mirror of
https://github.com/bitwarden/browser.git
synced 2024-11-25 12:15:18 +01:00
[PM-11200] Move delete item permission to Can Manage (#10890)
* Refactored the showDelete function to check if a user can manage a collection Removed the can edit or manage cipher check from the show delete function * Add check for AC vault to return true when user has admin access * Check user is an admin or custom user with editAnyCollection * Check user is an admin or custom user with editAnyCollection
This commit is contained in:
parent
744a48183b
commit
8921230b4f
@ -157,7 +157,7 @@
|
||||
</button>
|
||||
<button
|
||||
bitMenuItem
|
||||
*ngIf="canEditCipher || !vaultBulkManagementActionEnabled"
|
||||
*ngIf="canManageCollection || !vaultBulkManagementActionEnabled"
|
||||
(click)="deleteCipher()"
|
||||
type="button"
|
||||
>
|
||||
|
@ -36,6 +36,7 @@ export class VaultCipherRowComponent implements OnInit {
|
||||
@Input() viewingOrgVault: boolean;
|
||||
@Input() canEditCipher: boolean;
|
||||
@Input() vaultBulkManagementActionEnabled: boolean;
|
||||
@Input() canManageCollection: boolean;
|
||||
|
||||
@Output() onEvent = new EventEmitter<VaultItemEvent>();
|
||||
|
||||
|
@ -133,6 +133,9 @@
|
||||
[collections]="allCollections"
|
||||
[checked]="selection.isSelected(item)"
|
||||
[canEditCipher]="canEditCipher(item.cipher) && vaultBulkManagementActionEnabled"
|
||||
[canManageCollection]="
|
||||
canManageCollection(item.cipher) && vaultBulkManagementActionEnabled
|
||||
"
|
||||
[vaultBulkManagementActionEnabled]="vaultBulkManagementActionEnabled"
|
||||
(checkedToggled)="selection.toggle(item)"
|
||||
(onEvent)="event($event)"
|
||||
|
@ -48,6 +48,7 @@ export class VaultItemsComponent {
|
||||
@Input() addAccessToggle: boolean;
|
||||
@Input() restrictProviderAccess: boolean;
|
||||
@Input() vaultBulkManagementActionEnabled = false;
|
||||
@Input() activeCollection: CollectionView | undefined;
|
||||
|
||||
private _ciphers?: CipherView[] = [];
|
||||
@Input() get ciphers(): CipherView[] {
|
||||
@ -218,6 +219,33 @@ export class VaultItemsComponent {
|
||||
);
|
||||
}
|
||||
|
||||
protected canManageCollection(cipher: CipherView) {
|
||||
if (cipher.organizationId == null) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Check for admin access in AC vault
|
||||
if (this.showAdminActions) {
|
||||
const organization = this.allOrganizations.find((o) => o.id === cipher.organizationId);
|
||||
|
||||
if (organization?.permissions.editAnyCollection) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (organization?.allowAdminAccessToAllCollectionItems && organization.isAdmin) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
if (this.activeCollection) {
|
||||
return this.activeCollection.manage;
|
||||
}
|
||||
|
||||
return this.allCollections
|
||||
.filter((c) => cipher.collectionIds.includes(c.id))
|
||||
.some((collection) => collection.manage);
|
||||
}
|
||||
|
||||
private refreshItems() {
|
||||
const collections: VaultItem[] = this.collections.map((collection) => ({ collection }));
|
||||
const ciphers: VaultItem[] = this.ciphers.map((cipher) => ({ cipher }));
|
||||
@ -294,20 +322,16 @@ export class VaultItemsComponent {
|
||||
|
||||
const hasPersonalItems = this.hasPersonalItems();
|
||||
const uniqueCipherOrgIds = this.getUniqueOrganizationIds();
|
||||
const organizations = Array.from(uniqueCipherOrgIds, (orgId) =>
|
||||
this.allOrganizations.find((o) => o.id === orgId),
|
||||
);
|
||||
|
||||
const canEditOrManageAllCiphers =
|
||||
organizations.length > 0 &&
|
||||
organizations.every((org) => org?.canEditAllCiphers(this.restrictProviderAccess));
|
||||
const canManageCollectionCiphers = this.selection.selected
|
||||
.filter((item) => item.cipher)
|
||||
.every(({ cipher }) => this.canManageCollection(cipher));
|
||||
|
||||
const canDeleteCollections = this.selection.selected
|
||||
.filter((item) => item.collection)
|
||||
.every((item) => item.collection && this.canDeleteCollection(item.collection));
|
||||
|
||||
const userCanDeleteAccess =
|
||||
(canEditOrManageAllCiphers || this.allCiphersHaveEditAccess()) && canDeleteCollections;
|
||||
const userCanDeleteAccess = canManageCollectionCiphers && canDeleteCollections;
|
||||
|
||||
if (
|
||||
userCanDeleteAccess ||
|
||||
|
@ -57,6 +57,7 @@
|
||||
[showBulkAddToCollections]="vaultBulkManagementActionEnabled$ | async"
|
||||
(onEvent)="onVaultItemsEvent($event)"
|
||||
[vaultBulkManagementActionEnabled]="vaultBulkManagementActionEnabled$ | async"
|
||||
[activeCollection]="selectedCollection?.node"
|
||||
>
|
||||
</app-vault-items>
|
||||
<div
|
||||
|
Loading…
Reference in New Issue
Block a user