From ef0fd6067695d8f022c06421c903d148f796f4fe Mon Sep 17 00:00:00 2001 From: Brandon Treston Date: Thu, 7 Nov 2024 14:09:56 -0500 Subject: [PATCH] [PM-11409] prevent managed user from leaving organization (#11895) * add check to prevent managed user from leaving managing org * remove unused vaiable * add null check --- .../organization-options.component.ts | 31 ++++++++++++++++--- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/apps/web/src/app/vault/individual-vault/vault-filter/components/organization-options.component.ts b/apps/web/src/app/vault/individual-vault/vault-filter/components/organization-options.component.ts index 3b7db72a09..57eb9b1bdd 100644 --- a/apps/web/src/app/vault/individual-vault/vault-filter/components/organization-options.component.ts +++ b/apps/web/src/app/vault/individual-vault/vault-filter/components/organization-options.component.ts @@ -1,5 +1,5 @@ import { Component, Inject, OnDestroy, OnInit } from "@angular/core"; -import { combineLatest, map, Observable, Subject, takeUntil } from "rxjs"; +import { combineLatest, map, Observable, of, Subject, switchMap, takeUntil } from "rxjs"; import { OrganizationUserApiService, @@ -8,11 +8,14 @@ import { import { UserDecryptionOptionsServiceAbstraction } from "@bitwarden/auth/common"; import { ApiService } from "@bitwarden/common/abstractions/api.service"; import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction"; +import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction"; import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction"; import { PolicyType } from "@bitwarden/common/admin-console/enums"; import { Organization } from "@bitwarden/common/admin-console/models/domain/organization"; import { Policy } from "@bitwarden/common/admin-console/models/domain/policy"; import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction"; +import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum"; +import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service"; import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service"; import { LogService } from "@bitwarden/common/platform/abstractions/log.service"; import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service"; @@ -53,6 +56,8 @@ export class OrganizationOptionsComponent implements OnInit, OnDestroy { private resetPasswordService: OrganizationUserResetPasswordService, private userVerificationService: UserVerificationService, private toastService: ToastService, + private configService: ConfigService, + private organizationService: OrganizationService, ) {} async ngOnInit() { @@ -60,23 +65,39 @@ export class OrganizationOptionsComponent implements OnInit, OnDestroy { map((policies) => policies.filter((policy) => policy.type === PolicyType.ResetPassword)), ); + const managingOrg$ = this.configService + .getFeatureFlag$(FeatureFlag.AccountDeprovisioning) + .pipe( + switchMap((isAccountDeprovisioningEnabled) => + isAccountDeprovisioningEnabled + ? this.organizationService.organizations$.pipe( + map((organizations) => + organizations.find((o) => o.userIsManagedByOrganization === true), + ), + ) + : of(null), + ), + ); + combineLatest([ this.organization$, resetPasswordPolicies$, this.userDecryptionOptionsService.userDecryptionOptions$, + managingOrg$, ]) .pipe(takeUntil(this.destroy$)) - .subscribe(([organization, resetPasswordPolicies, decryptionOptions]) => { + .subscribe(([organization, resetPasswordPolicies, decryptionOptions, managingOrg]) => { this.organization = organization; this.resetPasswordPolicy = resetPasswordPolicies.find( (p) => p.organizationId === organization.id, ); - // A user can leave an organization if they are NOT using TDE and Key Connector, or they have a master password. + // A user can leave an organization if they are NOT a managed user and they are NOT using TDE and Key Connector, or they have a master password. this.showLeaveOrgOption = - (decryptionOptions.trustedDeviceOption == undefined && + managingOrg?.id !== organization.id && + ((decryptionOptions.trustedDeviceOption == undefined && decryptionOptions.keyConnectorOption == undefined) || - decryptionOptions.hasMasterPassword; + decryptionOptions.hasMasterPassword); // Hide the 3 dot menu if the user has no available actions this.hideMenu =