mirror of
https://github.com/bitwarden/browser.git
synced 2024-12-21 16:18:28 +01:00
[AC-2195] Fixes for FC V1 for Custom Users (#8034)
* [AC-2195] Update canEditAnyCipher permission to make an exception for Custom users with editAnyCollection permission * [AC-2195] Update V1 FC flag check to include check for an organization's FC status * [AC-2195] Remove redundant collection management setting check that was hiding the restricted access message for custom users with deleteAnyCollection * [AC-2195] Ensure users with canEditAnyCollections can edit all collections
This commit is contained in:
parent
38d8fbdb5a
commit
dee0b20554
@ -141,7 +141,11 @@ export class VaultComponent implements OnInit, OnDestroy {
|
||||
FeatureFlag.BulkCollectionAccess,
|
||||
false,
|
||||
);
|
||||
protected flexibleCollectionsV1Enabled: boolean;
|
||||
private _flexibleCollectionsV1FlagEnabled: boolean;
|
||||
|
||||
protected get flexibleCollectionsV1Enabled(): boolean {
|
||||
return this._flexibleCollectionsV1FlagEnabled && this.organization?.flexibleCollections;
|
||||
}
|
||||
|
||||
private searchText$ = new Subject<string>();
|
||||
private refresh$ = new BehaviorSubject<void>(null);
|
||||
@ -184,7 +188,7 @@ export class VaultComponent implements OnInit, OnDestroy {
|
||||
: "trashCleanupWarning",
|
||||
);
|
||||
|
||||
this.flexibleCollectionsV1Enabled = await this.configService.getFeatureFlag(
|
||||
this._flexibleCollectionsV1FlagEnabled = await this.configService.getFeatureFlag(
|
||||
FeatureFlag.FlexibleCollectionsV1,
|
||||
false,
|
||||
);
|
||||
@ -274,13 +278,8 @@ export class VaultComponent implements OnInit, OnDestroy {
|
||||
|
||||
this.editableCollections$ = allCollectionsWithoutUnassigned$.pipe(
|
||||
map((collections) => {
|
||||
if (
|
||||
this.organization.canEditAnyCollection &&
|
||||
this.organization.allowAdminAccessToAllCollectionItems
|
||||
) {
|
||||
return collections;
|
||||
}
|
||||
if (this.organization.isProviderUser) {
|
||||
// Users that can edit all ciphers can implicitly edit all collections
|
||||
if (this.organization.canEditAllCiphers(this.flexibleCollectionsV1Enabled)) {
|
||||
return collections;
|
||||
}
|
||||
return collections.filter((c) => c.assigned && !c.readOnly);
|
||||
@ -404,8 +403,7 @@ export class VaultComponent implements OnInit, OnDestroy {
|
||||
map(([filter, collection, organization]) => {
|
||||
return (
|
||||
(filter.collectionId === Unassigned && !organization.canUseAdminCollections) ||
|
||||
(!organization.allowAdminAccessToAllCollectionItems &&
|
||||
!organization.canEditAllCiphers(this.flexibleCollectionsV1Enabled) &&
|
||||
(!organization.canEditAllCiphers(this.flexibleCollectionsV1Enabled) &&
|
||||
collection != undefined &&
|
||||
!collection.node.assigned)
|
||||
);
|
||||
|
@ -202,11 +202,11 @@ export class Organization {
|
||||
return this.canEditAnyCollection;
|
||||
}
|
||||
// Post Flexible Collections V1, the allowAdminAccessToAllCollectionItems flag can restrict admins
|
||||
// Providers are not affected by allowAdminAccessToAllCollectionItems flag
|
||||
// note: canEditAnyCollection may change in the V1 to also ignore the allowAdminAccessToAllCollectionItems flag
|
||||
// Providers and custom users with canEditAnyCollection are not affected by allowAdminAccessToAllCollectionItems flag
|
||||
return (
|
||||
this.isProviderUser ||
|
||||
(this.allowAdminAccessToAllCollectionItems && this.canEditAnyCollection)
|
||||
(this.type === OrganizationUserType.Custom && this.permissions.editAnyCollection) ||
|
||||
(this.allowAdminAccessToAllCollectionItems && this.isAdmin)
|
||||
);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user