[SM-378] Enable SM on a user basis (#4497)

* Add support for giving individual users access to secrets manager
2025-12-23 19:53:43 +00:00 · 2023-01-31 19:03:27 +01:00
parent 29cc94ed70
commit 2757fcee86
13 changed files with 51 additions and 1 deletions
--- a/apps/web/src/app/organizations/core/services/user-admin.service.ts
+++ b/apps/web/src/app/organizations/core/services/user-admin.service.ts
@@ -42,6 +42,7 @@ export class UserAdminService {
    request.type = user.type;
    request.collections = user.collections;
    request.groups = user.groups;
+    request.accessSecretsManager = user.accessSecretsManager;

    await this.organizationUserService.putOrganizationUser(user.organizationId, user.id, request);
  }
@@ -54,6 +55,7 @@ export class UserAdminService {
    request.type = user.type;
    request.collections = user.collections;
    request.groups = user.groups;
+    request.accessSecretsManager = user.accessSecretsManager;

    await this.organizationUserService.postOrganizationUserInvite(user.organizationId, request);
  }
@@ -79,6 +81,7 @@ export class UserAdminService {
        readOnly: c.readOnly,
      }));
      view.groups = u.groups;
+      view.accessSecretsManager = u.accessSecretsManager;

      return view;
    });
--- a/apps/web/src/app/organizations/core/views/organization-user-admin-view.ts
+++ b/apps/web/src/app/organizations/core/views/organization-user-admin-view.ts
@@ -16,4 +16,6 @@ export class OrganizationUserAdminView {

  collections: CollectionAccessSelectionView[] = [];
  groups: string[] = [];
+
+  accessSecretsManager: boolean;
 }
--- a/apps/web/src/app/organizations/manage/user-add-edit.component.html
+++ b/apps/web/src/app/organizations/manage/user-add-edit.component.html
--- a/apps/web/src/app/organizations/manage/user-add-edit.component.ts
+++ b/apps/web/src/app/organizations/manage/user-add-edit.component.ts
--- a/apps/web/src/app/organizations/members/components/member-dialog/member-dialog.component.html
+++ b/apps/web/src/app/organizations/members/components/member-dialog/member-dialog.component.html
@@ -253,6 +253,27 @@
              </div>
            </div>
          </ng-container>
+
+          <ng-container *ngIf="canUseSecretsManager">
+            <h3 class="mt-4">
+              {{ "secretsManagerBeta" | i18n }}
+              <a
+                target="_blank"
+                rel="noopener"
+                appA11yTitle="{{ 'learnMore' | i18n }}"
+                href="https://bitwarden.com/help/secrets-manager"
+              >
+                <i class="bwi bwi-question-circle" aria-hidden="true"></i>
+              </a>
+            </h3>
+            <p class="tw-text-muted">{{ "secretsManagerBetaDesc" | i18n }}</p>
+            <bit-form-control>
+              <input type="checkbox" bitCheckbox formControlName="accessSecretsManager" />
+              <bit-label>
+                {{ "userAccessSecretsManager" | i18n }}
+              </bit-label>
+            </bit-form-control>
+          </ng-container>
        </bit-tab>
        <bit-tab *ngIf="organization.useGroups" [label]="'groups' | i18n">
          <div class="tw-mb-6">
--- a/apps/web/src/app/organizations/members/components/member-dialog/member-dialog.component.ts
+++ b/apps/web/src/app/organizations/members/components/member-dialog/member-dialog.component.ts
@@ -69,6 +69,7 @@ export class MemberDialogComponent implements OnInit, OnDestroy {
  organizationUserType = OrganizationUserType;
  canUseCustomPermissions: boolean;
  PermissionMode = PermissionMode;
+  canUseSecretsManager: boolean;

  protected organization: Organization;
  protected collectionAccessItems: AccessItemView[] = [];
@@ -78,6 +79,7 @@ export class MemberDialogComponent implements OnInit, OnDestroy {
    emails: ["", [Validators.required, commaSeparatedEmails]],
    type: OrganizationUserType.User,
    accessAllCollections: false,
+    accessSecretsManager: false,
    access: [[] as AccessItemValue[]],
    groups: [[] as AccessItemValue[]],
  });
@@ -158,6 +160,7 @@ export class MemberDialogComponent implements OnInit, OnDestroy {
      .subscribe(({ organization, collections, userDetails, groups }) => {
        this.organization = organization;
        this.canUseCustomPermissions = organization.useCustomPermissions;
+        this.canUseSecretsManager = organization.useSecretsManager;

        this.collectionAccessItems = [].concat(
          collections.map((c) => mapCollectionToAccessItemView(c))
@@ -226,6 +229,7 @@ export class MemberDialogComponent implements OnInit, OnDestroy {
            type: userDetails.type,
            accessAllCollections: userDetails.accessAll,
            access: accessSelections,
+            accessSecretsManager: userDetails.accessSecretsManager,
            groups: groupAccessSelections,
          });
        }
@@ -324,6 +328,7 @@ export class MemberDialogComponent implements OnInit, OnDestroy {
      .filter((v) => v.type === AccessItemType.Collection)
      .map(convertToSelectionView);
    userView.groups = this.formGroup.value.groups.map((m) => m.id);
+    userView.accessSecretsManager = this.formGroup.value.accessSecretsManager;

    if (this.editMode) {
      await this.userService.save(userView);