[PM-12281] [PM-12301] [PM-12306] [PM-12334] Move delete item permission to Can Manage (#11289)

* Added inputs to the view and edit component to disable or remove the delete button when a user does not have manage rights * Refactored editByCipherId to receive cipherview object * Fixed issue where adding an item on the individual vault throws a null reference * Fixed issue where adding an item on the AC vault throws a null reference * Allow delete in unassigned collection * created reusable service to check if a user has delete permission on an item * Registered service * Used authorizationservice on the browser and desktop Only display the delete button when a user has delete permission * Added comments to the service * Passed active collectionId to add edit component renamed constructor parameter * restored input property used by the web * Fixed dependency issue * Fixed dependency issue * Fixed dependency issue * Modified service to cater for org vault * Updated to include new dependency * Updated components to use the observable * Added check on the cli to know if user has rights to delete an item * Renamed abstraction and renamed implementation to include Default Fixed permission issues * Fixed test to reflect changes in implementation * Modified base classes to use new naming Passed new parameters for the canDeleteCipher * Modified base classes to use new naming Made changes from base class * Desktop changes Updated reference naming * cli changes Updated reference naming Passed new parameters for the canDeleteCipher$ * Updated references * browser changes Updated reference naming Passed new parameters for the canDeleteCipher$ * Modified cipher form dialog to take in active collection id used canDeleteCipher$ on the vault item dialog to disable the delete button when user does not have the required permissions * Fix number of arguments issue * Added active collection id * Updated canDeleteCipher$ arguments * Updated to pass the cipher object * Fixed up refrences and comments * Updated dependency * updated check to canEditUnassignedCiphers * Fixed unit tests * Removed activeCollectionId from cipher form * Fixed issue where bulk delete option shows for can edit users * Fix null reference when checking if a cipher belongs to the unassigned collection * Fixed bug where allowedCollection passed is undefined * Modified cipher by adding a isAdminConsoleAction argument to tell when a reuqest comes from the admin console * Passed isAdminConsoleAction as true when request is from the admin console
2025-12-14 15:23:33 +00:00 · 2024-10-22 15:15:15 +02:00
parent 470ddf79ab
commit 4a30782939
39 changed files with 551 additions and 58 deletions
--- a/apps/web/src/app/vault/components/vault-item-dialog/vault-item-dialog.component.ts
+++ b/apps/web/src/app/vault/components/vault-item-dialog/vault-item-dialog.component.ts
@@ -2,7 +2,7 @@ import { DIALOG_DATA, DialogRef } from "@angular/cdk/dialog";
 import { CommonModule } from "@angular/common";
 import { Component, ElementRef, Inject, OnDestroy, OnInit, ViewChild } from "@angular/core";
 import { Router } from "@angular/router";
-import { firstValueFrom, Subject } from "rxjs";
+import { firstValueFrom, Observable, Subject } from "rxjs";
 import { map } from "rxjs/operators";

 import { CollectionView } from "@bitwarden/admin-console/common";
@@ -12,12 +12,13 @@ import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abs
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
-import { CipherId } from "@bitwarden/common/types/guid";
+import { CipherId, CollectionId } from "@bitwarden/common/types/guid";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { PremiumUpgradePromptService } from "@bitwarden/common/vault/abstractions/premium-upgrade-prompt.service";
 import { ViewPasswordHistoryService } from "@bitwarden/common/vault/abstractions/view-password-history.service";
 import { CipherType } from "@bitwarden/common/vault/enums";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
+import { CipherAuthorizationService } from "@bitwarden/common/vault/services/cipher-authorization.service";
 import {
  AsyncActionsModule,
  ButtonModule,
@@ -63,6 +64,16 @@ export interface VaultItemDialogParams {
   * If true, the "edit" button will be disabled in the dialog.
   */
  disableForm?: boolean;
+
+  /**
+   * The ID of the active collection. This is know the collection filter selected by the user.
+   */
+  activeCollectionId?: CollectionId;
+
+  /**
+   * If true, the dialog is being opened from the admin console.
+   */
+  isAdminConsoleAction?: boolean;
 }

 export enum VaultItemDialogResult {
@@ -204,6 +215,8 @@ export class VaultItemDialogComponent implements OnInit, OnDestroy {

  protected formConfig: CipherFormConfig = this.params.formConfig;

+  protected canDeleteCipher$: Observable<boolean>;
+
  constructor(
    @Inject(DIALOG_DATA) protected params: VaultItemDialogParams,
    private dialogRef: DialogRef<VaultItemDialogResult>,
@@ -217,6 +230,7 @@ export class VaultItemDialogComponent implements OnInit, OnDestroy {
    private router: Router,
    private billingAccountProfileStateService: BillingAccountProfileStateService,
    private premiumUpgradeService: PremiumUpgradePromptService,
+    private cipherAuthorizationService: CipherAuthorizationService,
  ) {
    this.updateTitle();
  }
@@ -231,6 +245,12 @@ export class VaultItemDialogComponent implements OnInit, OnDestroy {
      this.organization = this.formConfig.organizations.find(
        (o) => o.id === this.cipher.organizationId,
      );
+
+      this.canDeleteCipher$ = this.cipherAuthorizationService.canDeleteCipher$(
+        this.cipher,
+        [this.params.activeCollectionId],
+        this.params.isAdminConsoleAction,
+      );
    }

    this.performingInitialLoad = false;