1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-11 10:10:25 +01:00

[PM-11200] Move delete item permission to Can Manage (#10890)

* Refactored the showDelete function to check if a user can manage a collection

Removed the can edit or manage cipher check from the show delete function

* Add check for AC vault to return true when user has admin access

* Check user is an admin or custom user with editAnyCollection

* Check user is an admin or custom user with editAnyCollection
This commit is contained in:
SmithThe4th 2024-09-10 14:15:01 -04:00 committed by GitHub
parent 744a48183b
commit 8921230b4f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 38 additions and 9 deletions

View File

@ -157,7 +157,7 @@
</button> </button>
<button <button
bitMenuItem bitMenuItem
*ngIf="canEditCipher || !vaultBulkManagementActionEnabled" *ngIf="canManageCollection || !vaultBulkManagementActionEnabled"
(click)="deleteCipher()" (click)="deleteCipher()"
type="button" type="button"
> >

View File

@ -36,6 +36,7 @@ export class VaultCipherRowComponent implements OnInit {
@Input() viewingOrgVault: boolean; @Input() viewingOrgVault: boolean;
@Input() canEditCipher: boolean; @Input() canEditCipher: boolean;
@Input() vaultBulkManagementActionEnabled: boolean; @Input() vaultBulkManagementActionEnabled: boolean;
@Input() canManageCollection: boolean;
@Output() onEvent = new EventEmitter<VaultItemEvent>(); @Output() onEvent = new EventEmitter<VaultItemEvent>();

View File

@ -133,6 +133,9 @@
[collections]="allCollections" [collections]="allCollections"
[checked]="selection.isSelected(item)" [checked]="selection.isSelected(item)"
[canEditCipher]="canEditCipher(item.cipher) && vaultBulkManagementActionEnabled" [canEditCipher]="canEditCipher(item.cipher) && vaultBulkManagementActionEnabled"
[canManageCollection]="
canManageCollection(item.cipher) && vaultBulkManagementActionEnabled
"
[vaultBulkManagementActionEnabled]="vaultBulkManagementActionEnabled" [vaultBulkManagementActionEnabled]="vaultBulkManagementActionEnabled"
(checkedToggled)="selection.toggle(item)" (checkedToggled)="selection.toggle(item)"
(onEvent)="event($event)" (onEvent)="event($event)"

View File

@ -48,6 +48,7 @@ export class VaultItemsComponent {
@Input() addAccessToggle: boolean; @Input() addAccessToggle: boolean;
@Input() restrictProviderAccess: boolean; @Input() restrictProviderAccess: boolean;
@Input() vaultBulkManagementActionEnabled = false; @Input() vaultBulkManagementActionEnabled = false;
@Input() activeCollection: CollectionView | undefined;
private _ciphers?: CipherView[] = []; private _ciphers?: CipherView[] = [];
@Input() get ciphers(): CipherView[] { @Input() get ciphers(): CipherView[] {
@ -218,6 +219,33 @@ export class VaultItemsComponent {
); );
} }
protected canManageCollection(cipher: CipherView) {
if (cipher.organizationId == null) {
return true;
}
// Check for admin access in AC vault
if (this.showAdminActions) {
const organization = this.allOrganizations.find((o) => o.id === cipher.organizationId);
if (organization?.permissions.editAnyCollection) {
return true;
}
if (organization?.allowAdminAccessToAllCollectionItems && organization.isAdmin) {
return true;
}
}
if (this.activeCollection) {
return this.activeCollection.manage;
}
return this.allCollections
.filter((c) => cipher.collectionIds.includes(c.id))
.some((collection) => collection.manage);
}
private refreshItems() { private refreshItems() {
const collections: VaultItem[] = this.collections.map((collection) => ({ collection })); const collections: VaultItem[] = this.collections.map((collection) => ({ collection }));
const ciphers: VaultItem[] = this.ciphers.map((cipher) => ({ cipher })); const ciphers: VaultItem[] = this.ciphers.map((cipher) => ({ cipher }));
@ -294,20 +322,16 @@ export class VaultItemsComponent {
const hasPersonalItems = this.hasPersonalItems(); const hasPersonalItems = this.hasPersonalItems();
const uniqueCipherOrgIds = this.getUniqueOrganizationIds(); const uniqueCipherOrgIds = this.getUniqueOrganizationIds();
const organizations = Array.from(uniqueCipherOrgIds, (orgId) =>
this.allOrganizations.find((o) => o.id === orgId),
);
const canEditOrManageAllCiphers = const canManageCollectionCiphers = this.selection.selected
organizations.length > 0 && .filter((item) => item.cipher)
organizations.every((org) => org?.canEditAllCiphers(this.restrictProviderAccess)); .every(({ cipher }) => this.canManageCollection(cipher));
const canDeleteCollections = this.selection.selected const canDeleteCollections = this.selection.selected
.filter((item) => item.collection) .filter((item) => item.collection)
.every((item) => item.collection && this.canDeleteCollection(item.collection)); .every((item) => item.collection && this.canDeleteCollection(item.collection));
const userCanDeleteAccess = const userCanDeleteAccess = canManageCollectionCiphers && canDeleteCollections;
(canEditOrManageAllCiphers || this.allCiphersHaveEditAccess()) && canDeleteCollections;
if ( if (
userCanDeleteAccess || userCanDeleteAccess ||

View File

@ -57,6 +57,7 @@
[showBulkAddToCollections]="vaultBulkManagementActionEnabled$ | async" [showBulkAddToCollections]="vaultBulkManagementActionEnabled$ | async"
(onEvent)="onVaultItemsEvent($event)" (onEvent)="onVaultItemsEvent($event)"
[vaultBulkManagementActionEnabled]="vaultBulkManagementActionEnabled$ | async" [vaultBulkManagementActionEnabled]="vaultBulkManagementActionEnabled$ | async"
[activeCollection]="selectedCollection?.node"
> >
</app-vault-items> </app-vault-items>
<div <div