1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-12-21 16:18:28 +01:00

[AC-2195] Fixes for FC V1 for Custom Users (#8034)

* [AC-2195] Update canEditAnyCipher permission to make an exception for Custom users with editAnyCollection permission

* [AC-2195] Update V1 FC flag check to include check for an organization's FC status

* [AC-2195] Remove redundant collection management setting check that was hiding the restricted access message for custom users with deleteAnyCollection

* [AC-2195] Ensure users with canEditAnyCollections can edit all collections
This commit is contained in:
Shane Melton 2024-02-23 10:01:25 -08:00 committed by GitHub
parent 38d8fbdb5a
commit dee0b20554
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 12 additions and 14 deletions

View File

@ -141,7 +141,11 @@ export class VaultComponent implements OnInit, OnDestroy {
FeatureFlag.BulkCollectionAccess,
false,
);
protected flexibleCollectionsV1Enabled: boolean;
private _flexibleCollectionsV1FlagEnabled: boolean;
protected get flexibleCollectionsV1Enabled(): boolean {
return this._flexibleCollectionsV1FlagEnabled && this.organization?.flexibleCollections;
}
private searchText$ = new Subject<string>();
private refresh$ = new BehaviorSubject<void>(null);
@ -184,7 +188,7 @@ export class VaultComponent implements OnInit, OnDestroy {
: "trashCleanupWarning",
);
this.flexibleCollectionsV1Enabled = await this.configService.getFeatureFlag(
this._flexibleCollectionsV1FlagEnabled = await this.configService.getFeatureFlag(
FeatureFlag.FlexibleCollectionsV1,
false,
);
@ -274,13 +278,8 @@ export class VaultComponent implements OnInit, OnDestroy {
this.editableCollections$ = allCollectionsWithoutUnassigned$.pipe(
map((collections) => {
if (
this.organization.canEditAnyCollection &&
this.organization.allowAdminAccessToAllCollectionItems
) {
return collections;
}
if (this.organization.isProviderUser) {
// Users that can edit all ciphers can implicitly edit all collections
if (this.organization.canEditAllCiphers(this.flexibleCollectionsV1Enabled)) {
return collections;
}
return collections.filter((c) => c.assigned && !c.readOnly);
@ -404,8 +403,7 @@ export class VaultComponent implements OnInit, OnDestroy {
map(([filter, collection, organization]) => {
return (
(filter.collectionId === Unassigned && !organization.canUseAdminCollections) ||
(!organization.allowAdminAccessToAllCollectionItems &&
!organization.canEditAllCiphers(this.flexibleCollectionsV1Enabled) &&
(!organization.canEditAllCiphers(this.flexibleCollectionsV1Enabled) &&
collection != undefined &&
!collection.node.assigned)
);

View File

@ -202,11 +202,11 @@ export class Organization {
return this.canEditAnyCollection;
}
// Post Flexible Collections V1, the allowAdminAccessToAllCollectionItems flag can restrict admins
// Providers are not affected by allowAdminAccessToAllCollectionItems flag
// note: canEditAnyCollection may change in the V1 to also ignore the allowAdminAccessToAllCollectionItems flag
// Providers and custom users with canEditAnyCollection are not affected by allowAdminAccessToAllCollectionItems flag
return (
this.isProviderUser ||
(this.allowAdminAccessToAllCollectionItems && this.canEditAnyCollection)
(this.type === OrganizationUserType.Custom && this.permissions.editAnyCollection) ||
(this.allowAdminAccessToAllCollectionItems && this.isAdmin)
);
}