Implement dynamic cipher creation permissions in vault header and new cipher menu components

2026-02-11 05:53:42 +00:00 · 2026-01-26 17:23:55 -05:00
parent 36b648f5d7
commit 07cda85d39
3 changed files with 21 additions and 5 deletions
--- a/apps/web/src/app/vault/individual-vault/vault-header/vault-header.component.html
+++ b/apps/web/src/app/vault/individual-vault/vault-header/vault-header.component.html
@@ -76,7 +76,7 @@

  <div *ngIf="filter.type !== 'trash'" class="tw-shrink-0">
    <vault-new-cipher-menu
-      [canCreateCipher]="true"
+      [canCreateCipher]="canCreateCipher"
      [canCreateFolder]="true"
      [canCreateSshKey]="true"
      [canCreateCollection]="canCreateCollections"
--- a/apps/web/src/app/vault/individual-vault/vault-header/vault-header.component.ts
+++ b/apps/web/src/app/vault/individual-vault/vault-header/vault-header.component.ts
@@ -228,6 +228,13 @@ export class VaultHeaderComponent {
    return this.collection.node.canDelete(organization);
  }

+  get canCreateCipher(): boolean {
+    if (this.activeOrganization?.isProviderUser && !this.activeOrganization?.isMember) {
+      return false;
+    }
+    return true;
+  }
+
  deleteCollection() {
    this.onDeleteCollection.emit();
  }
--- a/libs/vault/src/components/new-cipher-menu/new-cipher-menu.component.ts
+++ b/libs/vault/src/components/new-cipher-menu/new-cipher-menu.component.ts
@@ -1,6 +1,7 @@
 import { CommonModule } from "@angular/common";
 import { Component, input, output } from "@angular/core";
-import { map, shareReplay } from "rxjs";
+import { toObservable } from "@angular/core/rxjs-interop";
+import { combineLatest, map, shareReplay } from "rxjs";

 import { JslibModule } from "@bitwarden/angular/jslib.module";
 import { CipherType } from "@bitwarden/common/vault/enums";
@@ -38,10 +39,18 @@ export class NewCipherMenuComponent {
  /**
   * Returns an observable that emits the cipher menu items, filtered by the restricted types.
   */
-  cipherMenuItems$ = this.restrictedItemTypesService.restricted$.pipe(
-    map((restrictedTypes) => {
+  cipherMenuItems$ = combineLatest([
+    this.restrictedItemTypesService.restricted$,
+    toObservable(this.canCreateCipher),
+    toObservable(this.canCreateSshKey),
+  ]).pipe(
+    map(([restrictedTypes, canCreateCipher, canCreateSshKey]) => {
+      // If user cannot create ciphers at all, return empty array
+      if (!canCreateCipher) {
+        return [];
+      }
      return CIPHER_MENU_ITEMS.filter((item) => {
-        if (!this.canCreateSshKey() && item.type === CipherType.SshKey) {
+        if (!canCreateSshKey && item.type === CipherType.SshKey) {
          return false;
        }
        return !restrictedTypes.some((restrictedType) => restrictedType.cipherType === item.type);