[PM-7292] Fix viewing/editing unassigned ciphers for admins (#8627)

* [PM-7292] Introduce canEditUnassignedCiphers helper * [PM-7292] Use new canEditUnassignedCiphers helper * [PM-7292] Remove duplicate canUseAdminCollections helper
2024-11-21 11:35:34 +01:00 · 2024-04-05 08:23:50 -07:00 · 2024-04-05 08:23:50 -07:00 · cbf48decec
commit cbf48decec
parent 09169cac71
3 changed files with 9 additions and 10 deletions
--- a/apps/web/src/app/vault/org-vault/vault.component.ts
+++ b/apps/web/src/app/vault/org-vault/vault.component.ts
@ -213,7 +213,7 @@ export class VaultComponent implements OnInit, OnDestroy {
      switchMap(async ([organization]) => {
        this.organization = organization;
-        if (!organization.canUseAdminCollections(this.flexibleCollectionsV1Enabled)) {
+        if (!organization.canEditAnyCollection(this.flexibleCollectionsV1Enabled)) {
          await this.syncService.fullSync(false);
        }
@ -407,8 +407,7 @@ export class VaultComponent implements OnInit, OnDestroy {
    ]).pipe(
      map(([filter, collection, organization]) => {
        return (
-          (filter.collectionId === Unassigned &&
+          (filter.collectionId === Unassigned && !organization.canEditUnassignedCiphers()) ||
            !organization.canUseAdminCollections(this.flexibleCollectionsV1Enabled)) ||
          (!organization.canEditAllCiphers(this.flexibleCollectionsV1Enabled) &&
            collection != undefined &&
            !collection.node.assigned)
@ -454,12 +453,11 @@ export class VaultComponent implements OnInit, OnDestroy {
      map(([filter, collection, organization]) => {
        return (
          // Filtering by unassigned, show message if not admin
-          (filter.collectionId === Unassigned &&
+          (filter.collectionId === Unassigned && !organization.canEditUnassignedCiphers()) ||
            !organization.canUseAdminCollections(this.flexibleCollectionsV1Enabled)) ||
          // Filtering by a collection, so show message if user is not assigned
          (collection != undefined &&
            !collection.node.assigned &&
-            !organization.canUseAdminCollections(this.flexibleCollectionsV1Enabled))
+            !organization.canEditAnyCollection(this.flexibleCollectionsV1Enabled))
        );
      }),
      shareReplay({ refCount: true, bufferSize: 1 }),
@ -482,7 +480,7 @@ export class VaultComponent implements OnInit, OnDestroy {
              (await firstValueFrom(allCipherMap$))[cipherId] != undefined;
          } else {
            canEditCipher =
-              organization.canUseAdminCollections(this.flexibleCollectionsV1Enabled) ||
+              organization.canEditAnyCollection(this.flexibleCollectionsV1Enabled) ||
              (await this.cipherService.get(cipherId)) != null;
          }
--- a/libs/angular/src/vault/components/add-edit.component.ts
+++ b/libs/angular/src/vault/components/add-edit.component.ts
@ -662,7 +662,7 @@ export class AddEditComponent implements OnInit, OnDestroy {
    // if a cipher is unassigned we want to check if they are an admin or have permission to edit any collection
    if (!cipher.collectionIds) {
-      orgAdmin = this.organization?.canEditAllCiphers(this.flexibleCollectionsV1Enabled);
+      orgAdmin = this.organization?.canEditUnassignedCiphers();
    }
    return this.cipher.id == null
--- a/libs/common/src/admin-console/models/domain/organization.ts
+++ b/libs/common/src/admin-console/models/domain/organization.ts
@ -203,8 +203,9 @@ export class Organization {
    );
  }
-  canUseAdminCollections(flexibleCollectionsV1Enabled: boolean) {
+  canEditUnassignedCiphers() {
-    return this.canEditAnyCollection(flexibleCollectionsV1Enabled);
+    // TODO: Update this to exclude Providers if provider access is restricted in AC-1707
    return this.isAdmin || this.permissions.editAnyCollection;
  }
  canEditAllCiphers(flexibleCollectionsV1Enabled: boolean) {