apps/web/src/app/admin-console/organizations/integrations/integrations.component.html
+++ b/apps/web/src/app/admin-console/organizations/integrations/integrations.component.html
@ -1,7 +1,7 @@
 <app-header> </app-header>

-<bit-tab-group [(selectedIndex)]="tabIndex">
-  <bit-tab [label]="'singleSignOn' | i18n">
+<bit-tab-group [(selectedIndex)]="tabIndex" *ngIf="organization$ | async as organization">
+  <bit-tab [label]="'singleSignOn' | i18n" *ngIf="organization.useSso">
    <section class="tw-mb-9">
      <h2 bitTypography="h2">{{ "singleSignOn" | i18n }}</h2>
      <p bitTypography="body1">
@ -15,8 +15,11 @@
    </section>
  </bit-tab>

-  <bit-tab [label]="'userProvisioning' | i18n">
-    <section class="tw-mb-9">
+  <bit-tab
+    [label]="'userProvisioning' | i18n"
+    *ngIf="organization.useScim || organization.useDirectory"
+  >
+    <section class="tw-mb-9" *ngIf="organization.useScim">
      <h2 bitTypography="h2">
        {{ "scimIntegration" | i18n }}
      </h2>
@ -29,7 +32,7 @@
        [integrations]="integrationsList | filterIntegrations: IntegrationType.SCIM"
      ></app-integration-grid>
    </section>
-    <section class="tw-mb-9">
+    <section class="tw-mb-9" *ngIf="organization.useDirectory">
      <h2 bitTypography="h2">
        {{ "bwdc" | i18n }}
      </h2>
@ -40,7 +43,7 @@
    </section>
  </bit-tab>

-  <bit-tab [label]="'eventManagement' | i18n">
+  <bit-tab [label]="'eventManagement' | i18n" *ngIf="organization.useEvents">
    <section class="tw-mb-9">
      <h2 bitTypography="h2">
        {{ "eventManagement" | i18n }}
--- a/apps/web/src/app/admin-console/organizations/integrations/integrations.component.ts
+++ b/apps/web/src/app/admin-console/organizations/integrations/integrations.component.ts
@ -1,7 +1,11 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
-import { Component } from "@angular/core";
+import { Component, OnInit } from "@angular/core";
+import { ActivatedRoute } from "@angular/router";
+import { Observable, switchMap } from "rxjs";

+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
+import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { IntegrationType } from "@bitwarden/common/enums";

 import { HeaderModule } from "../../../layouts/header/header.module";
@ -21,11 +25,21 @@ import { SharedOrganizationModule } from "../shared";
    FilterIntegrationsPipe,
  ],
 })
-export class AdminConsoleIntegrationsComponent {
+export class AdminConsoleIntegrationsComponent implements OnInit {
  integrationsList: Integration[] = [];
  tabIndex: number;
+  organization$: Observable<Organization>;

-  constructor() {
+  ngOnInit(): void {
+    this.organization$ = this.route.params.pipe(
+      switchMap((params) => this.organizationService.get$(params.organizationId)),
+    );
+  }
+
+  constructor(
+    private route: ActivatedRoute,
+    private organizationService: OrganizationService,
+  ) {
    this.integrationsList = [
      {
        name: "AD FS",
--- a/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.ts
+++ b/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.ts
@ -20,10 +20,8 @@ import { PolicyService } from "@bitwarden/common/admin-console/abstractions/poli
 import { ProviderService } from "@bitwarden/common/admin-console/abstractions/provider.service";
 import { PolicyType, ProviderStatusType } from "@bitwarden/common/admin-console/enums";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
-import { ProductTierType } from "@bitwarden/common/billing/enums";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
-import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { getById } from "@bitwarden/common/platform/misc";
 import { BannerModule, IconModule } from "@bitwarden/components";
@ -69,7 +67,6 @@ export class OrganizationLayoutComponent implements OnInit {
    private configService: ConfigService,
    private policyService: PolicyService,
    private providerService: ProviderService,
-    private i18nService: I18nService,
  ) {}

  async ngOnInit() {
@ -113,12 +110,7 @@ export class OrganizationLayoutComponent implements OnInit {
    this.integrationPageEnabled$ = combineLatest(
      this.organization$,
      this.configService.getFeatureFlag$(FeatureFlag.PM14505AdminConsoleIntegrationPage),
-    ).pipe(
-      map(
-        ([org, featureFlagEnabled]) =>
-          org.productTierType === ProductTierType.Enterprise && featureFlagEnabled,
-      ),
-    );
+    ).pipe(map(([org, featureFlagEnabled]) => featureFlagEnabled && org.canAccessIntegrations));

    this.domainVerificationNavigationTextKey = (await this.configService.getFeatureFlag(
      FeatureFlag.AccountDeprovisioning,
--- a/apps/web/src/app/admin-console/organizations/organization-routing.module.ts
+++ b/apps/web/src/app/admin-console/organizations/organization-routing.module.ts
@ -47,6 +47,7 @@ const routes: Routes = [
        canActivate: [
          canAccessFeature(FeatureFlag.PM14505AdminConsoleIntegrationPage),
          isEnterpriseOrgGuard(false),
+          organizationPermissionsGuard(canAccessIntegrations),
        ],
        component: AdminConsoleIntegrationsComponent,
        data: {
@ -109,6 +110,10 @@ function getOrganizationRoute(organization: Organization): string {
  return undefined;
 }

+function canAccessIntegrations(organization: Organization) {
+  return organization.canAccessIntegrations;
+}
+
@NgModule({
  imports: [RouterModule.forChild(routes)],
  exports: [RouterModule],
--- a/libs/common/src/admin-console/models/domain/organization.ts
+++ b/libs/common/src/admin-console/models/domain/organization.ts
@ -360,4 +360,15 @@ export class Organization {
      familySponsorshipValidUntil: new Date(json.familySponsorshipValidUntil),
    });
  }
+
+  get canAccessIntegrations() {
+    return (
+      (this.productTierType === ProductTierType.Teams ||
+        this.productTierType === ProductTierType.Enterprise) &&
+      (this.isAdmin ||
+        this.permissions.manageUsers ||
+        this.permissions.manageGroups ||
+        this.permissions.accessEventLogs)
+    );
+  }
 }