bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-13 06:43:35 +00:00
Code Issues Releases Wiki Activity

[PM-28216] Add org ability check for one time dialog (#17372)

Browse Source 
* add org ability check for one time dialog

* exclude providers (cautionary step) and add tests
This commit is contained in:
Brandon Treston
2025-11-14 11:43:10 -05:00
committed by GitHub
parent 0925f4fa78
commit 099a4a0f03
3 changed files with 124 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/web/src/app/vault/individual-vault/vault.component.ts
View File

@@ -1623,7 +1623,7 @@ export class VaultComponent<C extends CipherViewLike> implements OnInit, OnDestr
!policyEnabled && !policyEnabled &&
autoConfirmState.showSetupDialog && autoConfirmState.showSetupDialog &&
!!organization && !!organization &&
(organization.canManageUsers || organization.canManagePolicies); organization.canEnableAutoConfirmPolicy;
if (showDialog) { if (showDialog) {
await this.openAutoConfirmFeatureDialog(organization); await this.openAutoConfirmFeatureDialog(organization);

115
libs/common/src/admin-console/models/domain/organization.spec.ts
View File

@@ -32,6 +32,7 @@ describe("Organization", () => {
useSecretsManager: true, useSecretsManager: true,
usePasswordManager: true, usePasswordManager: true,
useActivateAutofillPolicy: false, useActivateAutofillPolicy: false,
useAutomaticUserConfirmation: false,
selfHost: false, selfHost: false,
usersGetPremium: false, usersGetPremium: false,
seats: 10, seats: 10,
@@ -179,4 +180,118 @@ describe("Organization", () => {
expect(organization.canManageDeviceApprovals).toBe(true); expect(organization.canManageDeviceApprovals).toBe(true);
}); });
}); });
describe("canEnableAutoConfirmPolicy", () => {
it("should return false when user cannot manage users or policies", () => {
data.type = OrganizationUserType.User;
data.permissions.manageUsers = false;
data.permissions.managePolicies = false;
data.useAutomaticUserConfirmation = true;
const organization = new Organization(data);
expect(organization.canEnableAutoConfirmPolicy).toBe(false);
});
it("should return false when user can manage users but useAutomaticUserConfirmation is false", () => {
data.type = OrganizationUserType.Admin;
data.useAutomaticUserConfirmation = false;
const organization = new Organization(data);
expect(organization.canEnableAutoConfirmPolicy).toBe(false);
});
it("should return false when user has manageUsers permission but useAutomaticUserConfirmation is false", () => {
data.type = OrganizationUserType.User;
data.permissions.manageUsers = true;
data.useAutomaticUserConfirmation = false;
const organization = new Organization(data);
expect(organization.canEnableAutoConfirmPolicy).toBe(false);
});
it("should return false when user can manage policies but useAutomaticUserConfirmation is false", () => {
data.type = OrganizationUserType.Admin;
data.usePolicies = true;
data.useAutomaticUserConfirmation = false;
const organization = new Organization(data);
expect(organization.canEnableAutoConfirmPolicy).toBe(false);
});
it("should return false when user has managePolicies permission but usePolicies is false", () => {
data.type = OrganizationUserType.User;
data.permissions.managePolicies = true;
data.usePolicies = false;
data.useAutomaticUserConfirmation = true;
const organization = new Organization(data);
expect(organization.canEnableAutoConfirmPolicy).toBe(false);
});
it("should return true when admin has useAutomaticUserConfirmation enabled", () => {
data.type = OrganizationUserType.Admin;
data.useAutomaticUserConfirmation = true;
const organization = new Organization(data);
expect(organization.canEnableAutoConfirmPolicy).toBe(true);
});
it("should return true when owner has useAutomaticUserConfirmation enabled", () => {
data.type = OrganizationUserType.Owner;
data.useAutomaticUserConfirmation = true;
const organization = new Organization(data);
expect(organization.canEnableAutoConfirmPolicy).toBe(true);
});
it("should return true when user has manageUsers permission and useAutomaticUserConfirmation is enabled", () => {
data.type = OrganizationUserType.User;
data.permissions.manageUsers = true;
data.useAutomaticUserConfirmation = true;
const organization = new Organization(data);
expect(organization.canEnableAutoConfirmPolicy).toBe(true);
});
it("should return true when user has managePolicies permission, usePolicies is true, and useAutomaticUserConfirmation is enabled", () => {
data.type = OrganizationUserType.User;
data.permissions.managePolicies = true;
data.usePolicies = true;
data.useAutomaticUserConfirmation = true;
const organization = new Organization(data);
expect(organization.canEnableAutoConfirmPolicy).toBe(true);
});
it("should return true when user has both manageUsers and managePolicies permissions with useAutomaticUserConfirmation enabled", () => {
data.type = OrganizationUserType.User;
data.permissions.manageUsers = true;
data.permissions.managePolicies = true;
data.usePolicies = true;
data.useAutomaticUserConfirmation = true;
const organization = new Organization(data);
expect(organization.canEnableAutoConfirmPolicy).toBe(true);
});
it("should return false when provider user has useAutomaticUserConfirmation enabled", () => {
data.type = OrganizationUserType.Owner;
data.isProviderUser = true;
data.useAutomaticUserConfirmation = true;
const organization = new Organization(data);
expect(organization.canEnableAutoConfirmPolicy).toBe(false);
});
});
}); });

8
libs/common/src/admin-console/models/domain/organization.ts
View File

@@ -310,6 +310,14 @@ export class Organization {
return this.isAdmin || this.permissions.manageResetPassword; return this.isAdmin || this.permissions.manageResetPassword;
} }
get canEnableAutoConfirmPolicy() {
return (
(this.canManageUsers || this.canManagePolicies) &&
this.useAutomaticUserConfirmation &&
!this.isProviderUser
);
}
get canManageDeviceApprovals() { get canManageDeviceApprovals() {
return ( return (
(this.isAdmin || this.permissions.manageResetPassword) && (this.isAdmin || this.permissions.manageResetPassword) &&