From 15597fb4e9d8211bd252780fbd88756c8b796035 Mon Sep 17 00:00:00 2001 From: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com> Date: Fri, 4 Aug 2023 09:18:48 -0500 Subject: [PATCH] [AC-1529] Update settings tab visibility to include device approvals (#5855) * fix: update show org settings function, add explicit canManageDeviceApprovals helper, refs AC-1529 * fix: add device approval in org-redirect guard and update passed permission, refs AC-1529 --- .../settings/organization-settings-routing.module.ts | 3 +++ .../organizations/settings/settings.component.html | 2 +- .../organizations/organizations-routing.module.ts | 2 +- .../organization/organization.service.abstraction.ts | 3 ++- libs/common/src/admin-console/models/domain/organization.ts | 4 ++++ 5 files changed, 11 insertions(+), 3 deletions(-) diff --git a/apps/web/src/app/admin-console/organizations/settings/organization-settings-routing.module.ts b/apps/web/src/app/admin-console/organizations/settings/organization-settings-routing.module.ts index c75a6971408..7feda23f5cf 100644 --- a/apps/web/src/app/admin-console/organizations/settings/organization-settings-routing.module.ts +++ b/apps/web/src/app/admin-console/organizations/settings/organization-settings-routing.module.ts @@ -70,6 +70,9 @@ function getSettingsRoute(organization: Organization) { if (organization.canManageScim) { return "scim"; } + if (organization.canManageDeviceApprovals) { + return "device-approvals"; + } return undefined; } diff --git a/apps/web/src/app/admin-console/organizations/settings/settings.component.html b/apps/web/src/app/admin-console/organizations/settings/settings.component.html index bc2b2e54a0c..036d05d0f73 100644 --- a/apps/web/src/app/admin-console/organizations/settings/settings.component.html +++ b/apps/web/src/app/admin-console/organizations/settings/settings.component.html @@ -65,7 +65,7 @@ routerLink="device-approvals" class="list-group-item" routerLinkActive="active" - *ngIf="org.canManageUsersPassword" + *ngIf="org.canManageDeviceApprovals" > {{ "deviceApprovals" | i18n }} diff --git a/bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts b/bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts index 22cd2571cae..00fd124ff67 100644 --- a/bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts +++ b/bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts @@ -62,7 +62,7 @@ const routes: Routes = [ canAccessFeature(FeatureFlag.TrustedDeviceEncryption), ], data: { - organizationPermissions: (org: Organization) => org.canManageUsersPassword, + organizationPermissions: (org: Organization) => org.canManageDeviceApprovals, titleId: "deviceApprovals", }, }, diff --git a/libs/common/src/admin-console/abstractions/organization/organization.service.abstraction.ts b/libs/common/src/admin-console/abstractions/organization/organization.service.abstraction.ts index 1210f4527ac..899acf0b432 100644 --- a/libs/common/src/admin-console/abstractions/organization/organization.service.abstraction.ts +++ b/libs/common/src/admin-console/abstractions/organization/organization.service.abstraction.ts @@ -15,7 +15,8 @@ export function canAccessSettingsTab(org: Organization): boolean { org.canManagePolicies || org.canManageSso || org.canManageScim || - org.canAccessImportExport + org.canAccessImportExport || + org.canManageDeviceApprovals ); } diff --git a/libs/common/src/admin-console/models/domain/organization.ts b/libs/common/src/admin-console/models/domain/organization.ts index 89751eb3e8d..e1e5e8a6e2c 100644 --- a/libs/common/src/admin-console/models/domain/organization.ts +++ b/libs/common/src/admin-console/models/domain/organization.ts @@ -217,6 +217,10 @@ export class Organization { return this.isAdmin || this.permissions.manageResetPassword; } + get canManageDeviceApprovals() { + return (this.isAdmin || this.permissions.manageResetPassword) && this.useSso; + } + get isExemptFromPolicies() { return this.canManagePolicies; }