1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-27 12:36:14 +01:00

Validate permissions before API calls (#1098)

Manage users is required to list provider users. If this permission is
missing the event is listed as done by the provider name
This commit is contained in:
Matt Gibson 2021-07-28 11:40:01 -05:00 committed by GitHub
parent 851a53ec31
commit 4119713ace
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -59,12 +59,19 @@ export class EventsComponent extends BaseEventsComponent implements OnInit {
this.orgUsersUserIdMap.set(u.userId, { name: name, email: u.email });
});
if (this.organization.providerId != null && (await this.userService.getProvider(this.organization.providerId)) != null) {
const providerUsersResponse = await this.apiService.getProviderUsers(this.organization.providerId);
providerUsersResponse.data.forEach(u => {
const name = this.userNamePipe.transform(u);
this.orgUsersUserIdMap.set(u.userId, { name: `${name} (${this.organization.providerName})`, email: u.email });
});
if (this.organization.providerId != null) {
try {
const provider = await this.userService.getProvider(this.organization.providerId);
if (provider != null && (await this.userService.getProvider(this.organization.providerId)).canManageUsers) {
const providerUsersResponse = await this.apiService.getProviderUsers(this.organization.providerId);
providerUsersResponse.data.forEach(u => {
const name = this.userNamePipe.transform(u);
this.orgUsersUserIdMap.set(u.userId, { name: `${name} (${this.organization.providerName})`, email: u.email });
});
}
} catch (e) {
this.logService.warning(e);
}
}
await this.loadEvents(true);