[PM-11162] Assign To Collections Permission Update (#11367)

Only users with Manage/Edit permissions will be allowed to Assign To Collections. If the user has Can Edit Except Password the collections dropdown will be disabled. --------- Co-authored-by: Matt Bishop <mbishop@bitwarden.com> Co-authored-by: kejaeger <138028972+kejaeger@users.noreply.github.com>
2026-01-06 10:33:57 +00:00 · 2025-02-04 15:44:59 -05:00
parent 1b3bc71e50
commit 327aed9763
15 changed files with 143 additions and 142 deletions
--- a/apps/web/src/app/vault/components/vault-items/vault-cipher-row.component.ts
+++ b/apps/web/src/app/vault/components/vault-items/vault-cipher-row.component.ts
@@ -42,6 +42,7 @@ export class VaultCipherRowComponent implements OnInit {
  @Input() collections: CollectionView[];
  @Input() viewingOrgVault: boolean;
  @Input() canEditCipher: boolean;
+  @Input() canAssignCollections: boolean;
  @Input() canManageCollection: boolean;

  @Output() onEvent = new EventEmitter<VaultItemEvent>();
@@ -101,7 +102,7 @@ export class VaultCipherRowComponent implements OnInit {
  }

  protected get showAssignToCollections() {
-    return this.organizations?.length && this.canEditCipher && !this.cipher.isDeleted;
+    return this.organizations?.length && this.canAssignCollections && !this.cipher.isDeleted;
  }

  protected get showClone() {
@@ -208,6 +209,6 @@ export class VaultCipherRowComponent implements OnInit {
      return true; // Always show checkbox in individual vault or for non-org items
    }

-    return this.organization.canEditAllCiphers || this.cipher.edit;
+    return this.organization.canEditAllCiphers || (this.cipher.edit && this.cipher.viewPassword);
  }
 }
--- a/apps/web/src/app/vault/components/vault-items/vault-items.component.html
+++ b/apps/web/src/app/vault/components/vault-items/vault-items.component.html
@@ -144,6 +144,7 @@
          [collections]="allCollections"
          [checked]="selection.isSelected(item)"
          [canEditCipher]="canEditCipher(item.cipher)"
+          [canAssignCollections]="canAssignCollections(item.cipher)"
          [canManageCollection]="canManageCollection(item.cipher)"
          (checkedToggled)="selection.toggle(item)"
          (onEvent)="event($event)"
--- a/apps/web/src/app/vault/components/vault-items/vault-items.component.ts
+++ b/apps/web/src/app/vault/components/vault-items/vault-items.component.ts
@@ -236,6 +236,13 @@ export class VaultItemsComponent {
    return (organization.canEditAllCiphers && this.viewingOrgVault) || cipher.edit;
  }

+  protected canAssignCollections(cipher: CipherView) {
+    const organization = this.allOrganizations.find((o) => o.id === cipher.organizationId);
+    return (
+      (organization?.canEditAllCiphers && this.viewingOrgVault) || cipher.canAssignToCollections
+    );
+  }
+
  protected canManageCollection(cipher: CipherView) {
    // If the cipher is not part of an organization (personal item), user can manage it
    if (cipher.organizationId == null) {
@@ -461,7 +468,7 @@ export class VaultItemsComponent {
  private allCiphersHaveEditAccess(): boolean {
    return this.selection.selected
      .filter(({ cipher }) => cipher)
-      .every(({ cipher }) => cipher?.edit);
+      .every(({ cipher }) => cipher?.edit && cipher?.viewPassword);
  }

  private getUniqueOrganizationIds(): Set<string> {