[PM-12740] Move CollectionAdminService to AC Team (#11269)

2025-12-22 11:13:46 +00:00 · 2024-10-02 08:07:13 +10:00
parent 8b034cda7d
commit 363acf58f9
41 changed files with 113 additions and 81 deletions
--- a/libs/admin-console/src/common/collections/models/bulk-collection-access.request.ts
+++ b/libs/admin-console/src/common/collections/models/bulk-collection-access.request.ts
@@ -0,0 +1,7 @@
+import { SelectionReadOnlyRequest } from "@bitwarden/common/admin-console/models/request/selection-read-only.request";
+
+export class BulkCollectionAccessRequest {
+  collectionIds: string[];
+  users: SelectionReadOnlyRequest[];
+  groups: SelectionReadOnlyRequest[];
+}
--- a/libs/admin-console/src/common/collections/models/collection-access-selection.view.ts
+++ b/libs/admin-console/src/common/collections/models/collection-access-selection.view.ts
@@ -0,0 +1,28 @@
+import { View } from "@bitwarden/common/models/view/view";
+
+interface SelectionResponseLike {
+  id: string;
+  readOnly: boolean;
+  hidePasswords: boolean;
+  manage: boolean;
+}
+
+export class CollectionAccessSelectionView extends View {
+  readonly id: string;
+  readonly readOnly: boolean;
+  readonly hidePasswords: boolean;
+  readonly manage: boolean;
+
+  constructor(response?: SelectionResponseLike) {
+    super();
+
+    if (!response) {
+      return;
+    }
+
+    this.id = response.id;
+    this.readOnly = response.readOnly;
+    this.hidePasswords = response.hidePasswords;
+    this.manage = response.manage;
+  }
+}
--- a/libs/admin-console/src/common/collections/models/collection-admin.view.ts
+++ b/libs/admin-console/src/common/collections/models/collection-admin.view.ts
@@ -0,0 +1,97 @@
+import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
+import { CollectionAccessDetailsResponse } from "@bitwarden/common/src/vault/models/response/collection.response";
+import { CollectionView } from "@bitwarden/common/vault/models/view/collection.view";
+
+import { CollectionAccessSelectionView } from "../models";
+
+export const Unassigned = "unassigned";
+
+export class CollectionAdminView extends CollectionView {
+  groups: CollectionAccessSelectionView[] = [];
+  users: CollectionAccessSelectionView[] = [];
+
+  /**
+   * Flag indicating the collection has no active user or group assigned to it with CanManage permissions
+   * In this case, the collection can be managed by admins/owners or custom users with appropriate permissions
+   */
+  unmanaged: boolean;
+
+  /**
+   * Flag indicating the user has been explicitly assigned to this Collection
+   */
+  assigned: boolean;
+
+  constructor(response?: CollectionAccessDetailsResponse) {
+    super(response);
+
+    if (!response) {
+      return;
+    }
+
+    this.groups = response.groups
+      ? response.groups.map((g) => new CollectionAccessSelectionView(g))
+      : [];
+
+    this.users = response.users
+      ? response.users.map((g) => new CollectionAccessSelectionView(g))
+      : [];
+
+    this.assigned = response.assigned;
+  }
+
+  /**
+   * Returns true if the user can edit a collection (including user and group access) from the Admin Console.
+   */
+  override canEdit(org: Organization): boolean {
+    return (
+      org?.canEditAnyCollection ||
+      (this.unmanaged && org?.canEditUnmanagedCollections) ||
+      super.canEdit(org)
+    );
+  }
+
+  /**
+   * Returns true if the user can delete a collection from the Admin Console.
+   */
+  override canDelete(org: Organization): boolean {
+    return org?.canDeleteAnyCollection || super.canDelete(org);
+  }
+
+  /**
+   * Whether the user can modify user access to this collection
+   */
+  canEditUserAccess(org: Organization): boolean {
+    return (
+      (org.permissions.manageUsers && org.allowAdminAccessToAllCollectionItems) || this.canEdit(org)
+    );
+  }
+
+  /**
+   * Whether the user can modify group access to this collection
+   */
+  canEditGroupAccess(org: Organization): boolean {
+    return (
+      (org.permissions.manageGroups && org.allowAdminAccessToAllCollectionItems) ||
+      this.canEdit(org)
+    );
+  }
+
+  /**
+   * Returns true if the user can view collection info and access in a read-only state from the Admin Console
+   */
+  override canViewCollectionInfo(org: Organization | undefined): boolean {
+    if (this.isUnassignedCollection) {
+      return false;
+    }
+
+    return this.manage || org?.isAdmin || org?.permissions.editAnyCollection;
+  }
+
+  /**
+   * True if this collection represents the pseudo "Unassigned" collection
+   * This is different from the "unmanaged" flag, which indicates that no users or groups have access to the collection
+   */
+  get isUnassignedCollection() {
+    return this.id === Unassigned;
+  }
+}
--- a/libs/admin-console/src/common/collections/models/index.ts
+++ b/libs/admin-console/src/common/collections/models/index.ts
@@ -0,0 +1,3 @@
+export * from "./bulk-collection-access.request";
+export * from "./collection-access-selection.view";
+export * from "./collection-admin.view";