1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-25 12:15:18 +01:00

[PM-11200] Move delete item permission to Can Manage (#10890)

* Refactored the showDelete function to check if a user can manage a collection

Removed the can edit or manage cipher check from the show delete function

* Add check for AC vault to return true when user has admin access

* Check user is an admin or custom user with editAnyCollection

* Check user is an admin or custom user with editAnyCollection
This commit is contained in:
SmithThe4th 2024-09-10 14:15:01 -04:00 committed by GitHub
parent 744a48183b
commit 8921230b4f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 38 additions and 9 deletions

View File

@ -157,7 +157,7 @@
</button>
<button
bitMenuItem
*ngIf="canEditCipher || !vaultBulkManagementActionEnabled"
*ngIf="canManageCollection || !vaultBulkManagementActionEnabled"
(click)="deleteCipher()"
type="button"
>

View File

@ -36,6 +36,7 @@ export class VaultCipherRowComponent implements OnInit {
@Input() viewingOrgVault: boolean;
@Input() canEditCipher: boolean;
@Input() vaultBulkManagementActionEnabled: boolean;
@Input() canManageCollection: boolean;
@Output() onEvent = new EventEmitter<VaultItemEvent>();

View File

@ -133,6 +133,9 @@
[collections]="allCollections"
[checked]="selection.isSelected(item)"
[canEditCipher]="canEditCipher(item.cipher) && vaultBulkManagementActionEnabled"
[canManageCollection]="
canManageCollection(item.cipher) && vaultBulkManagementActionEnabled
"
[vaultBulkManagementActionEnabled]="vaultBulkManagementActionEnabled"
(checkedToggled)="selection.toggle(item)"
(onEvent)="event($event)"

View File

@ -48,6 +48,7 @@ export class VaultItemsComponent {
@Input() addAccessToggle: boolean;
@Input() restrictProviderAccess: boolean;
@Input() vaultBulkManagementActionEnabled = false;
@Input() activeCollection: CollectionView | undefined;
private _ciphers?: CipherView[] = [];
@Input() get ciphers(): CipherView[] {
@ -218,6 +219,33 @@ export class VaultItemsComponent {
);
}
protected canManageCollection(cipher: CipherView) {
if (cipher.organizationId == null) {
return true;
}
// Check for admin access in AC vault
if (this.showAdminActions) {
const organization = this.allOrganizations.find((o) => o.id === cipher.organizationId);
if (organization?.permissions.editAnyCollection) {
return true;
}
if (organization?.allowAdminAccessToAllCollectionItems && organization.isAdmin) {
return true;
}
}
if (this.activeCollection) {
return this.activeCollection.manage;
}
return this.allCollections
.filter((c) => cipher.collectionIds.includes(c.id))
.some((collection) => collection.manage);
}
private refreshItems() {
const collections: VaultItem[] = this.collections.map((collection) => ({ collection }));
const ciphers: VaultItem[] = this.ciphers.map((cipher) => ({ cipher }));
@ -294,20 +322,16 @@ export class VaultItemsComponent {
const hasPersonalItems = this.hasPersonalItems();
const uniqueCipherOrgIds = this.getUniqueOrganizationIds();
const organizations = Array.from(uniqueCipherOrgIds, (orgId) =>
this.allOrganizations.find((o) => o.id === orgId),
);
const canEditOrManageAllCiphers =
organizations.length > 0 &&
organizations.every((org) => org?.canEditAllCiphers(this.restrictProviderAccess));
const canManageCollectionCiphers = this.selection.selected
.filter((item) => item.cipher)
.every(({ cipher }) => this.canManageCollection(cipher));
const canDeleteCollections = this.selection.selected
.filter((item) => item.collection)
.every((item) => item.collection && this.canDeleteCollection(item.collection));
const userCanDeleteAccess =
(canEditOrManageAllCiphers || this.allCiphersHaveEditAccess()) && canDeleteCollections;
const userCanDeleteAccess = canManageCollectionCiphers && canDeleteCollections;
if (
userCanDeleteAccess ||

View File

@ -57,6 +57,7 @@
[showBulkAddToCollections]="vaultBulkManagementActionEnabled$ | async"
(onEvent)="onVaultItemsEvent($event)"
[vaultBulkManagementActionEnabled]="vaultBulkManagementActionEnabled$ | async"
[activeCollection]="selectedCollection?.node"
>
</app-vault-items>
<div