[PM-11200] Move delete item permission to Can Manage (#10890)

* Refactored the showDelete function to check if a user can manage a collection Removed the can edit or manage cipher check from the show delete function * Add check for AC vault to return true when user has admin access * Check user is an admin or custom user with editAnyCollection * Check user is an admin or custom user with editAnyCollection
2024-09-23 03:22:50 +02:00 · 2024-09-10 14:15:01 -04:00 · 2024-09-10 14:15:01 -04:00 · 8921230b4f
commit 8921230b4f
parent 744a48183b
5 changed files with 38 additions and 9 deletions
--- a/apps/web/src/app/vault/components/vault-items/vault-cipher-row.component.html
+++ b/apps/web/src/app/vault/components/vault-items/vault-cipher-row.component.html
@ -157,7 +157,7 @@
    </button>
    <button
      bitMenuItem
-      *ngIf="canEditCipher || !vaultBulkManagementActionEnabled"
+      *ngIf="canManageCollection || !vaultBulkManagementActionEnabled"
      (click)="deleteCipher()"
      type="button"
    >
--- a/apps/web/src/app/vault/components/vault-items/vault-cipher-row.component.ts
+++ b/apps/web/src/app/vault/components/vault-items/vault-cipher-row.component.ts
@ -36,6 +36,7 @@ export class VaultCipherRowComponent implements OnInit {
  @Input() viewingOrgVault: boolean;
  @Input() canEditCipher: boolean;
  @Input() vaultBulkManagementActionEnabled: boolean;
+  @Input() canManageCollection: boolean;

  @Output() onEvent = new EventEmitter<VaultItemEvent>();

--- a/apps/web/src/app/vault/components/vault-items/vault-items.component.html
+++ b/apps/web/src/app/vault/components/vault-items/vault-items.component.html
@ -133,6 +133,9 @@
          [collections]="allCollections"
          [checked]="selection.isSelected(item)"
          [canEditCipher]="canEditCipher(item.cipher) && vaultBulkManagementActionEnabled"
+          [canManageCollection]="
+            canManageCollection(item.cipher) && vaultBulkManagementActionEnabled
+          "
          [vaultBulkManagementActionEnabled]="vaultBulkManagementActionEnabled"
          (checkedToggled)="selection.toggle(item)"
          (onEvent)="event($event)"
--- a/apps/web/src/app/vault/components/vault-items/vault-items.component.ts
+++ b/apps/web/src/app/vault/components/vault-items/vault-items.component.ts
@ -48,6 +48,7 @@ export class VaultItemsComponent {
  @Input() addAccessToggle: boolean;
  @Input() restrictProviderAccess: boolean;
  @Input() vaultBulkManagementActionEnabled = false;
+  @Input() activeCollection: CollectionView | undefined;

  private _ciphers?: CipherView[] = [];
  @Input() get ciphers(): CipherView[] {
@ -218,6 +219,33 @@ export class VaultItemsComponent {
    );
  }

+  protected canManageCollection(cipher: CipherView) {
+    if (cipher.organizationId == null) {
+      return true;
+    }
+
+    // Check for admin access in AC vault
+    if (this.showAdminActions) {
+      const organization = this.allOrganizations.find((o) => o.id === cipher.organizationId);
+
+      if (organization?.permissions.editAnyCollection) {
+        return true;
+      }
+
+      if (organization?.allowAdminAccessToAllCollectionItems && organization.isAdmin) {
+        return true;
+      }
+    }
+
+    if (this.activeCollection) {
+      return this.activeCollection.manage;
+    }
+
+    return this.allCollections
+      .filter((c) => cipher.collectionIds.includes(c.id))
+      .some((collection) => collection.manage);
+  }
+
  private refreshItems() {
    const collections: VaultItem[] = this.collections.map((collection) => ({ collection }));
    const ciphers: VaultItem[] = this.ciphers.map((cipher) => ({ cipher }));
@ -294,20 +322,16 @@ export class VaultItemsComponent {

    const hasPersonalItems = this.hasPersonalItems();
    const uniqueCipherOrgIds = this.getUniqueOrganizationIds();
-    const organizations = Array.from(uniqueCipherOrgIds, (orgId) =>
-      this.allOrganizations.find((o) => o.id === orgId),
-    );

-    const canEditOrManageAllCiphers =
-      organizations.length > 0 &&
-      organizations.every((org) => org?.canEditAllCiphers(this.restrictProviderAccess));
+    const canManageCollectionCiphers = this.selection.selected
+      .filter((item) => item.cipher)
+      .every(({ cipher }) => this.canManageCollection(cipher));

    const canDeleteCollections = this.selection.selected
      .filter((item) => item.collection)
      .every((item) => item.collection && this.canDeleteCollection(item.collection));

-    const userCanDeleteAccess =
-      (canEditOrManageAllCiphers || this.allCiphersHaveEditAccess()) && canDeleteCollections;
+    const userCanDeleteAccess = canManageCollectionCiphers && canDeleteCollections;

    if (
      userCanDeleteAccess ||
--- a/apps/web/src/app/vault/individual-vault/vault.component.html
+++ b/apps/web/src/app/vault/individual-vault/vault.component.html
@ -57,6 +57,7 @@
      [showBulkAddToCollections]="vaultBulkManagementActionEnabled$ | async"
      (onEvent)="onVaultItemsEvent($event)"
      [vaultBulkManagementActionEnabled]="vaultBulkManagementActionEnabled$ | async"
+      [activeCollection]="selectedCollection?.node"
    >
    </app-vault-items>
    <div