[AC-2195] Fixes for FC V1 for Custom Users (#8034)

* [AC-2195] Update canEditAnyCipher permission to make an exception for Custom users with editAnyCollection permission * [AC-2195] Update V1 FC flag check to include check for an organization's FC status * [AC-2195] Remove redundant collection management setting check that was hiding the restricted access message for custom users with deleteAnyCollection * [AC-2195] Ensure users with canEditAnyCollections can edit all collections
2024-11-22 11:45:59 +01:00 · 2024-02-23 10:01:25 -08:00 · 2024-02-23 10:01:25 -08:00 · dee0b20554
commit dee0b20554
parent 38d8fbdb5a
2 changed files with 12 additions and 14 deletions
--- a/apps/web/src/app/vault/org-vault/vault.component.ts
+++ b/apps/web/src/app/vault/org-vault/vault.component.ts
@ -141,7 +141,11 @@ export class VaultComponent implements OnInit, OnDestroy {
    FeatureFlag.BulkCollectionAccess,
    false,
  );
-  protected flexibleCollectionsV1Enabled: boolean;
+  private _flexibleCollectionsV1FlagEnabled: boolean;
+
+  protected get flexibleCollectionsV1Enabled(): boolean {
+    return this._flexibleCollectionsV1FlagEnabled && this.organization?.flexibleCollections;
+  }

  private searchText$ = new Subject<string>();
  private refresh$ = new BehaviorSubject<void>(null);
@ -184,7 +188,7 @@ export class VaultComponent implements OnInit, OnDestroy {
        : "trashCleanupWarning",
    );

-    this.flexibleCollectionsV1Enabled = await this.configService.getFeatureFlag(
+    this._flexibleCollectionsV1FlagEnabled = await this.configService.getFeatureFlag(
      FeatureFlag.FlexibleCollectionsV1,
      false,
    );
@ -274,13 +278,8 @@ export class VaultComponent implements OnInit, OnDestroy {

    this.editableCollections$ = allCollectionsWithoutUnassigned$.pipe(
      map((collections) => {
-        if (
-          this.organization.canEditAnyCollection &&
-          this.organization.allowAdminAccessToAllCollectionItems
-        ) {
-          return collections;
-        }
-        if (this.organization.isProviderUser) {
+        // Users that can edit all ciphers can implicitly edit all collections
+        if (this.organization.canEditAllCiphers(this.flexibleCollectionsV1Enabled)) {
          return collections;
        }
        return collections.filter((c) => c.assigned && !c.readOnly);
@ -404,8 +403,7 @@ export class VaultComponent implements OnInit, OnDestroy {
      map(([filter, collection, organization]) => {
        return (
          (filter.collectionId === Unassigned && !organization.canUseAdminCollections) ||
-          (!organization.allowAdminAccessToAllCollectionItems &&
-            !organization.canEditAllCiphers(this.flexibleCollectionsV1Enabled) &&
+          (!organization.canEditAllCiphers(this.flexibleCollectionsV1Enabled) &&
            collection != undefined &&
            !collection.node.assigned)
        );
--- a/libs/common/src/admin-console/models/domain/organization.ts
+++ b/libs/common/src/admin-console/models/domain/organization.ts
@ -202,11 +202,11 @@ export class Organization {
      return this.canEditAnyCollection;
    }
    // Post Flexible Collections V1, the allowAdminAccessToAllCollectionItems flag can restrict admins
-    // Providers are not affected by allowAdminAccessToAllCollectionItems flag
-    // note: canEditAnyCollection may change in the V1 to also ignore the allowAdminAccessToAllCollectionItems flag
+    // Providers and custom users with canEditAnyCollection are not affected by allowAdminAccessToAllCollectionItems flag
    return (
      this.isProviderUser ||
-      (this.allowAdminAccessToAllCollectionItems && this.canEditAnyCollection)
+      (this.type === OrganizationUserType.Custom && this.permissions.editAnyCollection) ||
+      (this.allowAdminAccessToAllCollectionItems && this.isAdmin)
    );
  }