[Policy] Personal Ownership (#213)

* Initial commit of personal ownership enforcement * Updated policy type enum * Sync'd eventType for Policy_Updated with server enum value * Added policyId to eventResponse model * Removed explicit typing
2025-12-16 16:23:44 +00:00 · 2020-12-08 10:10:15 -06:00
parent dcbd09e736
commit 2d62e10d98
4 changed files with 29 additions and 4 deletions
--- a/src/angular/components/add-edit.component.ts
+++ b/src/angular/components/add-edit.component.ts
@@ -14,6 +14,7 @@ import { CipherType } from '../../enums/cipherType';
 import { EventType } from '../../enums/eventType';
 import { FieldType } from '../../enums/fieldType';
 import { OrganizationUserStatusType } from '../../enums/organizationUserStatusType';
+import { PolicyType } from '../../enums/policyType';
 import { SecureNoteType } from '../../enums/secureNoteType';
 import { UriMatchType } from '../../enums/uriMatchType';

@@ -25,6 +26,7 @@ import { FolderService } from '../../abstractions/folder.service';
 import { I18nService } from '../../abstractions/i18n.service';
 import { MessagingService } from '../../abstractions/messaging.service';
 import { PlatformUtilsService } from '../../abstractions/platformUtils.service';
+import { PolicyService } from '../../abstractions/policy.service';
 import { StateService } from '../../abstractions/state.service';
 import { UserService } from '../../abstractions/user.service';

@@ -81,6 +83,7 @@ export class AddEditComponent implements OnInit {
    uriMatchOptions: any[];
    ownershipOptions: any[] = [];
    currentDate = new Date();
+    allowPersonal = true;

    protected writeableCollections: CollectionView[];
    private previousCipherId: string;
@@ -89,7 +92,8 @@ export class AddEditComponent implements OnInit {
        protected i18nService: I18nService, protected platformUtilsService: PlatformUtilsService,
        protected auditService: AuditService, protected stateService: StateService,
        protected userService: UserService, protected collectionService: CollectionService,
-        protected messagingService: MessagingService, protected eventService: EventService) {
+        protected messagingService: MessagingService, protected eventService: EventService,
+        protected policyService: PolicyService) {
        this.typeOptions = [
            { name: i18nService.t('typeLogin'), value: CipherType.Login },
            { name: i18nService.t('typeCard'), value: CipherType.Card },
@@ -151,12 +155,26 @@ export class AddEditComponent implements OnInit {
    }

    async init() {
+        const policies = await this.policyService.getAll(PolicyType.PersonalOwnership);
        const myEmail = await this.userService.getEmail();
        this.ownershipOptions.push({ name: myEmail, value: null });
        const orgs = await this.userService.getAllOrganizations();
        orgs.sort(Utils.getSortFunction(this.i18nService, 'name')).forEach((o) => {
            if (o.enabled && o.status === OrganizationUserStatusType.Confirmed) {
                this.ownershipOptions.push({ name: o.name, value: o.id });
+                if (policies != null && o.usePolicies && !o.isAdmin && this.allowPersonal) {
+                    for (const policy of policies) {
+                        if (policy.organizationId === o.id && policy.enabled) {
+                            this.allowPersonal = false;
+                            this.ownershipOptions.splice(0, 1);
+                            // Default to the organization who owns this policy for now (if necessary)
+                            if (this.organizationId == null) {
+                                this.organizationId = o.id;
+                            }
+                            break;
+                        }
+                    }
+                }
            }
        });
        this.writeableCollections = await this.loadCollections();
@@ -236,6 +254,12 @@ export class AddEditComponent implements OnInit {
            return false;
        }

+        if ((!this.editMode || this.cloneMode) && !this.allowPersonal && this.cipher.organizationId == null) {
+            this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
+                this.i18nService.t('personalOwnershipSubmitError'));
+            return false;
+        }
+
        if ((!this.editMode || this.cloneMode) && this.cipher.type === CipherType.Login &&
            this.cipher.login.uris != null && this.cipher.login.uris.length === 1 &&
            (this.cipher.login.uris[0].uri == null || this.cipher.login.uris[0].uri === '')) {