From 4e54d9f27097ec9f027fd0d6d1d03b909a95e1eb Mon Sep 17 00:00:00 2001 From: Shane Melton Date: Tue, 23 Aug 2022 10:45:29 -0700 Subject: [PATCH] [EC-451] Org Admin Refresh Permissions Refactor (#3320) * [EC-451] Update new org permissions for new tabs * [EC-451] Remove redudant route guards * [EC-451] Remove canAccessManageTab() * [EC-451] Use canAccess* callbacks in org routing module --- .../organization-billing-routing.module.ts | 9 +---- .../layouts/organization-layout.component.ts | 16 +++++--- .../organizations/navigation-permissions.ts | 38 ++++++++++--------- .../organization-routing.module.ts | 12 ++++-- .../organization-reporting-routing.module.ts | 14 +------ .../organizations-routing.module.ts | 5 --- 6 files changed, 43 insertions(+), 51 deletions(-) diff --git a/apps/web/src/app/organizations/billing/organization-billing-routing.module.ts b/apps/web/src/app/organizations/billing/organization-billing-routing.module.ts index f2ac8053d82..f55470bbf4c 100644 --- a/apps/web/src/app/organizations/billing/organization-billing-routing.module.ts +++ b/apps/web/src/app/organizations/billing/organization-billing-routing.module.ts @@ -1,10 +1,9 @@ import { NgModule } from "@angular/core"; import { RouterModule, Routes } from "@angular/router"; -import { Organization } from "@bitwarden/common/models/domain/organization"; - import { PaymentMethodComponent } from "../../settings/payment-method.component"; import { OrganizationPermissionsGuard } from "../guards/org-permissions.guard"; +import { canAccessBillingTab } from "../navigation-permissions"; import { OrgBillingHistoryViewComponent } from "./organization-billing-history-view.component"; import { OrganizationBillingTabComponent } from "./organization-billing-tab.component"; @@ -15,7 +14,7 @@ const routes: Routes = [ path: "", component: OrganizationBillingTabComponent, canActivate: [OrganizationPermissionsGuard], - data: { organizationPermissions: (org: Organization) => org.canManageBilling }, + data: { organizationPermissions: canAccessBillingTab }, children: [ { path: "", pathMatch: "full", redirectTo: "subscription" }, { @@ -26,19 +25,15 @@ const routes: Routes = [ { path: "payment-method", component: PaymentMethodComponent, - canActivate: [OrganizationPermissionsGuard], data: { titleId: "paymentMethod", - organizationPermissions: (org: Organization) => org.canManageBilling, }, }, { path: "history", component: OrgBillingHistoryViewComponent, - canActivate: [OrganizationPermissionsGuard], data: { titleId: "billingHistory", - organizationPermissions: (org: Organization) => org.canManageBilling, }, }, ], diff --git a/apps/web/src/app/organizations/layouts/organization-layout.component.ts b/apps/web/src/app/organizations/layouts/organization-layout.component.ts index 446eb118e8c..107fef459a9 100644 --- a/apps/web/src/app/organizations/layouts/organization-layout.component.ts +++ b/apps/web/src/app/organizations/layouts/organization-layout.component.ts @@ -5,7 +5,13 @@ import { BroadcasterService } from "@bitwarden/common/abstractions/broadcaster.s import { OrganizationService } from "@bitwarden/common/abstractions/organization.service"; import { Organization } from "@bitwarden/common/models/domain/organization"; -import { canAccessSettingsTab } from "../navigation-permissions"; +import { + canAccessBillingTab, + canAccessGroupsTab, + canAccessMembersTab, + canAccessReportingTab, + canAccessSettingsTab, +} from "../navigation-permissions"; const BroadcasterSubscriptionId = "OrganizationLayoutComponent"; @@ -55,19 +61,19 @@ export class OrganizationLayoutComponent implements OnInit, OnDestroy { } get showMembersTab(): boolean { - return this.organization.canManageUsers; + return canAccessMembersTab(this.organization); } get showGroupsTab(): boolean { - return this.organization.canManageGroups; + return canAccessGroupsTab(this.organization); } get showReportsTab(): boolean { - return this.organization.canAccessReports; + return canAccessReportingTab(this.organization); } get showBillingTab(): boolean { - return this.organization.canManageBilling; + return canAccessBillingTab(this.organization); } get reportTabLabel(): string { diff --git a/apps/web/src/app/organizations/navigation-permissions.ts b/apps/web/src/app/organizations/navigation-permissions.ts index 903efbdee2e..3c44e90957d 100644 --- a/apps/web/src/app/organizations/navigation-permissions.ts +++ b/apps/web/src/app/organizations/navigation-permissions.ts @@ -1,29 +1,31 @@ import { Organization } from "@bitwarden/common/models/domain/organization"; -export function canAccessToolsTab(org: Organization): boolean { - return org.canAccessImportExport || org.canAccessReports; +export function canAccessMembersTab(org: Organization): boolean { + return org.canManageUsers || org.canManageUsersPassword; +} + +export function canAccessGroupsTab(org: Organization): boolean { + return org.canManageGroups; +} + +export function canAccessReportingTab(org: Organization): boolean { + return org.canAccessReports || org.canAccessEventLogs; +} + +export function canAccessBillingTab(org: Organization): boolean { + return org.canManageBilling; } export function canAccessSettingsTab(org: Organization): boolean { return org.isOwner; } -export function canAccessManageTab(org: Organization): boolean { +export function canAccessOrgAdmin(org: Organization): boolean { return ( - org.canCreateNewCollections || - org.canEditAnyCollection || - org.canDeleteAnyCollection || - org.canEditAssignedCollections || - org.canDeleteAssignedCollections || - org.canAccessEventLogs || - org.canManageGroups || - org.canManageUsers || - org.canManagePolicies || - org.canManageSso || - org.canManageScim + canAccessMembersTab(org) || + canAccessGroupsTab(org) || + canAccessReportingTab(org) || + canAccessBillingTab(org) || + canAccessSettingsTab(org) ); } - -export function canAccessOrgAdmin(org: Organization): boolean { - return canAccessToolsTab(org) || canAccessSettingsTab(org) || canAccessManageTab(org); -} diff --git a/apps/web/src/app/organizations/organization-routing.module.ts b/apps/web/src/app/organizations/organization-routing.module.ts index db7244eef72..3466ae28a7b 100644 --- a/apps/web/src/app/organizations/organization-routing.module.ts +++ b/apps/web/src/app/organizations/organization-routing.module.ts @@ -2,13 +2,17 @@ import { NgModule } from "@angular/core"; import { RouterModule, Routes } from "@angular/router"; import { AuthGuard } from "@bitwarden/angular/guards/auth.guard"; -import { Organization } from "@bitwarden/common/models/domain/organization"; import { OrganizationPermissionsGuard } from "./guards/org-permissions.guard"; import { OrganizationLayoutComponent } from "./layouts/organization-layout.component"; import { GroupsComponent } from "./manage/groups.component"; import { PeopleComponent } from "./manage/people.component"; -import { canAccessOrgAdmin, canAccessSettingsTab } from "./navigation-permissions"; +import { + canAccessGroupsTab, + canAccessMembersTab, + canAccessOrgAdmin, + canAccessSettingsTab, +} from "./navigation-permissions"; import { AccountComponent } from "./settings/account.component"; import { SettingsComponent } from "./settings/settings.component"; import { TwoFactorSetupComponent } from "./settings/two-factor-setup.component"; @@ -49,7 +53,7 @@ const routes: Routes = [ canActivate: [OrganizationPermissionsGuard], data: { titleId: "members", - organizationPermissions: (org: Organization) => org.canManageUsers, + organizationPermissions: canAccessMembersTab, }, }, { @@ -58,7 +62,7 @@ const routes: Routes = [ canActivate: [OrganizationPermissionsGuard], data: { titleId: "groups", - organizationPermissions: (org: Organization) => org.canManageGroups, + organizationPermissions: canAccessGroupsTab, }, }, { diff --git a/apps/web/src/app/organizations/reporting/organization-reporting-routing.module.ts b/apps/web/src/app/organizations/reporting/organization-reporting-routing.module.ts index 5b05aefbb65..88e3e25c9d1 100644 --- a/apps/web/src/app/organizations/reporting/organization-reporting-routing.module.ts +++ b/apps/web/src/app/organizations/reporting/organization-reporting-routing.module.ts @@ -5,6 +5,7 @@ import { Organization } from "@bitwarden/common/models/domain/organization"; import { OrganizationPermissionsGuard } from "../guards/org-permissions.guard"; import { EventsComponent } from "../manage/events.component"; +import { canAccessReportingTab } from "../navigation-permissions"; import { ExposedPasswordsReportComponent } from "../tools/exposed-passwords-report.component"; import { InactiveTwoFactorReportComponent } from "../tools/inactive-two-factor-report.component"; import { ReusedPasswordsReportComponent } from "../tools/reused-passwords-report.component"; @@ -19,7 +20,7 @@ const routes: Routes = [ path: "", component: ReportingComponent, canActivate: [OrganizationPermissionsGuard], - data: { organizationPermissions: (org: Organization) => org.canAccessReports }, + data: { organizationPermissions: canAccessReportingTab }, children: [ { path: "", pathMatch: "full", redirectTo: "reports" }, { @@ -28,52 +29,41 @@ const routes: Routes = [ canActivate: [OrganizationPermissionsGuard], data: { titleId: "reports", - organizationPermissions: (org: Organization) => org.canAccessReports, }, children: [ { path: "exposed-passwords-report", component: ExposedPasswordsReportComponent, - canActivate: [OrganizationPermissionsGuard], data: { titleId: "exposedPasswordsReport", - organizationPermissions: (org: Organization) => org.canAccessReports, }, }, { path: "inactive-two-factor-report", component: InactiveTwoFactorReportComponent, - canActivate: [OrganizationPermissionsGuard], data: { titleId: "inactive2faReport", - organizationPermissions: (org: Organization) => org.canAccessReports, }, }, { path: "reused-passwords-report", component: ReusedPasswordsReportComponent, - canActivate: [OrganizationPermissionsGuard], data: { titleId: "reusedPasswordsReport", - organizationPermissions: (org: Organization) => org.canAccessReports, }, }, { path: "unsecured-websites-report", component: UnsecuredWebsitesReportComponent, - canActivate: [OrganizationPermissionsGuard], data: { titleId: "unsecuredWebsitesReport", - organizationPermissions: (org: Organization) => org.canAccessReports, }, }, { path: "weak-passwords-report", component: WeakPasswordsReportComponent, - canActivate: [OrganizationPermissionsGuard], data: { titleId: "weakPasswordsReport", - organizationPermissions: (org: Organization) => org.canAccessReports, }, }, ], diff --git a/bitwarden_license/bit-web/src/app/organizations/organizations-routing.module.ts b/bitwarden_license/bit-web/src/app/organizations/organizations-routing.module.ts index 525ad0f18d5..5b422365e61 100644 --- a/bitwarden_license/bit-web/src/app/organizations/organizations-routing.module.ts +++ b/bitwarden_license/bit-web/src/app/organizations/organizations-routing.module.ts @@ -7,7 +7,6 @@ import { Organization } from "@bitwarden/common/models/domain/organization"; import { OrganizationPermissionsGuard } from "src/app/organizations/guards/org-permissions.guard"; import { OrganizationLayoutComponent } from "src/app/organizations/layouts/organization-layout.component"; import { ManageComponent } from "src/app/organizations/manage/manage.component"; -import { canAccessManageTab } from "src/app/organizations/navigation-permissions"; import { ScimComponent } from "./manage/scim.component"; import { SsoComponent } from "./manage/sso.component"; @@ -21,10 +20,6 @@ const routes: Routes = [ { path: "manage", component: ManageComponent, - canActivate: [OrganizationPermissionsGuard], - data: { - organizationPermissions: canAccessManageTab, - }, children: [ { path: "sso",