mirror of
https://github.com/bitwarden/browser.git
synced 2024-11-27 12:36:14 +01:00
Validate permissions before API calls (#1098)
Manage users is required to list provider users. If this permission is missing the event is listed as done by the provider name
This commit is contained in:
parent
851a53ec31
commit
4119713ace
@ -59,12 +59,19 @@ export class EventsComponent extends BaseEventsComponent implements OnInit {
|
||||
this.orgUsersUserIdMap.set(u.userId, { name: name, email: u.email });
|
||||
});
|
||||
|
||||
if (this.organization.providerId != null && (await this.userService.getProvider(this.organization.providerId)) != null) {
|
||||
const providerUsersResponse = await this.apiService.getProviderUsers(this.organization.providerId);
|
||||
providerUsersResponse.data.forEach(u => {
|
||||
const name = this.userNamePipe.transform(u);
|
||||
this.orgUsersUserIdMap.set(u.userId, { name: `${name} (${this.organization.providerName})`, email: u.email });
|
||||
});
|
||||
if (this.organization.providerId != null) {
|
||||
try {
|
||||
const provider = await this.userService.getProvider(this.organization.providerId);
|
||||
if (provider != null && (await this.userService.getProvider(this.organization.providerId)).canManageUsers) {
|
||||
const providerUsersResponse = await this.apiService.getProviderUsers(this.organization.providerId);
|
||||
providerUsersResponse.data.forEach(u => {
|
||||
const name = this.userNamePipe.transform(u);
|
||||
this.orgUsersUserIdMap.set(u.userId, { name: `${name} (${this.organization.providerName})`, email: u.email });
|
||||
});
|
||||
}
|
||||
} catch (e) {
|
||||
this.logService.warning(e);
|
||||
}
|
||||
}
|
||||
|
||||
await this.loadEvents(true);
|
||||
|
Loading…
Reference in New Issue
Block a user