Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2025-01-19 20:51:35 +01:00
Code Issues Projects Releases Wiki Activity

[AC-1452] Restrict access to 'Organization Info' and 'Two-Step Login' settings pages with a permission check (#9483)

Browse Source 
* Guard Organization Info route - Owners only

* Guard TwoFactor route - Owners only and Organization must be able to use 2FA

* Update guards to use function syntax

---------

Co-authored-by: Addison Beck <hello@addisonbeck.com>
This commit is contained in:
Rui Tomé 2024-07-03 17:45:49 +01:00 committed by GitHub
parent 9c17878330
commit a9abc772c2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
apps/web/src/app/admin-console/organizations/settings/organization-settings-routing.module.ts
View File

@ -22,11 +22,21 @@ const routes: Routes = [
canActivate: [organizationRedirectGuard(getSettingsRoute)], canActivate: [organizationRedirectGuard(getSettingsRoute)],
children: [], // This is required to make the auto redirect work, children: [], // This is required to make the auto redirect work,
}, },
{ path: "account", component: AccountComponent, data: { titleId: "organizationInfo" } }, {
path: "account",
component: AccountComponent,
canActivate: [organizationPermissionsGuard((o) => o.isOwner)],
data: {
titleId: "organizationInfo",
},
},
{ {
path: "two-factor", path: "two-factor",
component: TwoFactorSetupComponent, component: TwoFactorSetupComponent,
data: { titleId: "twoStepLogin" }, canActivate: [organizationPermissionsGuard((o) => o.use2fa && o.isOwner)],
data: {
titleId: "twoStepLogin",
},
}, },
{ {
path: "policies", path: "policies",