Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-25 12:15:18 +01:00
Code Issues Projects Releases Wiki Activity

[SM-1293] Add the ability to fetch a secret's access policies (#9463)

Browse Source 
* Update response models

* Update view models

* Update access policy service

* update ap item types to use new models

* add convertToSecretAccessPolicies

* Add unit tests
This commit is contained in:
Thomas Avery 2024-06-07 12:08:21 -05:00 committed by GitHub
parent 769d67af39
commit 7acc13cbb9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
22 changed files with 904 additions and 412 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
bitwarden_license/bit-web/src/app/secrets-manager/models/view/access-policies/access-policy.view.ts
View File

@ -1,44 +1,26 @@
export class BaseAccessPolicyView { class BaseAccessPolicyView {
id: string;
read: boolean; read: boolean;
write: boolean; write: boolean;
creationDate: string;
revisionDate: string;
} }
export class UserProjectAccessPolicyView extends BaseAccessPolicyView { export class UserAccessPolicyView extends BaseAccessPolicyView {
organizationUserId: string; organizationUserId: string;
organizationUserName: string; organizationUserName: string;
grantedProjectId: string;
userId: string;
currentUser: boolean; currentUser: boolean;
} }
export class UserServiceAccountAccessPolicyView extends BaseAccessPolicyView { export class GroupAccessPolicyView extends BaseAccessPolicyView {
organizationUserId: string;
organizationUserName: string;
grantedServiceAccountId: string;
userId: string;
currentUser: boolean;
}
export class GroupProjectAccessPolicyView extends BaseAccessPolicyView {
groupId: string; groupId: string;
groupName: string; groupName: string;
grantedProjectId: string;
currentUserInGroup: boolean; currentUserInGroup: boolean;
} }
export class GroupServiceAccountAccessPolicyView extends BaseAccessPolicyView { export class ServiceAccountAccessPolicyView extends BaseAccessPolicyView {
groupId: string;
groupName: string;
grantedServiceAccountId: string;
currentUserInGroup: boolean;
}
export class ServiceAccountProjectAccessPolicyView extends BaseAccessPolicyView {
serviceAccountId: string; serviceAccountId: string;
serviceAccountName: string; serviceAccountName: string;
}
export class GrantedProjectAccessPolicyView extends BaseAccessPolicyView {
grantedProjectId: string; grantedProjectId: string;
grantedProjectName: string; grantedProjectName: string;
} }

6
bitwarden_license/bit-web/src/app/secrets-manager/models/view/access-policies/project-people-access-policies.view.ts
View File

@ -1,6 +1,6 @@
import { GroupProjectAccessPolicyView, UserProjectAccessPolicyView } from "./access-policy.view"; import { GroupAccessPolicyView, UserAccessPolicyView } from "./access-policy.view";
export class ProjectPeopleAccessPoliciesView { export class ProjectPeopleAccessPoliciesView {
userAccessPolicies: UserProjectAccessPolicyView[]; userAccessPolicies: UserAccessPolicyView[];
groupAccessPolicies: GroupProjectAccessPolicyView[]; groupAccessPolicies: GroupAccessPolicyView[];
} }

4
bitwarden_license/bit-web/src/app/secrets-manager/models/view/access-policies/project-service-accounts-access-policies.view.ts
View File

@ -1,5 +1,5 @@
import { ServiceAccountProjectAccessPolicyView } from "./access-policy.view"; import { ServiceAccountAccessPolicyView } from "./access-policy.view";
export class ProjectServiceAccountsAccessPoliciesView { export class ProjectServiceAccountsAccessPoliciesView {
serviceAccountAccessPolicies: ServiceAccountProjectAccessPolicyView[]; serviceAccountAccessPolicies: ServiceAccountAccessPolicyView[];
} }

11
bitwarden_license/bit-web/src/app/secrets-manager/models/view/access-policies/secret-access-policies.view.ts Normal file
View File

@ -0,0 +1,11 @@
import {
GroupAccessPolicyView,
UserAccessPolicyView,
ServiceAccountAccessPolicyView,
} from "./access-policy.view";
export class SecretAccessPoliciesView {
userAccessPolicies: UserAccessPolicyView[];
groupAccessPolicies: GroupAccessPolicyView[];
serviceAccountAccessPolicies: ServiceAccountAccessPolicyView[];
}

8
bitwarden_license/bit-web/src/app/secrets-manager/models/view/access-policies/service-account-granted-policies.view.ts
View File

@ -1,10 +1,10 @@
import { ServiceAccountProjectAccessPolicyView } from "./access-policy.view"; import { GrantedProjectAccessPolicyView } from "./access-policy.view";
export class ServiceAccountGrantedPoliciesView { export class ServiceAccountGrantedPoliciesView {
grantedProjectPolicies: ServiceAccountProjectPolicyPermissionDetailsView[]; grantedProjectPolicies: GrantedProjectPolicyPermissionDetailsView[];
} }
export class ServiceAccountProjectPolicyPermissionDetailsView { export class GrantedProjectPolicyPermissionDetailsView {
accessPolicy: ServiceAccountProjectAccessPolicyView; accessPolicy: GrantedProjectAccessPolicyView;
hasPermission: boolean; hasPermission: boolean;
} }

9
bitwarden_license/bit-web/src/app/secrets-manager/models/view/access-policies/service-account-people-access-policies.view.ts
View File

@ -1,9 +1,6 @@
import { import { GroupAccessPolicyView, UserAccessPolicyView } from "./access-policy.view";
GroupServiceAccountAccessPolicyView,
UserServiceAccountAccessPolicyView,
} from "./access-policy.view";
export class ServiceAccountPeopleAccessPoliciesView { export class ServiceAccountPeopleAccessPoliciesView {
userAccessPolicies: UserServiceAccountAccessPolicyView[]; userAccessPolicies: UserAccessPolicyView[];
groupAccessPolicies: GroupServiceAccountAccessPolicyView[]; groupAccessPolicies: GroupAccessPolicyView[];
} }

7
bitwarden_license/bit-web/src/app/secrets-manager/projects/project/project-people.component.ts
View File

@ -12,7 +12,7 @@ import { DialogService } from "@bitwarden/components";
import { AccessPolicySelectorService } from "../../shared/access-policies/access-policy-selector/access-policy-selector.service"; import { AccessPolicySelectorService } from "../../shared/access-policies/access-policy-selector/access-policy-selector.service";
import { import {
ApItemValueType, ApItemValueType,
convertToProjectPeopleAccessPoliciesView, convertToPeopleAccessPoliciesView,
} from "../../shared/access-policies/access-policy-selector/models/ap-item-value.type"; } from "../../shared/access-policies/access-policy-selector/models/ap-item-value.type";
import { import {
ApItemViewType, ApItemViewType,
@ -119,10 +119,7 @@ export class ProjectPeopleComponent implements OnInit, OnDestroy {
} }
try { try {
const projectPeopleView = convertToProjectPeopleAccessPoliciesView( const projectPeopleView = convertToPeopleAccessPoliciesView(formValues);
this.projectId,
formValues,
);
const peoplePoliciesViews = await this.accessPolicyService.putProjectPeopleAccessPolicies( const peoplePoliciesViews = await this.accessPolicyService.putProjectPeopleAccessPolicies(
this.projectId, this.projectId,
projectPeopleView, projectPeopleView,

2
bitwarden_license/bit-web/src/app/secrets-manager/projects/project/project-service-accounts.component.ts
View File

@ -144,7 +144,7 @@ export class ProjectServiceAccountsComponent implements OnInit, OnDestroy {
projectId: string, projectId: string,
selectedPolicies: ApItemValueType[], selectedPolicies: ApItemValueType[],
): Promise<ProjectServiceAccountsAccessPoliciesView> { ): Promise<ProjectServiceAccountsAccessPoliciesView> {
const view = convertToProjectServiceAccountsAccessPoliciesView(projectId, selectedPolicies); const view = convertToProjectServiceAccountsAccessPoliciesView(selectedPolicies);
return await this.accessPolicyService.putProjectServiceAccountsAccessPolicies( return await this.accessPolicyService.putProjectServiceAccountsAccessPolicies(
organizationId, organizationId,
projectId, projectId,

7
bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/people/service-account-people.component.ts
View File

@ -11,7 +11,7 @@ import { DialogService } from "@bitwarden/components";
import { AccessPolicySelectorService } from "../../shared/access-policies/access-policy-selector/access-policy-selector.service"; import { AccessPolicySelectorService } from "../../shared/access-policies/access-policy-selector/access-policy-selector.service";
import { import {
ApItemValueType, ApItemValueType,
convertToServiceAccountPeopleAccessPoliciesView, convertToPeopleAccessPoliciesView,
} from "../../shared/access-policies/access-policy-selector/models/ap-item-value.type"; } from "../../shared/access-policies/access-policy-selector/models/ap-item-value.type";
import { import {
ApItemViewType, ApItemViewType,
@ -180,10 +180,7 @@ export class ServiceAccountPeopleComponent implements OnInit, OnDestroy {
serviceAccountId: string, serviceAccountId: string,
selectedPolicies: ApItemValueType[], selectedPolicies: ApItemValueType[],
) { ) {
const serviceAccountPeopleView = convertToServiceAccountPeopleAccessPoliciesView( const serviceAccountPeopleView = convertToPeopleAccessPoliciesView(selectedPolicies);
serviceAccountId,
selectedPolicies,
);
return await this.accessPolicyService.putServiceAccountPeopleAccessPolicies( return await this.accessPolicyService.putServiceAccountPeopleAccessPolicies(
serviceAccountId, serviceAccountId,
serviceAccountPeopleView, serviceAccountPeopleView,

5
bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/projects/service-account-projects.component.ts
View File

@ -144,10 +144,7 @@ export class ServiceAccountProjectsComponent implements OnInit, OnDestroy {
serviceAccountId: string, serviceAccountId: string,
selectedPolicies: ApItemValueType[], selectedPolicies: ApItemValueType[],
): Promise<ServiceAccountGrantedPoliciesView> { ): Promise<ServiceAccountGrantedPoliciesView> {
const grantedViews = convertToServiceAccountGrantedPoliciesView( const grantedViews = convertToServiceAccountGrantedPoliciesView(selectedPolicies);
serviceAccountId,
selectedPolicies,
);
return await this.accessPolicyService.putServiceAccountGrantedPolicies( return await this.accessPolicyService.putServiceAccountGrantedPolicies(
organizationId, organizationId,
serviceAccountId, serviceAccountId,

238
bitwarden_license/bit-web/src/app/secrets-manager/shared/access-policies/access-policy-selector/models/ap-item-value.spec.ts Normal file
View File

@ -0,0 +1,238 @@
import {
convertToSecretAccessPoliciesView,
convertToPeopleAccessPoliciesView,
ApItemValueType,
convertToProjectServiceAccountsAccessPoliciesView,
convertToServiceAccountGrantedPoliciesView,
} from "./ap-item-value.type";
import { ApItemEnum } from "./enums/ap-item.enum";
import { ApPermissionEnum } from "./enums/ap-permission.enum";
describe("convertToPeopleAccessPoliciesView", () => {
it("should convert selected policy values to user and group access policies view", () => {
const selectedPolicyValues = [...createUserApItems(), ...createGroupApItems()];
const result = convertToPeopleAccessPoliciesView(selectedPolicyValues);
expect(result.userAccessPolicies).toEqual(expectedUserAccessPolicies);
expect(result.groupAccessPolicies).toEqual(expectedGroupAccessPolicies);
});
it("should return empty user array if no selected users are provided", () => {
const selectedPolicyValues = createGroupApItems();
const result = convertToPeopleAccessPoliciesView(selectedPolicyValues);
expect(result.userAccessPolicies).toEqual([]);
expect(result.groupAccessPolicies).toEqual(expectedGroupAccessPolicies);
});
it("should return empty group array if no selected groups are provided", () => {
const selectedPolicyValues = createUserApItems();
const result = convertToPeopleAccessPoliciesView(selectedPolicyValues);
expect(result.userAccessPolicies).toEqual(expectedUserAccessPolicies);
expect(result.groupAccessPolicies).toEqual([]);
});
it("should return empty arrays if no selected policy values are provided", () => {
const selectedPolicyValues: ApItemValueType[] = [];
const result = convertToPeopleAccessPoliciesView(selectedPolicyValues);
expect(result.userAccessPolicies).toEqual([]);
expect(result.groupAccessPolicies).toEqual([]);
});
});
describe("convertToServiceAccountGrantedPoliciesView", () => {
it("should convert selected policy values to ServiceAccountGrantedPoliciesView", () => {
const selectedPolicyValues = createProjectApItems();
const result = convertToServiceAccountGrantedPoliciesView(selectedPolicyValues);
expect(result.grantedProjectPolicies).toHaveLength(2);
expect(result.grantedProjectPolicies[0].accessPolicy.grantedProjectId).toBe(
selectedPolicyValues[0].id,
);
expect(result.grantedProjectPolicies[0].accessPolicy.read).toBe(true);
expect(result.grantedProjectPolicies[0].accessPolicy.write).toBe(false);
expect(result.grantedProjectPolicies[1].accessPolicy.grantedProjectId).toBe(
selectedPolicyValues[1].id,
);
expect(result.grantedProjectPolicies[1].accessPolicy.read).toBe(true);
expect(result.grantedProjectPolicies[1].accessPolicy.write).toBe(true);
});
it("should return empty array if no selected project policies are provided", () => {
const selectedPolicyValues: ApItemValueType[] = [];
const result = convertToServiceAccountGrantedPoliciesView(selectedPolicyValues);
expect(result.grantedProjectPolicies).toEqual([]);
});
});
describe("convertToProjectServiceAccountsAccessPoliciesView", () => {
it("should convert selected policy values to ProjectServiceAccountsAccessPoliciesView", () => {
const selectedPolicyValues = createServiceAccountApItems();
const result = convertToProjectServiceAccountsAccessPoliciesView(selectedPolicyValues);
expect(result.serviceAccountAccessPolicies).toEqual(expectedServiceAccountAccessPolicies);
});
it("should return empty array if nothing is selected.", () => {
const selectedPolicyValues: ApItemValueType[] = [];
const result = convertToProjectServiceAccountsAccessPoliciesView(selectedPolicyValues);
expect(result.serviceAccountAccessPolicies).toEqual([]);
});
});
describe("convertToSecretAccessPoliciesView", () => {
it("should convert selected policy values to SecretAccessPoliciesView", () => {
const selectedPolicyValues = [
...createUserApItems(),
...createGroupApItems(),
...createServiceAccountApItems(),
];
const result = convertToSecretAccessPoliciesView(selectedPolicyValues);
expect(result.userAccessPolicies).toEqual(expectedUserAccessPolicies);
expect(result.groupAccessPolicies).toEqual(expectedGroupAccessPolicies);
expect(result.serviceAccountAccessPolicies).toEqual(expectedServiceAccountAccessPolicies);
});
it("should return empty user array if no selected users are provided", () => {
const selectedPolicyValues = [...createGroupApItems(), ...createServiceAccountApItems()];
const result = convertToSecretAccessPoliciesView(selectedPolicyValues);
expect(result.userAccessPolicies).toEqual([]);
expect(result.groupAccessPolicies).toEqual(expectedGroupAccessPolicies);
expect(result.serviceAccountAccessPolicies).toEqual(expectedServiceAccountAccessPolicies);
});
it("should return empty group array if no selected groups are provided", () => {
const selectedPolicyValues = [...createUserApItems(), ...createServiceAccountApItems()];
const result = convertToSecretAccessPoliciesView(selectedPolicyValues);
expect(result.userAccessPolicies).toEqual(expectedUserAccessPolicies);
expect(result.groupAccessPolicies).toEqual([]);
expect(result.serviceAccountAccessPolicies).toEqual(expectedServiceAccountAccessPolicies);
});
it("should return empty service account array if no selected service accounts are provided", () => {
const selectedPolicyValues = [...createUserApItems(), ...createGroupApItems()];
const result = convertToSecretAccessPoliciesView(selectedPolicyValues);
expect(result.userAccessPolicies).toEqual(expectedUserAccessPolicies);
expect(result.groupAccessPolicies).toEqual(expectedGroupAccessPolicies);
expect(result.serviceAccountAccessPolicies).toEqual([]);
});
it("should return empty arrays if nothing is selected.", () => {
const selectedPolicyValues: ApItemValueType[] = [];
const result = convertToSecretAccessPoliciesView(selectedPolicyValues);
expect(result.userAccessPolicies).toEqual([]);
expect(result.groupAccessPolicies).toEqual([]);
expect(result.serviceAccountAccessPolicies).toEqual([]);
});
});
function createUserApItems(): ApItemValueType[] {
return [
{
id: "1",
type: ApItemEnum.User,
permission: ApPermissionEnum.CanRead,
},
{
id: "3",
type: ApItemEnum.User,
permission: ApPermissionEnum.CanReadWrite,
},
];
}
const expectedUserAccessPolicies = [
{
organizationUserId: "1",
read: true,
write: false,
},
{
organizationUserId: "3",
read: true,
write: true,
},
];
function createServiceAccountApItems(): ApItemValueType[] {
return [
{
id: "1",
type: ApItemEnum.ServiceAccount,
permission: ApPermissionEnum.CanRead,
},
{
id: "2",
type: ApItemEnum.ServiceAccount,
permission: ApPermissionEnum.CanReadWrite,
},
];
}
const expectedServiceAccountAccessPolicies = [
{
serviceAccountId: "1",
read: true,
write: false,
},
{
serviceAccountId: "2",
read: true,
write: true,
},
];
function createGroupApItems(): ApItemValueType[] {
return [
{
id: "2",
type: ApItemEnum.Group,
permission: ApPermissionEnum.CanReadWrite,
},
];
}
const expectedGroupAccessPolicies = [
{
groupId: "2",
read: true,
write: true,
},
];
function createProjectApItems(): ApItemValueType[] {
return [
{
id: "1",
type: ApItemEnum.Project,
permission: ApPermissionEnum.CanRead,
},
{
id: "2",
type: ApItemEnum.Project,
permission: ApPermissionEnum.CanReadWrite,
},
];
}

136
bitwarden_license/bit-web/src/app/secrets-manager/shared/access-policies/access-policy-selector/models/ap-item-value.type.ts
View File

@ -1,17 +1,15 @@
import { import {
UserProjectAccessPolicyView, UserAccessPolicyView,
GroupProjectAccessPolicyView, GroupAccessPolicyView,
UserServiceAccountAccessPolicyView, ServiceAccountAccessPolicyView,
GroupServiceAccountAccessPolicyView, GrantedProjectAccessPolicyView,
ServiceAccountProjectAccessPolicyView,
} from "../../../../models/view/access-policies/access-policy.view"; } from "../../../../models/view/access-policies/access-policy.view";
import { ProjectPeopleAccessPoliciesView } from "../../../../models/view/access-policies/project-people-access-policies.view";
import { ProjectServiceAccountsAccessPoliciesView } from "../../../../models/view/access-policies/project-service-accounts-access-policies.view"; import { ProjectServiceAccountsAccessPoliciesView } from "../../../../models/view/access-policies/project-service-accounts-access-policies.view";
import { SecretAccessPoliciesView } from "../../../../models/view/access-policies/secret-access-policies.view";
import { import {
ServiceAccountGrantedPoliciesView, ServiceAccountGrantedPoliciesView,
ServiceAccountProjectPolicyPermissionDetailsView, GrantedProjectPolicyPermissionDetailsView,
} from "../../../../models/view/access-policies/service-account-granted-policies.view"; } from "../../../../models/view/access-policies/service-account-granted-policies.view";
import { ServiceAccountPeopleAccessPoliciesView } from "../../../../models/view/access-policies/service-account-people-access-policies.view";
import { ApItemEnum } from "./enums/ap-item.enum"; import { ApItemEnum } from "./enums/ap-item.enum";
import { ApPermissionEnum, ApPermissionEnumUtil } from "./enums/ap-permission.enum"; import { ApPermissionEnum, ApPermissionEnumUtil } from "./enums/ap-permission.enum";
@ -24,67 +22,14 @@ export type ApItemValueType = {
currentUser?: boolean; currentUser?: boolean;
}; };
export function convertToProjectPeopleAccessPoliciesView( export function convertToPeopleAccessPoliciesView(selectedPolicyValues: ApItemValueType[]) {
projectId: string, return {
selectedPolicyValues: ApItemValueType[], userAccessPolicies: convertToUserAccessPolicyViews(selectedPolicyValues),
): ProjectPeopleAccessPoliciesView { groupAccessPolicies: convertToGroupAccessPolicyViews(selectedPolicyValues),
const view = new ProjectPeopleAccessPoliciesView(); };
view.userAccessPolicies = selectedPolicyValues
.filter((x) => x.type == ApItemEnum.User)
.map((filtered) => {
const policyView = new UserProjectAccessPolicyView();
policyView.grantedProjectId = projectId;
policyView.organizationUserId = filtered.id;
policyView.read = ApPermissionEnumUtil.toRead(filtered.permission);
policyView.write = ApPermissionEnumUtil.toWrite(filtered.permission);
return policyView;
});
view.groupAccessPolicies = selectedPolicyValues
.filter((x) => x.type == ApItemEnum.Group)
.map((filtered) => {
const policyView = new GroupProjectAccessPolicyView();
policyView.grantedProjectId = projectId;
policyView.groupId = filtered.id;
policyView.read = ApPermissionEnumUtil.toRead(filtered.permission);
policyView.write = ApPermissionEnumUtil.toWrite(filtered.permission);
return policyView;
});
return view;
}
export function convertToServiceAccountPeopleAccessPoliciesView(
serviceAccountId: string,
selectedPolicyValues: ApItemValueType[],
): ServiceAccountPeopleAccessPoliciesView {
const view = new ServiceAccountPeopleAccessPoliciesView();
view.userAccessPolicies = selectedPolicyValues
.filter((x) => x.type == ApItemEnum.User)
.map((filtered) => {
const policyView = new UserServiceAccountAccessPolicyView();
policyView.grantedServiceAccountId = serviceAccountId;
policyView.organizationUserId = filtered.id;
policyView.read = ApPermissionEnumUtil.toRead(filtered.permission);
policyView.write = ApPermissionEnumUtil.toWrite(filtered.permission);
policyView.currentUser = filtered.currentUser;
return policyView;
});
view.groupAccessPolicies = selectedPolicyValues
.filter((x) => x.type == ApItemEnum.Group)
.map((filtered) => {
const policyView = new GroupServiceAccountAccessPolicyView();
policyView.grantedServiceAccountId = serviceAccountId;
policyView.groupId = filtered.id;
policyView.read = ApPermissionEnumUtil.toRead(filtered.permission);
policyView.write = ApPermissionEnumUtil.toWrite(filtered.permission);
return policyView;
});
return view;
} }
export function convertToServiceAccountGrantedPoliciesView( export function convertToServiceAccountGrantedPoliciesView(
serviceAccountId: string,
selectedPolicyValues: ApItemValueType[], selectedPolicyValues: ApItemValueType[],
): ServiceAccountGrantedPoliciesView { ): ServiceAccountGrantedPoliciesView {
const view = new ServiceAccountGrantedPoliciesView(); const view = new ServiceAccountGrantedPoliciesView();
@ -92,9 +37,8 @@ export function convertToServiceAccountGrantedPoliciesView(
view.grantedProjectPolicies = selectedPolicyValues view.grantedProjectPolicies = selectedPolicyValues
.filter((x) => x.type == ApItemEnum.Project) .filter((x) => x.type == ApItemEnum.Project)
.map((filtered) => { .map((filtered) => {
const detailView = new ServiceAccountProjectPolicyPermissionDetailsView(); const detailView = new GrantedProjectPolicyPermissionDetailsView();
const policyView = new ServiceAccountProjectAccessPolicyView(); const policyView = new GrantedProjectAccessPolicyView();
policyView.serviceAccountId = serviceAccountId;
policyView.grantedProjectId = filtered.id; policyView.grantedProjectId = filtered.id;
policyView.read = ApPermissionEnumUtil.toRead(filtered.permission); policyView.read = ApPermissionEnumUtil.toRead(filtered.permission);
policyView.write = ApPermissionEnumUtil.toWrite(filtered.permission); policyView.write = ApPermissionEnumUtil.toWrite(filtered.permission);
@ -107,21 +51,57 @@ export function convertToServiceAccountGrantedPoliciesView(
} }
export function convertToProjectServiceAccountsAccessPoliciesView( export function convertToProjectServiceAccountsAccessPoliciesView(
projectId: string,
selectedPolicyValues: ApItemValueType[], selectedPolicyValues: ApItemValueType[],
): ProjectServiceAccountsAccessPoliciesView { ): ProjectServiceAccountsAccessPoliciesView {
const view = new ProjectServiceAccountsAccessPoliciesView(); return {
serviceAccountAccessPolicies: convertToServiceAccountAccessPolicyViews(selectedPolicyValues),
};
}
view.serviceAccountAccessPolicies = selectedPolicyValues export function convertToSecretAccessPoliciesView(
.filter((x) => x.type == ApItemEnum.ServiceAccount) selectedPolicyValues: ApItemValueType[],
): SecretAccessPoliciesView {
return {
userAccessPolicies: convertToUserAccessPolicyViews(selectedPolicyValues),
groupAccessPolicies: convertToGroupAccessPolicyViews(selectedPolicyValues),
serviceAccountAccessPolicies: convertToServiceAccountAccessPolicyViews(selectedPolicyValues),
};
}
function convertToUserAccessPolicyViews(apItemValues: ApItemValueType[]): UserAccessPolicyView[] {
return apItemValues
.filter((x) => x.type == ApItemEnum.User)
.map((filtered) => { .map((filtered) => {
const policyView = new ServiceAccountProjectAccessPolicyView(); const policyView = new UserAccessPolicyView();
policyView.serviceAccountId = filtered.id; policyView.organizationUserId = filtered.id;
policyView.grantedProjectId = projectId; policyView.read = ApPermissionEnumUtil.toRead(filtered.permission);
policyView.write = ApPermissionEnumUtil.toWrite(filtered.permission);
return policyView;
});
}
function convertToGroupAccessPolicyViews(apItemValues: ApItemValueType[]): GroupAccessPolicyView[] {
return apItemValues
.filter((x) => x.type == ApItemEnum.Group)
.map((filtered) => {
const policyView = new GroupAccessPolicyView();
policyView.groupId = filtered.id;
policyView.read = ApPermissionEnumUtil.toRead(filtered.permission);
policyView.write = ApPermissionEnumUtil.toWrite(filtered.permission);
return policyView;
});
}
function convertToServiceAccountAccessPolicyViews(
apItemValues: ApItemValueType[],
): ServiceAccountAccessPolicyView[] {
return apItemValues
.filter((x) => x.type == ApItemEnum.ServiceAccount)
.map((filtered) => {
const policyView = new ServiceAccountAccessPolicyView();
policyView.serviceAccountId = filtered.id;
policyView.read = ApPermissionEnumUtil.toRead(filtered.permission); policyView.read = ApPermissionEnumUtil.toRead(filtered.permission);
policyView.write = ApPermissionEnumUtil.toWrite(filtered.permission); policyView.write = ApPermissionEnumUtil.toWrite(filtered.permission);
return policyView; return policyView;
}); });
return view;
} }

310
bitwarden_license/bit-web/src/app/secrets-manager/shared/access-policies/access-policy-selector/models/ap-item-view.spec.ts Normal file
View File

@ -0,0 +1,310 @@
import {
GroupAccessPolicyView,
ServiceAccountAccessPolicyView,
UserAccessPolicyView,
} from "../../../../models/view/access-policies/access-policy.view";
import { ProjectPeopleAccessPoliciesView } from "../../../../models/view/access-policies/project-people-access-policies.view";
import { ProjectServiceAccountsAccessPoliciesView } from "../../../../models/view/access-policies/project-service-accounts-access-policies.view";
import { SecretAccessPoliciesView } from "../../../../models/view/access-policies/secret-access-policies.view";
import { ServiceAccountGrantedPoliciesView } from "../../../../models/view/access-policies/service-account-granted-policies.view";
import { ServiceAccountPeopleAccessPoliciesView } from "../../../../models/view/access-policies/service-account-people-access-policies.view";
import {
convertGrantedPoliciesToAccessPolicyItemViews,
convertProjectServiceAccountsViewToApItemViews,
convertSecretAccessPoliciesToApItemViews,
convertToAccessPolicyItemViews,
} from "./ap-item-view.type";
import { ApItemEnum } from "./enums/ap-item.enum";
import { ApPermissionEnum } from "./enums/ap-permission.enum";
describe("convertToAccessPolicyItemViews", () => {
it("should convert ProjectPeopleAccessPoliciesView to ApItemViewType array", () => {
const accessPoliciesView: ProjectPeopleAccessPoliciesView = createPeopleAccessPoliciesView();
const result = convertToAccessPolicyItemViews(accessPoliciesView);
expect(result).toEqual([...expectedUserApItemViews, ...expectedGroupApItemViews]);
});
it("should convert empty ProjectPeopleAccessPoliciesView to empty ApItemViewType array", () => {
const accessPoliciesView = new ProjectPeopleAccessPoliciesView();
accessPoliciesView.userAccessPolicies = [];
accessPoliciesView.groupAccessPolicies = [];
const result = convertToAccessPolicyItemViews(accessPoliciesView);
expect(result).toEqual([]);
});
it("should convert ServiceAccountPeopleAccessPoliciesView to ApItemViewType array", () => {
const accessPoliciesView: ServiceAccountPeopleAccessPoliciesView =
createPeopleAccessPoliciesView();
const result = convertToAccessPolicyItemViews(accessPoliciesView);
expect(result).toEqual([...expectedUserApItemViews, ...expectedGroupApItemViews]);
});
it("should convert empty ServiceAccountPeopleAccessPoliciesView to empty ApItemViewType array", () => {
const accessPoliciesView = new ServiceAccountPeopleAccessPoliciesView();
accessPoliciesView.userAccessPolicies = [];
accessPoliciesView.groupAccessPolicies = [];
const result = convertToAccessPolicyItemViews(accessPoliciesView);
expect(result).toEqual([]);
});
});
describe("convertGrantedPoliciesToAccessPolicyItemViews", () => {
it("should convert ServiceAccountGrantedPoliciesView to ApItemViewType array", () => {
const grantedPoliciesView: ServiceAccountGrantedPoliciesView = createGrantedPoliciesView();
const result = convertGrantedPoliciesToAccessPolicyItemViews(grantedPoliciesView);
expect(result).toEqual(expectedGrantedProjectApItemViews);
});
it("should convert empty ServiceAccountGrantedPoliciesView to empty ApItemViewType array", () => {
const grantedPoliciesView = new ServiceAccountGrantedPoliciesView();
grantedPoliciesView.grantedProjectPolicies = [];
const result = convertGrantedPoliciesToAccessPolicyItemViews(grantedPoliciesView);
expect(result).toEqual([]);
});
});
describe("convertProjectServiceAccountsViewToApItemViews", () => {
it("should convert ProjectServiceAccountsAccessPoliciesView to ApItemViewType array", () => {
const accessPoliciesView = createProjectServiceAccountsAccessPoliciesView();
const result = convertProjectServiceAccountsViewToApItemViews(accessPoliciesView);
expect(result).toEqual([...expectedServiceAccountAccessPolicyViews]);
});
it("should convert empty ProjectPeopleAccessPoliciesView to empty ApItemViewType array", () => {
const accessPoliciesView = new ProjectServiceAccountsAccessPoliciesView();
accessPoliciesView.serviceAccountAccessPolicies = [];
const result = convertProjectServiceAccountsViewToApItemViews(accessPoliciesView);
expect(result).toEqual([]);
});
});
describe("convertSecretAccessPoliciesToApItemViews", () => {
it("should convert SecretAccessPoliciesView to ApItemViewType array", () => {
const accessPoliciesView = createSecretAccessPoliciesView();
const result = convertSecretAccessPoliciesToApItemViews(accessPoliciesView);
expect(result).toEqual([
...expectedUserApItemViews,
...expectedGroupApItemViews,
...expectedServiceAccountAccessPolicyViews,
]);
});
it("should convert empty SecretAccessPoliciesView to empty ApItemViewType array", () => {
const accessPoliciesView = new SecretAccessPoliciesView();
accessPoliciesView.userAccessPolicies = [];
accessPoliciesView.groupAccessPolicies = [];
accessPoliciesView.serviceAccountAccessPolicies = [];
const result = convertSecretAccessPoliciesToApItemViews(accessPoliciesView);
expect(result).toEqual([]);
});
});
function createUserAccessPolicyViews(): UserAccessPolicyView[] {
return [
{
organizationUserId: "1",
organizationUserName: "Example organization user name",
read: true,
write: false,
currentUser: true,
},
{
organizationUserId: "2",
organizationUserName: "Example organization user name",
read: true,
write: true,
currentUser: false,
},
];
}
const expectedUserApItemViews = [
{
type: ApItemEnum.User,
icon: "bwi-user",
id: "1",
labelName: "Example organization user name",
listName: "Example organization user name",
permission: ApPermissionEnum.CanRead,
currentUser: true,
readOnly: false,
},
{
type: ApItemEnum.User,
icon: "bwi-user",
id: "2",
labelName: "Example organization user name",
listName: "Example organization user name",
permission: ApPermissionEnum.CanReadWrite,
currentUser: false,
readOnly: false,
},
];
function createGroupAccessPolicyViews(): GroupAccessPolicyView[] {
return [
{
groupId: "3",
groupName: "Example group name",
currentUserInGroup: true,
read: true,
write: false,
},
{
groupId: "4",
groupName: "Example group name",
currentUserInGroup: false,
read: true,
write: true,
},
];
}
const expectedGroupApItemViews = [
{
type: ApItemEnum.Group,
icon: "bwi-family",
id: "3",
labelName: "Example group name",
listName: "Example group name",
permission: ApPermissionEnum.CanRead,
currentUserInGroup: true,
readOnly: false,
},
{
type: ApItemEnum.Group,
icon: "bwi-family",
id: "4",
labelName: "Example group name",
listName: "Example group name",
permission: ApPermissionEnum.CanReadWrite,
currentUserInGroup: false,
readOnly: false,
},
];
function createServiceAccountAccessPolicyViews(): ServiceAccountAccessPolicyView[] {
return [
{
serviceAccountId: "5",
serviceAccountName: "service account name",
read: true,
write: false,
},
{
serviceAccountId: "6",
serviceAccountName: "service account name",
read: true,
write: true,
},
];
}
const expectedServiceAccountAccessPolicyViews = [
{
type: ApItemEnum.ServiceAccount,
icon: "bwi-wrench",
id: "5",
labelName: "service account name",
listName: "service account name",
permission: ApPermissionEnum.CanRead,
readOnly: false,
},
{
type: ApItemEnum.ServiceAccount,
icon: "bwi-wrench",
id: "6",
labelName: "service account name",
listName: "service account name",
permission: ApPermissionEnum.CanReadWrite,
readOnly: false,
},
];
function createGrantedPoliciesView() {
return {
grantedProjectPolicies: [
{
accessPolicy: {
grantedProjectId: "1",
grantedProjectName: "Example project name",
read: true,
write: false,
},
hasPermission: true,
},
{
accessPolicy: {
grantedProjectId: "2",
grantedProjectName: "project name",
read: true,
write: true,
},
hasPermission: false,
},
],
};
}
const expectedGrantedProjectApItemViews = [
{
type: ApItemEnum.Project,
icon: "bwi-collection",
id: "1",
labelName: "Example project name",
listName: "Example project name",
permission: ApPermissionEnum.CanRead,
readOnly: false,
},
{
type: ApItemEnum.Project,
icon: "bwi-collection",
id: "2",
labelName: "project name",
listName: "project name",
permission: ApPermissionEnum.CanReadWrite,
readOnly: true,
},
];
function createPeopleAccessPoliciesView() {
return {
userAccessPolicies: createUserAccessPolicyViews(),
groupAccessPolicies: createGroupAccessPolicyViews(),
};
}
function createProjectServiceAccountsAccessPoliciesView(): ProjectServiceAccountsAccessPoliciesView {
return {
serviceAccountAccessPolicies: createServiceAccountAccessPolicyViews(),
};
}
function createSecretAccessPoliciesView(): SecretAccessPoliciesView {
return {
userAccessPolicies: createUserAccessPolicyViews(),
groupAccessPolicies: createGroupAccessPolicyViews(),
serviceAccountAccessPolicies: createServiceAccountAccessPolicyViews(),
};
}

118
bitwarden_license/bit-web/src/app/secrets-manager/shared/access-policies/access-policy-selector/models/ap-item-view.type.ts
View File

@ -1,9 +1,15 @@
import { Utils } from "@bitwarden/common/platform/misc/utils"; import { Utils } from "@bitwarden/common/platform/misc/utils";
import { SelectItemView } from "@bitwarden/components"; import { SelectItemView } from "@bitwarden/components";
import {
GroupAccessPolicyView,
ServiceAccountAccessPolicyView,
UserAccessPolicyView,
} from "../../../../models/view/access-policies/access-policy.view";
import { PotentialGranteeView } from "../../../../models/view/access-policies/potential-grantee.view"; import { PotentialGranteeView } from "../../../../models/view/access-policies/potential-grantee.view";
import { ProjectPeopleAccessPoliciesView } from "../../../../models/view/access-policies/project-people-access-policies.view"; import { ProjectPeopleAccessPoliciesView } from "../../../../models/view/access-policies/project-people-access-policies.view";
import { ProjectServiceAccountsAccessPoliciesView } from "../../../../models/view/access-policies/project-service-accounts-access-policies.view"; import { ProjectServiceAccountsAccessPoliciesView } from "../../../../models/view/access-policies/project-service-accounts-access-policies.view";
import { SecretAccessPoliciesView } from "../../../../models/view/access-policies/secret-access-policies.view";
import { ServiceAccountGrantedPoliciesView } from "../../../../models/view/access-policies/service-account-granted-policies.view"; import { ServiceAccountGrantedPoliciesView } from "../../../../models/view/access-policies/service-account-granted-policies.view";
import { ServiceAccountPeopleAccessPoliciesView } from "../../../../models/view/access-policies/service-account-people-access-policies.view"; import { ServiceAccountPeopleAccessPoliciesView } from "../../../../models/view/access-policies/service-account-people-access-policies.view";
@ -11,7 +17,6 @@ import { ApItemEnum, ApItemEnumUtil } from "./enums/ap-item.enum";
import { ApPermissionEnum, ApPermissionEnumUtil } from "./enums/ap-permission.enum"; import { ApPermissionEnum, ApPermissionEnumUtil } from "./enums/ap-permission.enum";
export type ApItemViewType = SelectItemView & { export type ApItemViewType = SelectItemView & {
accessPolicyId?: string;
permission?: ApPermissionEnum; permission?: ApPermissionEnum;
/** /**
* Flag that this item cannot be modified. * Flag that this item cannot be modified.
@ -22,7 +27,6 @@ export type ApItemViewType = SelectItemView & {
} & ( } & (
| { | {
type: ApItemEnum.User; type: ApItemEnum.User;
userId?: string;
currentUser?: boolean; currentUser?: boolean;
} }
| { | {
@ -40,38 +44,10 @@ export type ApItemViewType = SelectItemView & {
export function convertToAccessPolicyItemViews( export function convertToAccessPolicyItemViews(
value: ProjectPeopleAccessPoliciesView | ServiceAccountPeopleAccessPoliciesView, value: ProjectPeopleAccessPoliciesView | ServiceAccountPeopleAccessPoliciesView,
): ApItemViewType[] { ): ApItemViewType[] {
const accessPolicies: ApItemViewType[] = []; return [
...toUserApItemViews(value.userAccessPolicies),
value.userAccessPolicies.forEach((policy) => { ...toGroupApItemViews(value.groupAccessPolicies),
accessPolicies.push({ ];
type: ApItemEnum.User,
icon: ApItemEnumUtil.itemIcon(ApItemEnum.User),
id: policy.organizationUserId,
accessPolicyId: policy.id,
labelName: policy.organizationUserName,
listName: policy.organizationUserName,
permission: ApPermissionEnumUtil.toApPermissionEnum(policy.read, policy.write),
userId: policy.userId,
currentUser: policy.currentUser,
readOnly: false,
});
});
value.groupAccessPolicies.forEach((policy) => {
accessPolicies.push({
type: ApItemEnum.Group,
icon: ApItemEnumUtil.itemIcon(ApItemEnum.Group),
id: policy.groupId,
accessPolicyId: policy.id,
labelName: policy.groupName,
listName: policy.groupName,
permission: ApPermissionEnumUtil.toApPermissionEnum(policy.read, policy.write),
currentUserInGroup: policy.currentUserInGroup,
readOnly: false,
});
});
return accessPolicies;
} }
export function convertGrantedPoliciesToAccessPolicyItemViews( export function convertGrantedPoliciesToAccessPolicyItemViews(
@ -84,7 +60,6 @@ export function convertGrantedPoliciesToAccessPolicyItemViews(
type: ApItemEnum.Project, type: ApItemEnum.Project,
icon: ApItemEnumUtil.itemIcon(ApItemEnum.Project), icon: ApItemEnumUtil.itemIcon(ApItemEnum.Project),
id: detailView.accessPolicy.grantedProjectId, id: detailView.accessPolicy.grantedProjectId,
accessPolicyId: detailView.accessPolicy.id,
labelName: detailView.accessPolicy.grantedProjectName, labelName: detailView.accessPolicy.grantedProjectName,
listName: detailView.accessPolicy.grantedProjectName, listName: detailView.accessPolicy.grantedProjectName,
permission: ApPermissionEnumUtil.toApPermissionEnum( permission: ApPermissionEnumUtil.toApPermissionEnum(
@ -100,24 +75,17 @@ export function convertGrantedPoliciesToAccessPolicyItemViews(
export function convertProjectServiceAccountsViewToApItemViews( export function convertProjectServiceAccountsViewToApItemViews(
value: ProjectServiceAccountsAccessPoliciesView, value: ProjectServiceAccountsAccessPoliciesView,
): ApItemViewType[] { ): ApItemViewType[] {
const accessPolicies: ApItemViewType[] = []; return toServiceAccountsApItemViews(value.serviceAccountAccessPolicies);
}
value.serviceAccountAccessPolicies.forEach((accessPolicyView) => { export function convertSecretAccessPoliciesToApItemViews(
accessPolicies.push({ value: SecretAccessPoliciesView,
type: ApItemEnum.ServiceAccount, ): ApItemViewType[] {
icon: ApItemEnumUtil.itemIcon(ApItemEnum.ServiceAccount), return [
id: accessPolicyView.serviceAccountId, ...toUserApItemViews(value.userAccessPolicies),
accessPolicyId: accessPolicyView.id, ...toGroupApItemViews(value.groupAccessPolicies),
labelName: accessPolicyView.serviceAccountName, ...toServiceAccountsApItemViews(value.serviceAccountAccessPolicies),
listName: accessPolicyView.serviceAccountName, ];
permission: ApPermissionEnumUtil.toApPermissionEnum(
accessPolicyView.read,
accessPolicyView.write,
),
readOnly: false,
});
});
return accessPolicies;
} }
export function convertPotentialGranteesToApItemViewType( export function convertPotentialGranteesToApItemViewType(
@ -166,3 +134,49 @@ export function convertPotentialGranteesToApItemViewType(
}; };
}); });
} }
function toUserApItemViews(policies: UserAccessPolicyView[]): ApItemViewType[] {
return policies.map((policy) => {
return {
type: ApItemEnum.User,
icon: ApItemEnumUtil.itemIcon(ApItemEnum.User),
id: policy.organizationUserId,
labelName: policy.organizationUserName,
listName: policy.organizationUserName,
permission: ApPermissionEnumUtil.toApPermissionEnum(policy.read, policy.write),
currentUser: policy.currentUser,
readOnly: false,
};
});
}
function toGroupApItemViews(policies: GroupAccessPolicyView[]): ApItemViewType[] {
return policies.map((policy) => {
return {
type: ApItemEnum.Group,
icon: ApItemEnumUtil.itemIcon(ApItemEnum.Group),
id: policy.groupId,
labelName: policy.groupName,
listName: policy.groupName,
permission: ApPermissionEnumUtil.toApPermissionEnum(policy.read, policy.write),
currentUserInGroup: policy.currentUserInGroup,
readOnly: false,
};
});
}
function toServiceAccountsApItemViews(
policies: ServiceAccountAccessPolicyView[],
): ApItemViewType[] {
return policies.map((policy) => {
return {
type: ApItemEnum.ServiceAccount,
icon: ApItemEnumUtil.itemIcon(ApItemEnum.ServiceAccount),
id: policy.serviceAccountId,
labelName: policy.serviceAccountName,
listName: policy.serviceAccountName,
permission: ApPermissionEnumUtil.toApPermissionEnum(policy.read, policy.write),
readOnly: false,
};
});
}

285
bitwarden_license/bit-web/src/app/secrets-manager/shared/access-policies/access-policy.service.ts
View File

@ -8,18 +8,18 @@ import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key"; import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
import { import {
UserProjectAccessPolicyView, UserAccessPolicyView,
GroupProjectAccessPolicyView, GroupAccessPolicyView,
UserServiceAccountAccessPolicyView, ServiceAccountAccessPolicyView,
GroupServiceAccountAccessPolicyView, GrantedProjectAccessPolicyView,
ServiceAccountProjectAccessPolicyView,
} from "../../models/view/access-policies/access-policy.view"; } from "../../models/view/access-policies/access-policy.view";
import { PotentialGranteeView } from "../../models/view/access-policies/potential-grantee.view"; import { PotentialGranteeView } from "../../models/view/access-policies/potential-grantee.view";
import { ProjectPeopleAccessPoliciesView } from "../../models/view/access-policies/project-people-access-policies.view"; import { ProjectPeopleAccessPoliciesView } from "../../models/view/access-policies/project-people-access-policies.view";
import { ProjectServiceAccountsAccessPoliciesView } from "../../models/view/access-policies/project-service-accounts-access-policies.view"; import { ProjectServiceAccountsAccessPoliciesView } from "../../models/view/access-policies/project-service-accounts-access-policies.view";
import { SecretAccessPoliciesView } from "../../models/view/access-policies/secret-access-policies.view";
import { import {
ServiceAccountGrantedPoliciesView, ServiceAccountGrantedPoliciesView,
ServiceAccountProjectPolicyPermissionDetailsView, GrantedProjectPolicyPermissionDetailsView,
} from "../../models/view/access-policies/service-account-granted-policies.view"; } from "../../models/view/access-policies/service-account-granted-policies.view";
import { ServiceAccountPeopleAccessPoliciesView } from "../../models/view/access-policies/service-account-people-access-policies.view"; import { ServiceAccountPeopleAccessPoliciesView } from "../../models/view/access-policies/service-account-people-access-policies.view";
import { PeopleAccessPoliciesRequest } from "../../shared/access-policies/models/requests/people-access-policies.request"; import { PeopleAccessPoliciesRequest } from "../../shared/access-policies/models/requests/people-access-policies.request";
@ -28,18 +28,18 @@ import { ServiceAccountGrantedPoliciesRequest } from "../access-policies/models/
import { AccessPolicyRequest } from "./models/requests/access-policy.request"; import { AccessPolicyRequest } from "./models/requests/access-policy.request";
import { ProjectServiceAccountsAccessPoliciesRequest } from "./models/requests/project-service-accounts-access-policies.request"; import { ProjectServiceAccountsAccessPoliciesRequest } from "./models/requests/project-service-accounts-access-policies.request";
import { import {
GroupServiceAccountAccessPolicyResponse, GroupAccessPolicyResponse,
UserServiceAccountAccessPolicyResponse, UserAccessPolicyResponse,
GroupProjectAccessPolicyResponse, ServiceAccountAccessPolicyResponse,
ServiceAccountProjectAccessPolicyResponse, GrantedProjectAccessPolicyResponse,
UserProjectAccessPolicyResponse,
} from "./models/responses/access-policy.response"; } from "./models/responses/access-policy.response";
import { PotentialGranteeResponse } from "./models/responses/potential-grantee.response"; import { PotentialGranteeResponse } from "./models/responses/potential-grantee.response";
import { ProjectPeopleAccessPoliciesResponse } from "./models/responses/project-people-access-policies.response"; import { ProjectPeopleAccessPoliciesResponse } from "./models/responses/project-people-access-policies.response";
import { ProjectServiceAccountsAccessPoliciesResponse } from "./models/responses/project-service-accounts-access-policies.response"; import { ProjectServiceAccountsAccessPoliciesResponse } from "./models/responses/project-service-accounts-access-policies.response";
import { SecretAccessPoliciesResponse } from "./models/responses/secret-access-policies.response";
import { ServiceAccountGrantedPoliciesPermissionDetailsResponse } from "./models/responses/service-account-granted-policies-permission-details.response"; import { ServiceAccountGrantedPoliciesPermissionDetailsResponse } from "./models/responses/service-account-granted-policies-permission-details.response";
import { ServiceAccountPeopleAccessPoliciesResponse } from "./models/responses/service-account-people-access-policies.response"; import { ServiceAccountPeopleAccessPoliciesResponse } from "./models/responses/service-account-people-access-policies.response";
import { ServiceAccountProjectPolicyPermissionDetailsResponse } from "./models/responses/service-account-project-policy-permission-details.response"; import { GrantedProjectAccessPolicyPermissionDetailsResponse } from "./models/responses/service-account-project-policy-permission-details.response";
@Injectable({ @Injectable({
providedIn: "root", providedIn: "root",
@ -63,7 +63,7 @@ export class AccessPolicyService {
); );
const results = new ProjectPeopleAccessPoliciesResponse(r); const results = new ProjectPeopleAccessPoliciesResponse(r);
return this.createProjectPeopleAccessPoliciesView(results); return this.createPeopleAccessPoliciesView(results);
} }
async putProjectPeopleAccessPolicies( async putProjectPeopleAccessPolicies(
@ -79,7 +79,7 @@ export class AccessPolicyService {
true, true,
); );
const results = new ProjectPeopleAccessPoliciesResponse(r); const results = new ProjectPeopleAccessPoliciesResponse(r);
return this.createProjectPeopleAccessPoliciesView(results); return this.createPeopleAccessPoliciesView(results);
} }
async getServiceAccountPeopleAccessPolicies( async getServiceAccountPeopleAccessPolicies(
@ -94,7 +94,7 @@ export class AccessPolicyService {
); );
const results = new ServiceAccountPeopleAccessPoliciesResponse(r); const results = new ServiceAccountPeopleAccessPoliciesResponse(r);
return this.createServiceAccountPeopleAccessPoliciesView(results); return this.createPeopleAccessPoliciesView(results);
} }
async putServiceAccountPeopleAccessPolicies( async putServiceAccountPeopleAccessPolicies(
@ -110,7 +110,7 @@ export class AccessPolicyService {
true, true,
); );
const results = new ServiceAccountPeopleAccessPoliciesResponse(r); const results = new ServiceAccountPeopleAccessPoliciesResponse(r);
return this.createServiceAccountPeopleAccessPoliciesView(results); return this.createPeopleAccessPoliciesView(results);
} }
async getServiceAccountGrantedPolicies( async getServiceAccountGrantedPolicies(
@ -181,6 +181,22 @@ export class AccessPolicyService {
return await this.createProjectServiceAccountsAccessPoliciesView(result, organizationId); return await this.createProjectServiceAccountsAccessPoliciesView(result, organizationId);
} }
async getSecretAccessPolicies(
organizationId: string,
secretId: string,
): Promise<SecretAccessPoliciesView> {
const r = await this.apiService.send(
"GET",
"/secrets/" + secretId + "/access-policies",
null,
true,
true,
);
const result = new SecretAccessPoliciesResponse(r);
return await this.createSecretAccessPoliciesView(result, organizationId);
}
async getPeoplePotentialGrantees(organizationId: string) { async getPeoplePotentialGrantees(organizationId: string) {
const r = await this.apiService.send( const r = await this.apiService.send(
"GET", "GET",
@ -223,12 +239,7 @@ export class AccessPolicyService {
private getAccessPolicyRequest( private getAccessPolicyRequest(
granteeId: string, granteeId: string,
view: view: UserAccessPolicyView | GroupAccessPolicyView | ServiceAccountAccessPolicyView,
| UserProjectAccessPolicyView
| UserServiceAccountAccessPolicyView
| GroupProjectAccessPolicyView
| GroupServiceAccountAccessPolicyView
| ServiceAccountProjectAccessPolicyView,
) { ) {
const request = new AccessPolicyRequest(); const request = new AccessPolicyRequest();
request.granteeId = granteeId; request.granteeId = granteeId;
@ -285,21 +296,79 @@ export class AccessPolicyService {
private createBaseAccessPolicyView( private createBaseAccessPolicyView(
response: response:
| UserProjectAccessPolicyResponse | UserAccessPolicyResponse
| UserServiceAccountAccessPolicyResponse | GroupAccessPolicyResponse
| GroupProjectAccessPolicyResponse | ServiceAccountAccessPolicyResponse
| GroupServiceAccountAccessPolicyResponse | GrantedProjectAccessPolicyResponse,
| ServiceAccountProjectAccessPolicyResponse,
) { ) {
return { return {
id: response.id,
read: response.read, read: response.read,
write: response.write, write: response.write,
creationDate: response.creationDate,
revisionDate: response.revisionDate,
}; };
} }
private async createGrantedProjectAccessPolicyView(
organizationKey: SymmetricCryptoKey,
response: GrantedProjectAccessPolicyResponse,
): Promise<GrantedProjectAccessPolicyView> {
return {
...this.createBaseAccessPolicyView(response),
grantedProjectId: response.grantedProjectId,
grantedProjectName: response.grantedProjectName
? await this.encryptService.decryptToUtf8(
new EncString(response.grantedProjectName),
organizationKey,
)
: null,
};
}
private createUserAccessPolicyViews(
responses: UserAccessPolicyResponse[],
): UserAccessPolicyView[] {
return responses.map((response) => {
return {
...this.createBaseAccessPolicyView(response),
organizationUserId: response.organizationUserId,
organizationUserName: response.organizationUserName,
currentUser: response.currentUser,
};
});
}
private createGroupAccessPolicyViews(
responses: GroupAccessPolicyResponse[],
): GroupAccessPolicyView[] {
return responses.map((response) => {
return {
...this.createBaseAccessPolicyView(response),
groupId: response.groupId,
groupName: response.groupName,
currentUserInGroup: response.currentUserInGroup,
};
});
}
private async createServiceAccountAccessPolicyViews(
orgKey: SymmetricCryptoKey,
responses: ServiceAccountAccessPolicyResponse[],
): Promise<ServiceAccountAccessPolicyView[]> {
return await Promise.all(
responses.map(async (response) => {
return {
...this.createBaseAccessPolicyView(response),
serviceAccountId: response.serviceAccountId,
serviceAccountName: response.serviceAccountName
? await this.encryptService.decryptToUtf8(
new EncString(response.serviceAccountName),
orgKey,
)
: null,
};
}),
);
}
private async createPotentialGranteeViews( private async createPotentialGranteeViews(
organizationId: string, organizationId: string,
results: PotentialGranteeResponse[], results: PotentialGranteeResponse[],
@ -332,137 +401,44 @@ export class AccessPolicyService {
): Promise<ServiceAccountGrantedPoliciesView> { ): Promise<ServiceAccountGrantedPoliciesView> {
const orgKey = await this.getOrganizationKey(organizationId); const orgKey = await this.getOrganizationKey(organizationId);
const view = new ServiceAccountGrantedPoliciesView(); return {
view.grantedProjectPolicies = grantedProjectPolicies: await this.createGrantedProjectPolicyPermissionDetailsViews(
await this.createServiceAccountProjectPolicyPermissionDetailsViews(
orgKey, orgKey,
response.grantedProjectPolicies, response.grantedProjectPolicies,
); ),
return view; };
} }
private async createServiceAccountProjectPolicyPermissionDetailsViews( private async createGrantedProjectPolicyPermissionDetailsViews(
orgKey: SymmetricCryptoKey, orgKey: SymmetricCryptoKey,
responses: ServiceAccountProjectPolicyPermissionDetailsResponse[], responses: GrantedProjectAccessPolicyPermissionDetailsResponse[],
): Promise<ServiceAccountProjectPolicyPermissionDetailsView[]> { ): Promise<GrantedProjectPolicyPermissionDetailsView[]> {
return await Promise.all( return await Promise.all(
responses.map(async (response) => { responses.map(async (response) => {
return await this.createServiceAccountProjectPolicyPermissionDetailsView(orgKey, response); return await this.createGrantedProjectPolicyPermissionDetailsView(orgKey, response);
}), }),
); );
} }
private async createServiceAccountProjectPolicyPermissionDetailsView( private async createGrantedProjectPolicyPermissionDetailsView(
orgKey: SymmetricCryptoKey, orgKey: SymmetricCryptoKey,
response: ServiceAccountProjectPolicyPermissionDetailsResponse, response: GrantedProjectAccessPolicyPermissionDetailsResponse,
): Promise<ServiceAccountProjectPolicyPermissionDetailsView> { ): Promise<GrantedProjectPolicyPermissionDetailsView> {
const view = new ServiceAccountProjectPolicyPermissionDetailsView(); const view = new GrantedProjectPolicyPermissionDetailsView();
view.hasPermission = response.hasPermission; view.hasPermission = response.hasPermission;
view.accessPolicy = await this.createServiceAccountProjectAccessPolicyView( view.accessPolicy = await this.createGrantedProjectAccessPolicyView(
orgKey, orgKey,
response.accessPolicy, response.accessPolicy,
); );
return view; return view;
} }
private createProjectPeopleAccessPoliciesView( private createPeopleAccessPoliciesView(
peopleAccessPoliciesResponse: ProjectPeopleAccessPoliciesResponse, response: ProjectPeopleAccessPoliciesResponse | ServiceAccountPeopleAccessPoliciesResponse,
): ProjectPeopleAccessPoliciesView { ) {
const view = new ProjectPeopleAccessPoliciesView();
view.userAccessPolicies = peopleAccessPoliciesResponse.userAccessPolicies.map((ap) => {
return this.createUserProjectAccessPolicyView(ap);
});
view.groupAccessPolicies = peopleAccessPoliciesResponse.groupAccessPolicies.map((ap) => {
return this.createGroupProjectAccessPolicyView(ap);
});
return view;
}
private createServiceAccountPeopleAccessPoliciesView(
response: ServiceAccountPeopleAccessPoliciesResponse,
): ServiceAccountPeopleAccessPoliciesView {
const view = new ServiceAccountPeopleAccessPoliciesView();
view.userAccessPolicies = response.userAccessPolicies.map((ap) => {
return this.createUserServiceAccountAccessPolicyView(ap);
});
view.groupAccessPolicies = response.groupAccessPolicies.map((ap) => {
return this.createGroupServiceAccountAccessPolicyView(ap);
});
return view;
}
private createUserProjectAccessPolicyView(
response: UserProjectAccessPolicyResponse,
): UserProjectAccessPolicyView {
return { return {
...this.createBaseAccessPolicyView(response), userAccessPolicies: this.createUserAccessPolicyViews(response.userAccessPolicies),
grantedProjectId: response.grantedProjectId, groupAccessPolicies: this.createGroupAccessPolicyViews(response.groupAccessPolicies),
organizationUserId: response.organizationUserId,
organizationUserName: response.organizationUserName,
userId: response.userId,
currentUser: response.currentUser,
};
}
private createGroupProjectAccessPolicyView(
response: GroupProjectAccessPolicyResponse,
): GroupProjectAccessPolicyView {
return {
...this.createBaseAccessPolicyView(response),
grantedProjectId: response.grantedProjectId,
groupId: response.groupId,
groupName: response.groupName,
currentUserInGroup: response.currentUserInGroup,
};
}
private async createServiceAccountProjectAccessPolicyView(
organizationKey: SymmetricCryptoKey,
response: ServiceAccountProjectAccessPolicyResponse,
): Promise<ServiceAccountProjectAccessPolicyView> {
return {
...this.createBaseAccessPolicyView(response),
grantedProjectId: response.grantedProjectId,
serviceAccountId: response.serviceAccountId,
grantedProjectName: response.grantedProjectName
? await this.encryptService.decryptToUtf8(
new EncString(response.grantedProjectName),
organizationKey,
)
: null,
serviceAccountName: response.serviceAccountName
? await this.encryptService.decryptToUtf8(
new EncString(response.serviceAccountName),
organizationKey,
)
: null,
};
}
private createUserServiceAccountAccessPolicyView(
response: UserServiceAccountAccessPolicyResponse,
): UserServiceAccountAccessPolicyView {
return {
...this.createBaseAccessPolicyView(response),
grantedServiceAccountId: response.grantedServiceAccountId,
organizationUserId: response.organizationUserId,
organizationUserName: response.organizationUserName,
userId: response.userId,
currentUser: response.currentUser,
};
}
private createGroupServiceAccountAccessPolicyView(
response: GroupServiceAccountAccessPolicyResponse,
): GroupServiceAccountAccessPolicyView {
return {
...this.createBaseAccessPolicyView(response),
grantedServiceAccountId: response.grantedServiceAccountId,
groupId: response.groupId,
groupName: response.groupName,
currentUserInGroup: response.currentUserInGroup,
}; };
} }
@ -471,13 +447,26 @@ export class AccessPolicyService {
organizationId: string, organizationId: string,
): Promise<ProjectServiceAccountsAccessPoliciesView> { ): Promise<ProjectServiceAccountsAccessPoliciesView> {
const orgKey = await this.getOrganizationKey(organizationId); const orgKey = await this.getOrganizationKey(organizationId);
return {
serviceAccountAccessPolicies: await this.createServiceAccountAccessPolicyViews(
orgKey,
response.serviceAccountAccessPolicies,
),
};
}
const view = new ProjectServiceAccountsAccessPoliciesView(); private async createSecretAccessPoliciesView(
view.serviceAccountAccessPolicies = await Promise.all( response: SecretAccessPoliciesResponse,
response.serviceAccountAccessPolicies.map(async (ap) => { organizationId: string,
return await this.createServiceAccountProjectAccessPolicyView(orgKey, ap); ): Promise<SecretAccessPoliciesView> {
}), const orgKey = await this.getOrganizationKey(organizationId);
); return {
return view; userAccessPolicies: this.createUserAccessPolicyViews(response.userAccessPolicies),
groupAccessPolicies: this.createGroupAccessPolicyViews(response.groupAccessPolicies),
serviceAccountAccessPolicies: await this.createServiceAccountAccessPolicyViews(
orgKey,
response.serviceAccountAccessPolicies,
),
};
} }
} }

63
bitwarden_license/bit-web/src/app/secrets-manager/shared/access-policies/models/responses/access-policy.response.ts
View File

@ -1,96 +1,59 @@
import { BaseResponse } from "@bitwarden/common/models/response/base.response"; import { BaseResponse } from "@bitwarden/common/models/response/base.response";
export class BaseAccessPolicyResponse extends BaseResponse { class BaseAccessPolicyResponse extends BaseResponse {
id: string;
read: boolean; read: boolean;
write: boolean; write: boolean;
creationDate: string;
revisionDate: string;
constructor(response: any) { constructor(response: any) {
super(response); super(response);
this.id = this.getResponseProperty("Id");
this.read = this.getResponseProperty("Read"); this.read = this.getResponseProperty("Read");
this.write = this.getResponseProperty("Write"); this.write = this.getResponseProperty("Write");
this.creationDate = this.getResponseProperty("CreationDate");
this.revisionDate = this.getResponseProperty("RevisionDate");
} }
} }
export class UserProjectAccessPolicyResponse extends BaseAccessPolicyResponse { export class UserAccessPolicyResponse extends BaseAccessPolicyResponse {
organizationUserId: string; organizationUserId: string;
organizationUserName: string; organizationUserName: string;
grantedProjectId: string;
userId: string;
currentUser: boolean; currentUser: boolean;
constructor(response: any) { constructor(response: any) {
super(response); super(response);
this.organizationUserId = this.getResponseProperty("OrganizationUserId"); this.organizationUserId = this.getResponseProperty("OrganizationUserId");
this.organizationUserName = this.getResponseProperty("OrganizationUserName"); this.organizationUserName = this.getResponseProperty("OrganizationUserName");
this.grantedProjectId = this.getResponseProperty("GrantedProjectId");
this.userId = this.getResponseProperty("UserId");
this.currentUser = this.getResponseProperty("CurrentUser"); this.currentUser = this.getResponseProperty("CurrentUser");
} }
} }
export class UserServiceAccountAccessPolicyResponse extends BaseAccessPolicyResponse { export class GroupAccessPolicyResponse extends BaseAccessPolicyResponse {
organizationUserId: string;
organizationUserName: string;
grantedServiceAccountId: string;
userId: string;
currentUser: boolean;
constructor(response: any) {
super(response);
this.organizationUserId = this.getResponseProperty("OrganizationUserId");
this.organizationUserName = this.getResponseProperty("OrganizationUserName");
this.grantedServiceAccountId = this.getResponseProperty("GrantedServiceAccountId");
this.userId = this.getResponseProperty("UserId");
this.currentUser = this.getResponseProperty("CurrentUser");
}
}
export class GroupProjectAccessPolicyResponse extends BaseAccessPolicyResponse {
groupId: string; groupId: string;
groupName: string; groupName: string;
grantedProjectId: string;
currentUserInGroup: boolean; currentUserInGroup: boolean;
constructor(response: any) { constructor(response: any) {
super(response); super(response);
this.groupId = this.getResponseProperty("GroupId"); this.groupId = this.getResponseProperty("GroupId");
this.groupName = this.getResponseProperty("GroupName"); this.groupName = this.getResponseProperty("GroupName");
this.grantedProjectId = this.getResponseProperty("GrantedProjectId");
this.currentUserInGroup = this.getResponseProperty("CurrentUserInGroup"); this.currentUserInGroup = this.getResponseProperty("CurrentUserInGroup");
} }
} }
export class GroupServiceAccountAccessPolicyResponse extends BaseAccessPolicyResponse { export class ServiceAccountAccessPolicyResponse extends BaseAccessPolicyResponse {
groupId: string;
groupName: string;
grantedServiceAccountId: string;
currentUserInGroup: boolean;
constructor(response: any) {
super(response);
this.groupId = this.getResponseProperty("GroupId");
this.groupName = this.getResponseProperty("GroupName");
this.grantedServiceAccountId = this.getResponseProperty("GrantedServiceAccountId");
this.currentUserInGroup = this.getResponseProperty("CurrentUserInGroup");
}
}
export class ServiceAccountProjectAccessPolicyResponse extends BaseAccessPolicyResponse {
serviceAccountId: string; serviceAccountId: string;
serviceAccountName: string; serviceAccountName: string;
grantedProjectId: string;
grantedProjectName: string;
constructor(response: any) { constructor(response: any) {
super(response); super(response);
this.serviceAccountId = this.getResponseProperty("ServiceAccountId"); this.serviceAccountId = this.getResponseProperty("ServiceAccountId");
this.serviceAccountName = this.getResponseProperty("ServiceAccountName"); this.serviceAccountName = this.getResponseProperty("ServiceAccountName");
}
}
export class GrantedProjectAccessPolicyResponse extends BaseAccessPolicyResponse {
grantedProjectId: string;
grantedProjectName: string;
constructor(response: any) {
super(response);
this.grantedProjectId = this.getResponseProperty("GrantedProjectId"); this.grantedProjectId = this.getResponseProperty("GrantedProjectId");
this.grantedProjectName = this.getResponseProperty("GrantedProjectName"); this.grantedProjectName = this.getResponseProperty("GrantedProjectName");
} }

15
bitwarden_license/bit-web/src/app/secrets-manager/shared/access-policies/models/responses/project-people-access-policies.response.ts
View File

@ -1,23 +1,18 @@
import { BaseResponse } from "@bitwarden/common/models/response/base.response"; import { BaseResponse } from "@bitwarden/common/models/response/base.response";
import { import { GroupAccessPolicyResponse, UserAccessPolicyResponse } from "./access-policy.response";
GroupProjectAccessPolicyResponse,
UserProjectAccessPolicyResponse,
} from "./access-policy.response";
export class ProjectPeopleAccessPoliciesResponse extends BaseResponse { export class ProjectPeopleAccessPoliciesResponse extends BaseResponse {
userAccessPolicies: UserProjectAccessPolicyResponse[]; userAccessPolicies: UserAccessPolicyResponse[];
groupAccessPolicies: GroupProjectAccessPolicyResponse[]; groupAccessPolicies: GroupAccessPolicyResponse[];
constructor(response: any) { constructor(response: any) {
super(response); super(response);
const userAccessPolicies = this.getResponseProperty("UserAccessPolicies"); const userAccessPolicies = this.getResponseProperty("UserAccessPolicies");
this.userAccessPolicies = userAccessPolicies.map( this.userAccessPolicies = userAccessPolicies.map((k: any) => new UserAccessPolicyResponse(k));
(k: any) => new UserProjectAccessPolicyResponse(k),
);
const groupAccessPolicies = this.getResponseProperty("GroupAccessPolicies"); const groupAccessPolicies = this.getResponseProperty("GroupAccessPolicies");
this.groupAccessPolicies = groupAccessPolicies.map( this.groupAccessPolicies = groupAccessPolicies.map(
(k: any) => new GroupProjectAccessPolicyResponse(k), (k: any) => new GroupAccessPolicyResponse(k),
); );
} }
} }

6
bitwarden_license/bit-web/src/app/secrets-manager/shared/access-policies/models/responses/project-service-accounts-access-policies.response.ts
View File

@ -1,15 +1,15 @@
import { BaseResponse } from "@bitwarden/common/models/response/base.response"; import { BaseResponse } from "@bitwarden/common/models/response/base.response";
import { ServiceAccountProjectAccessPolicyResponse } from "./access-policy.response"; import { ServiceAccountAccessPolicyResponse } from "./access-policy.response";
export class ProjectServiceAccountsAccessPoliciesResponse extends BaseResponse { export class ProjectServiceAccountsAccessPoliciesResponse extends BaseResponse {
serviceAccountAccessPolicies: ServiceAccountProjectAccessPolicyResponse[]; serviceAccountAccessPolicies: ServiceAccountAccessPolicyResponse[];
constructor(response: any) { constructor(response: any) {
super(response); super(response);
const serviceAccountAccessPolicies = this.getResponseProperty("ServiceAccountAccessPolicies"); const serviceAccountAccessPolicies = this.getResponseProperty("ServiceAccountAccessPolicies");
this.serviceAccountAccessPolicies = serviceAccountAccessPolicies.map( this.serviceAccountAccessPolicies = serviceAccountAccessPolicies.map(
(k: any) => new ServiceAccountProjectAccessPolicyResponse(k), (k: any) => new ServiceAccountAccessPolicyResponse(k),
); );
} }
} }

27
bitwarden_license/bit-web/src/app/secrets-manager/shared/access-policies/models/responses/secret-access-policies.response.ts Normal file
View File

@ -0,0 +1,27 @@
import { BaseResponse } from "@bitwarden/common/models/response/base.response";
import {
GroupAccessPolicyResponse,
UserAccessPolicyResponse,
ServiceAccountAccessPolicyResponse,
} from "./access-policy.response";
export class SecretAccessPoliciesResponse extends BaseResponse {
userAccessPolicies: UserAccessPolicyResponse[];
groupAccessPolicies: GroupAccessPolicyResponse[];
serviceAccountAccessPolicies: ServiceAccountAccessPolicyResponse[];
constructor(response: any) {
super(response);
const userAccessPolicies = this.getResponseProperty("UserAccessPolicies");
this.userAccessPolicies = userAccessPolicies.map((k: any) => new UserAccessPolicyResponse(k));
const groupAccessPolicies = this.getResponseProperty("GroupAccessPolicies");
this.groupAccessPolicies = groupAccessPolicies.map(
(k: any) => new GroupAccessPolicyResponse(k),
);
const serviceAccountAccessPolicies = this.getResponseProperty("ServiceAccountAccessPolicies");
this.serviceAccountAccessPolicies = serviceAccountAccessPolicies.map(
(k: any) => new ServiceAccountAccessPolicyResponse(k),
);
}
}

6
bitwarden_license/bit-web/src/app/secrets-manager/shared/access-policies/models/responses/service-account-granted-policies-permission-details.response.ts
View File

@ -1,15 +1,15 @@
import { BaseResponse } from "@bitwarden/common/models/response/base.response"; import { BaseResponse } from "@bitwarden/common/models/response/base.response";
import { ServiceAccountProjectPolicyPermissionDetailsResponse } from "./service-account-project-policy-permission-details.response"; import { GrantedProjectAccessPolicyPermissionDetailsResponse } from "./service-account-project-policy-permission-details.response";
export class ServiceAccountGrantedPoliciesPermissionDetailsResponse extends BaseResponse { export class ServiceAccountGrantedPoliciesPermissionDetailsResponse extends BaseResponse {
grantedProjectPolicies: ServiceAccountProjectPolicyPermissionDetailsResponse[]; grantedProjectPolicies: GrantedProjectAccessPolicyPermissionDetailsResponse[];
constructor(response: any) { constructor(response: any) {
super(response); super(response);
const grantedProjectPolicies = this.getResponseProperty("GrantedProjectPolicies"); const grantedProjectPolicies = this.getResponseProperty("GrantedProjectPolicies");
this.grantedProjectPolicies = grantedProjectPolicies.map( this.grantedProjectPolicies = grantedProjectPolicies.map(
(k: any) => new ServiceAccountProjectPolicyPermissionDetailsResponse(k), (k: any) => new GrantedProjectAccessPolicyPermissionDetailsResponse(k),
); );
} }
} }

15
bitwarden_license/bit-web/src/app/secrets-manager/shared/access-policies/models/responses/service-account-people-access-policies.response.ts
View File

@ -1,23 +1,18 @@
import { BaseResponse } from "@bitwarden/common/models/response/base.response"; import { BaseResponse } from "@bitwarden/common/models/response/base.response";
import { import { GroupAccessPolicyResponse, UserAccessPolicyResponse } from "./access-policy.response";
GroupServiceAccountAccessPolicyResponse,
UserServiceAccountAccessPolicyResponse,
} from "./access-policy.response";
export class ServiceAccountPeopleAccessPoliciesResponse extends BaseResponse { export class ServiceAccountPeopleAccessPoliciesResponse extends BaseResponse {
userAccessPolicies: UserServiceAccountAccessPolicyResponse[]; userAccessPolicies: UserAccessPolicyResponse[];
groupAccessPolicies: GroupServiceAccountAccessPolicyResponse[]; groupAccessPolicies: GroupAccessPolicyResponse[];
constructor(response: any) { constructor(response: any) {
super(response); super(response);
const userAccessPolicies = this.getResponseProperty("UserAccessPolicies"); const userAccessPolicies = this.getResponseProperty("UserAccessPolicies");
this.userAccessPolicies = userAccessPolicies.map( this.userAccessPolicies = userAccessPolicies.map((k: any) => new UserAccessPolicyResponse(k));
(k: any) => new UserServiceAccountAccessPolicyResponse(k),
);
const groupAccessPolicies = this.getResponseProperty("GroupAccessPolicies"); const groupAccessPolicies = this.getResponseProperty("GroupAccessPolicies");
this.groupAccessPolicies = groupAccessPolicies.map( this.groupAccessPolicies = groupAccessPolicies.map(
(k: any) => new GroupServiceAccountAccessPolicyResponse(k), (k: any) => new GroupAccessPolicyResponse(k),
); );
} }
} }

6
bitwarden_license/bit-web/src/app/secrets-manager/shared/access-policies/models/responses/service-account-project-policy-permission-details.response.ts
View File

@ -1,9 +1,9 @@
import { BaseResponse } from "@bitwarden/common/models/response/base.response"; import { BaseResponse } from "@bitwarden/common/models/response/base.response";
import { ServiceAccountProjectAccessPolicyResponse } from "./access-policy.response"; import { GrantedProjectAccessPolicyResponse } from "./access-policy.response";
export class ServiceAccountProjectPolicyPermissionDetailsResponse extends BaseResponse { export class GrantedProjectAccessPolicyPermissionDetailsResponse extends BaseResponse {
accessPolicy: ServiceAccountProjectAccessPolicyResponse; accessPolicy: GrantedProjectAccessPolicyResponse;
hasPermission: boolean; hasPermission: boolean;
constructor(response: any) { constructor(response: any) {