[AC-1373] Flexible Collections (#6336)

* [AC-1117] Add manage permission (#5910) * Add 'manage' option to collection access permissions * Add 'manage' to collection permissions * remove service accidentally committed from another branch * Update CLI commands * update message casing to be consistent * access selector model updates * [AC-1374] Limit collection create/delete (#5963) * feat: udate request/response/data/domain models for new column, refs AC-1374 * feat: create collection management ui, refs AC-1374 * fix: remove limitCollectionCdOwnerAdmin boolean from org update request, refs AC-1374 * fix: moved collection management UI, removed comments, refs AC-1374 * fix: observable chaining now properly calls API when local org updated, refs AC-1374 * fix: remove unused form template variables, refs AC-1374 * fix: clean up observable chain, refs AC-1374 * fix: remove parent.parent route, refs AC-1374 * fix: add cd explaination, refs AC-1374 * [AC-1649] Remove organizationId from collection-bulk-delete.request (#6343) * refactor: remove organizationId from collection-bulk-delete-request, refs AC-1649 * refactor: remove request model from dialog component, refs AC-1649 * [AC-1174] Bulk collection management (#6133) * [AC-1174] Add bulk edit collection access event type * [AC-1174] Add bulk edit collection access menu option * [AC-1174] Add initial bulk collections access dialog * [AC-1174] Add logic to open bulk edit collections dialog * [AC-1174] Move AccessItemView helper methods to access selector model to be shared * [AC-1174] Add access selector to bulk collections dialog * [AC-1174] Add bulk assign access method to collection-admin service * [AC-1174] Introduce strongly typed BulkCollectionAccessRequest model * [AC-1174] Update vault item event type name * Update DialogService dependency --------- Co-authored-by: Thomas Rittson <trittson@bitwarden.com> * Rename LimitCollectionCdOwnerAdmin -> LimitCollectionCreationDeletion (#6409) * Add manage property to synced Collection data * Revert "Add manage property to synced Collection data" Pushed to feature branch instead of a new one This reverts commit 65cd39589c. * Add manage property to synced Collection data * Revert "Add manage property to synced Collection data" This reverts commit f7fa30b79a. * [AC-1680] Add manage property to collection view and response models (#6417) * Add manage property to synced Collection data * Update tests * feat: add LimitCollectionCreationDeletion conditional to canCreateNewCollections logic, refs AC-1659 (#6429) * [AC-1669] Enforce Can Manage permission on Collection dialog (#6493) * [AC-1669] Cleanup unhandled promise warnings * [AC-1669] Force change detection to ensure AccessSelector has the most recent items * [AC-1669] Initially select acting member when creating a new collection * [AC-1669] Add validator to ensure manage permission is selected * [AC-1669] Update error toast logic to support access tab errors * [AC-1669] Add error icon * [AC-1713] [Flexible collections] Add feature flags to clients (#6486) * Add FlexibleCollections and BulkCollectionAccess flags * Flag Collection Management settings * Flag bulk collection access dialog * Flag collection access modal changes * [AC-1662] Add LimitCollecitonCreationDeletion conditional to CanDelete logic (#6526) * feat: implement limitCollectionCreationDeletion into canDelete logic, refs AC-1662 * feat: make canDelete functions backwards compatible with feature flag, refs AC-1662 * feat: update vault-items.component for async getter, refs AC-1662 * feat: update configService injection, refs AC-1662 * feat: add config service to canDelete reference, refs AC-1662 * fix: remove configservice dependency from views, refs AC-1757 (#6686) * Add missing provider to vault-items.stories (#6690) * Fix imports after update from master --------- Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com> Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com> Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com> Co-authored-by: Shane Melton <smelton@bitwarden.com>
2026-01-05 10:03:21 +00:00 · 2023-11-01 19:30:59 +10:00
parent 2ec3f808d2
commit 0c3b569d0e
53 changed files with 725 additions and 138 deletions
--- a/apps/web/src/app/admin-console/organizations/shared/components/access-selector/access-selector.component.ts
+++ b/apps/web/src/app/admin-console/organizations/shared/components/access-selector/access-selector.component.ts
@@ -122,6 +122,10 @@ export class AccessSelectorComponent implements ControlValueAccessor, OnInit, On
    { perm: CollectionPermission.Edit, labelId: "canEdit" },
    { perm: CollectionPermission.EditExceptPass, labelId: "canEditExceptPass" },
  ];
+  private canManagePermissionListItem = {
+    perm: CollectionPermission.Manage,
+    labelId: "canManage",
+  };
  protected initialPermission = CollectionPermission.View;

  disabled: boolean;
@@ -192,6 +196,11 @@ export class AccessSelectorComponent implements ControlValueAccessor, OnInit, On
   */
  @Input() showGroupColumn: boolean;

+  /**
+   * Enable Flexible Collections changes (feature flag)
+   */
+  @Input() flexibleCollectionsEnabled: boolean;
+
  constructor(
    private readonly formBuilder: FormBuilder,
    private readonly i18nService: I18nService
@@ -254,7 +263,7 @@ export class AccessSelectorComponent implements ControlValueAccessor, OnInit, On
    this.pauseChangeNotification = false;
  }

-  ngOnInit() {
+  async ngOnInit() {
    // Watch the internal formArray for changes and propagate them
    this.selectionList.formArray.valueChanges.pipe(takeUntil(this.destroy$)).subscribe((v) => {
      if (!this.notifyOnChange || this.pauseChangeNotification) {
@@ -268,6 +277,10 @@ export class AccessSelectorComponent implements ControlValueAccessor, OnInit, On
      }
      this.notifyOnChange(v);
    });
+
+    if (this.flexibleCollectionsEnabled) {
+      this.permissionList.push(this.canManagePermissionListItem);
+    }
  }

  ngOnDestroy() {
--- a/apps/web/src/app/admin-console/organizations/shared/components/access-selector/access-selector.models.ts
+++ b/apps/web/src/app/admin-console/organizations/shared/components/access-selector/access-selector.models.ts
@@ -1,19 +1,21 @@
+import { OrganizationUserUserDetailsResponse } from "@bitwarden/common/admin-console/abstractions/organization-user/responses";
 import {
  OrganizationUserStatusType,
  OrganizationUserType,
 } from "@bitwarden/common/admin-console/enums";
 import { SelectItemView } from "@bitwarden/components";

-import { CollectionAccessSelectionView } from "../../../core";
+import { CollectionAccessSelectionView, GroupView } from "../../../core";

 /**
- * Permission options that replace/correspond with readOnly and hidePassword server fields.
+ * Permission options that replace/correspond with manage, readOnly, and hidePassword server fields.
 */
 export enum CollectionPermission {
  View = "view",
  ViewExceptPass = "viewExceptPass",
  Edit = "edit",
  EditExceptPass = "editExceptPass",
+  Manage = "manage",
 }

 export enum AccessItemType {
@@ -82,7 +84,9 @@ export type AccessItemValue = {
 * @param value
 */
 export const convertToPermission = (value: CollectionAccessSelectionView) => {
-  if (value.readOnly) {
+  if (value.manage) {
+    return CollectionPermission.Manage;
+  } else if (value.readOnly) {
    return value.hidePasswords ? CollectionPermission.ViewExceptPass : CollectionPermission.View;
  } else {
    return value.hidePasswords ? CollectionPermission.EditExceptPass : CollectionPermission.Edit;
@@ -91,7 +95,7 @@ export const convertToPermission = (value: CollectionAccessSelectionView) => {

 /**
 * Converts an AccessItemValue back into a CollectionAccessView class using the CollectionPermission
- * to determine the values for `readOnly` and `hidePassword`
+ * to determine the values for `manage`, `readOnly`, and `hidePassword`
 * @param value
 */
 export const convertToSelectionView = (value: AccessItemValue) => {
@@ -99,6 +103,7 @@ export const convertToSelectionView = (value: AccessItemValue) => {
    id: value.id,
    readOnly: readOnly(value.permission),
    hidePasswords: hidePassword(value.permission),
+    manage: value.permission === CollectionPermission.Manage,
  });
 };

@@ -107,3 +112,29 @@ const readOnly = (perm: CollectionPermission) =>

 const hidePassword = (perm: CollectionPermission) =>
  [CollectionPermission.ViewExceptPass, CollectionPermission.EditExceptPass].includes(perm);
+
+export function mapGroupToAccessItemView(group: GroupView): AccessItemView {
+  return {
+    id: group.id,
+    type: AccessItemType.Group,
+    listName: group.name,
+    labelName: group.name,
+    accessAllItems: group.accessAll,
+    readonly: group.accessAll,
+  };
+}
+
+// TODO: Use view when user apis are migrated to a service
+export function mapUserToAccessItemView(user: OrganizationUserUserDetailsResponse): AccessItemView {
+  return {
+    id: user.id,
+    type: AccessItemType.Member,
+    email: user.email,
+    role: user.type,
+    listName: user.name?.length > 0 ? `${user.name} (${user.email})` : user.email,
+    labelName: user.name ?? user.email,
+    status: user.status,
+    accessAllItems: user.accessAll,
+    readonly: user.accessAll,
+  };
+}