Implemented Custom role and permissions (#237)

* Implemented Custom role and permissions * converted Permissions interface into a class * formatting fix
2024-11-23 11:56:00 +01:00 · 2021-01-11 17:01:39 -05:00 · 2021-01-11 17:01:39 -05:00 · 6ac6df75d7
commit 6ac6df75d7
parent 8d161d9245
10 changed files with 112 additions and 8 deletions
--- a/src/angular/components/add-edit.component.ts
+++ b/src/angular/components/add-edit.component.ts
@ -162,7 +162,7 @@ export class AddEditComponent implements OnInit {
        orgs.sort(Utils.getSortFunction(this.i18nService, 'name')).forEach((o) => {
            if (o.enabled && o.status === OrganizationUserStatusType.Confirmed) {
                this.ownershipOptions.push({ name: o.name, value: o.id });
-                if (policies != null && o.usePolicies && !o.isAdmin && this.allowPersonal) {
+                if (policies != null && o.usePolicies && !o.canManagePolicies && this.allowPersonal) {
                    for (const policy of policies) {
                        if (policy.organizationId === o.id && policy.enabled) {
                            this.allowPersonal = false;
--- a/src/enums/organizationUserType.ts
+++ b/src/enums/organizationUserType.ts
@ -3,4 +3,5 @@ export enum OrganizationUserType {
    Admin = 1,
    User = 2,
    Manager = 3,
+    Custom = 4,
 }
--- a/src/enums/permissions.ts
+++ b/src/enums/permissions.ts
@ -0,0 +1,12 @@
+export enum Permissions {
+    AccessBusinessPortal,
+    AccessEventLogs,
+    AccessImportExport,
+    AccessReports,
+    ManageAllCollections,
+    ManageAssignedCollections,
+    ManageGroups,
+    ManageOrganization,
+    ManagePolicies,
+    ManageUsers,
+}
--- a/src/models/api/permissionsApi.ts
+++ b/src/models/api/permissionsApi.ts
@ -0,0 +1,33 @@
+import { BaseResponse } from '../response/baseResponse';
+
+export class PermissionsApi extends BaseResponse {
+    accessBusinessPortal: boolean;
+    accessEventLogs: boolean;
+    accessImportExport: boolean;
+    accessReports: boolean;
+    manageAllCollections: boolean;
+    manageAssignedCollections: boolean;
+    manageCiphers: boolean;
+    manageGroups: boolean;
+    manageSso: boolean;
+    managePolicies: boolean;
+    manageUsers: boolean;
+
+    constructor(data: any = null) {
+        super(data);
+        if (data == null) {
+            return this;
+        }
+        this.accessBusinessPortal = this.getResponseProperty('AccessBusinessPortal');
+        this.accessEventLogs = this.getResponseProperty('AccessEventLogs');
+        this.accessImportExport = this.getResponseProperty('AccessImportExport');
+        this.accessReports = this.getResponseProperty('AccessReports');
+        this.manageAllCollections = this.getResponseProperty('ManageAllCollections');
+        this.manageAssignedCollections = this.getResponseProperty('ManageAssignedCollections');
+        this.manageCiphers = this.getResponseProperty('ManageCiphers');
+        this.manageGroups = this.getResponseProperty('ManageGroups');
+        this.manageSso = this.getResponseProperty('ManageSso');
+        this.managePolicies = this.getResponseProperty('ManagePolicies');
+        this.manageUsers = this.getResponseProperty('ManageUsers');
+    }
+}
--- a/src/models/data/organizationData.ts
+++ b/src/models/data/organizationData.ts
@ -2,6 +2,7 @@ import { ProfileOrganizationResponse } from '../response/profileOrganizationResp

 import { OrganizationUserStatusType } from '../../enums/organizationUserStatusType';
 import { OrganizationUserType } from '../../enums/organizationUserType';
+import { PermissionsApi } from '../api/permissionsApi';

 export class OrganizationData {
    id: string;
@ -25,6 +26,7 @@ export class OrganizationData {
    maxStorageGb?: number;
    ssoBound: boolean;
    identifier: string;
+    permissions: PermissionsApi;

    constructor(response: ProfileOrganizationResponse) {
        this.id = response.id;
@ -48,5 +50,6 @@ export class OrganizationData {
        this.maxStorageGb = response.maxStorageGb;
        this.ssoBound = response.ssoBound;
        this.identifier = response.identifier;
+        this.permissions = response.permissions;
    }
 }
--- a/src/models/domain/organization.ts
+++ b/src/models/domain/organization.ts
@ -2,6 +2,8 @@ import { OrganizationData } from '../data/organizationData';

 import { OrganizationUserStatusType } from '../../enums/organizationUserStatusType';
 import { OrganizationUserType } from '../../enums/organizationUserType';
+import { PermissionsApi } from '../api/permissionsApi';
+

 export class Organization {
    id: string;
@ -25,6 +27,7 @@ export class Organization {
    maxStorageGb?: number;
    ssoBound: boolean;
    identifier: string;
+    permissions: PermissionsApi;

    constructor(obj?: OrganizationData) {
        if (obj == null) {
@ -52,6 +55,7 @@ export class Organization {
        this.maxStorageGb = obj.maxStorageGb;
        this.ssoBound = obj.ssoBound;
        this.identifier = obj.identifier;
+        this.permissions = obj.permissions;
    }

    get canAccess() {
@ -73,4 +77,44 @@ export class Organization {
    get isOwner() {
        return this.type === OrganizationUserType.Owner;
    }
+
+    get canAccessBusinessPortal() {
+        return this.isAdmin || this.permissions.accessBusinessPortal;
+    }
+
+    get canAccessEventLogs() {
+        return this.isAdmin || this.permissions.accessEventLogs;
+    }
+
+    get canAccessImportExport() {
+        return this.isAdmin || this.permissions.accessImportExport;
+    }
+
+    get canAccessReports() {
+        return this.isAdmin || this.permissions.accessReports;
+    }
+
+    get canManageAllCollections() {
+        return this.isAdmin || this.permissions.manageAllCollections;
+    }
+
+    get canManageAssignedCollections() {
+        return this.isManager || this.permissions.manageAssignedCollections;
+    }
+
+    get canManageGroups() {
+        return this.isAdmin || this.permissions.manageGroups;
+    }
+
+    get canManageSso() {
+        return this.isAdmin || this.permissions.manageSso;
+    }
+
+    get canManagePolicies() {
+        return this.isAdmin || this.permissions.managePolicies;
+    }
+
+    get canManageUsers() {
+        return this.isAdmin || this.permissions.manageUsers;
+    }
 }
--- a/src/models/request/organizationUserInviteRequest.ts
+++ b/src/models/request/organizationUserInviteRequest.ts
@ -1,10 +1,12 @@
-import { OrganizationUserType } from '../../enums/organizationUserType';
-
 import { SelectionReadOnlyRequest } from './selectionReadOnlyRequest';

+import { OrganizationUserType } from '../../enums/organizationUserType';
+import { PermissionsApi } from '../api/permissionsApi';
+
 export class OrganizationUserInviteRequest {
    emails: string[] = [];
    type: OrganizationUserType;
    accessAll: boolean;
    collections: SelectionReadOnlyRequest[] = [];
+    permissions: PermissionsApi;
 }
--- a/src/models/request/organizationUserUpdateRequest.ts
+++ b/src/models/request/organizationUserUpdateRequest.ts
@ -1,9 +1,11 @@
-import { OrganizationUserType } from '../../enums/organizationUserType';
-
 import { SelectionReadOnlyRequest } from './selectionReadOnlyRequest';

+import { OrganizationUserType } from '../../enums/organizationUserType';
+import { PermissionsApi } from '../api/permissionsApi';
+
 export class OrganizationUserUpdateRequest {
    type: OrganizationUserType;
    accessAll: boolean;
    collections: SelectionReadOnlyRequest[] = [];
+    permissions: PermissionsApi;
 }
--- a/src/models/response/organizationUserResponse.ts
+++ b/src/models/response/organizationUserResponse.ts
@ -1,15 +1,18 @@
-import { OrganizationUserStatusType } from '../../enums/organizationUserStatusType';
-import { OrganizationUserType } from '../../enums/organizationUserType';
-
 import { BaseResponse } from './baseResponse';
 import { SelectionReadOnlyResponse } from './selectionReadOnlyResponse';

+import { PermissionsApi } from '../api/permissionsApi';
+
+import { OrganizationUserStatusType } from '../../enums/organizationUserStatusType';
+import { OrganizationUserType } from '../../enums/organizationUserType';
+
 export class OrganizationUserResponse extends BaseResponse {
    id: string;
    userId: string;
    type: OrganizationUserType;
    status: OrganizationUserStatusType;
    accessAll: boolean;
+    permissions: PermissionsApi;

    constructor(response: any) {
        super(response);
@ -17,6 +20,7 @@ export class OrganizationUserResponse extends BaseResponse {
        this.userId = this.getResponseProperty('UserId');
        this.type = this.getResponseProperty('Type');
        this.status = this.getResponseProperty('Status');
+        this.permissions = new PermissionsApi(this.getResponseProperty('Permissions'));
        this.accessAll = this.getResponseProperty('AccessAll');
    }
 }
--- a/src/models/response/profileOrganizationResponse.ts
+++ b/src/models/response/profileOrganizationResponse.ts
@ -2,6 +2,7 @@ import { BaseResponse } from './baseResponse';

 import { OrganizationUserStatusType } from '../../enums/organizationUserStatusType';
 import { OrganizationUserType } from '../../enums/organizationUserType';
+import { PermissionsApi } from '../api/permissionsApi';

 export class ProfileOrganizationResponse extends BaseResponse {
    id: string;
@ -26,6 +27,7 @@ export class ProfileOrganizationResponse extends BaseResponse {
    enabled: boolean;
    ssoBound: boolean;
    identifier: string;
+    permissions: PermissionsApi;

    constructor(response: any) {
        super(response);
@ -51,5 +53,6 @@ export class ProfileOrganizationResponse extends BaseResponse {
        this.enabled = this.getResponseProperty('Enabled');
        this.ssoBound = this.getResponseProperty('SsoBound');
        this.identifier = this.getResponseProperty('Identifier');
+        this.permissions = new PermissionsApi(this.getResponseProperty('permissions'));
    }
 }