bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-17 16:53:34 +00:00
Code Issues Releases Wiki Activity

[EC-451] Org Admin Refresh Permissions Refactor (#3320)

Browse Source 
* [EC-451] Update new org permissions for new tabs

* [EC-451] Remove redudant route guards

* [EC-451] Remove canAccessManageTab()

* [EC-451] Use canAccess* callbacks in org routing module
This commit is contained in:
Shane Melton
2022-08-23 10:45:29 -07:00
committed by GitHub
parent 527f6f31a7
commit 4e54d9f270
6 changed files with 43 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
apps/web/src/app/organizations/billing/organization-billing-routing.module.ts
View File

@@ -1,10 +1,9 @@
import { NgModule } from "@angular/core"; import { NgModule } from "@angular/core";
import { RouterModule, Routes } from "@angular/router"; import { RouterModule, Routes } from "@angular/router";
import { Organization } from "@bitwarden/common/models/domain/organization";
import { PaymentMethodComponent } from "../../settings/payment-method.component"; import { PaymentMethodComponent } from "../../settings/payment-method.component";
import { OrganizationPermissionsGuard } from "../guards/org-permissions.guard"; import { OrganizationPermissionsGuard } from "../guards/org-permissions.guard";
import { canAccessBillingTab } from "../navigation-permissions";
import { OrgBillingHistoryViewComponent } from "./organization-billing-history-view.component"; import { OrgBillingHistoryViewComponent } from "./organization-billing-history-view.component";
import { OrganizationBillingTabComponent } from "./organization-billing-tab.component"; import { OrganizationBillingTabComponent } from "./organization-billing-tab.component";
@@ -15,7 +14,7 @@ const routes: Routes = [
path: "", path: "",
component: OrganizationBillingTabComponent, component: OrganizationBillingTabComponent,
canActivate: [OrganizationPermissionsGuard], canActivate: [OrganizationPermissionsGuard],
data: { organizationPermissions: (org: Organization) => org.canManageBilling }, data: { organizationPermissions: canAccessBillingTab },
children: [ children: [
{ path: "", pathMatch: "full", redirectTo: "subscription" }, { path: "", pathMatch: "full", redirectTo: "subscription" },
{ {
@@ -26,19 +25,15 @@ const routes: Routes = [
{ {
path: "payment-method", path: "payment-method",
component: PaymentMethodComponent, component: PaymentMethodComponent,
canActivate: [OrganizationPermissionsGuard],
data: { data: {
titleId: "paymentMethod", titleId: "paymentMethod",
organizationPermissions: (org: Organization) => org.canManageBilling,
}, },
}, },
{ {
path: "history", path: "history",
component: OrgBillingHistoryViewComponent, component: OrgBillingHistoryViewComponent,
canActivate: [OrganizationPermissionsGuard],
data: { data: {
titleId: "billingHistory", titleId: "billingHistory",
organizationPermissions: (org: Organization) => org.canManageBilling,
}, },
}, },
], ],

16
apps/web/src/app/organizations/layouts/organization-layout.component.ts
View File

@@ -5,7 +5,13 @@ import { BroadcasterService } from "@bitwarden/common/abstractions/broadcaster.s
import { OrganizationService } from "@bitwarden/common/abstractions/organization.service"; import { OrganizationService } from "@bitwarden/common/abstractions/organization.service";
import { Organization } from "@bitwarden/common/models/domain/organization"; import { Organization } from "@bitwarden/common/models/domain/organization";
import { canAccessSettingsTab } from "../navigation-permissions"; import {
canAccessBillingTab,
canAccessGroupsTab,
canAccessMembersTab,
canAccessReportingTab,
canAccessSettingsTab,
} from "../navigation-permissions";
const BroadcasterSubscriptionId = "OrganizationLayoutComponent"; const BroadcasterSubscriptionId = "OrganizationLayoutComponent";
@@ -55,19 +61,19 @@ export class OrganizationLayoutComponent implements OnInit, OnDestroy {
} }
get showMembersTab(): boolean { get showMembersTab(): boolean {
return this.organization.canManageUsers; return canAccessMembersTab(this.organization);
} }
get showGroupsTab(): boolean { get showGroupsTab(): boolean {
return this.organization.canManageGroups; return canAccessGroupsTab(this.organization);
} }
get showReportsTab(): boolean { get showReportsTab(): boolean {
return this.organization.canAccessReports; return canAccessReportingTab(this.organization);
} }
get showBillingTab(): boolean { get showBillingTab(): boolean {
return this.organization.canManageBilling; return canAccessBillingTab(this.organization);
} }
get reportTabLabel(): string { get reportTabLabel(): string {

38
apps/web/src/app/organizations/navigation-permissions.ts
View File

@@ -1,29 +1,31 @@
import { Organization } from "@bitwarden/common/models/domain/organization"; import { Organization } from "@bitwarden/common/models/domain/organization";
export function canAccessToolsTab(org: Organization): boolean { export function canAccessMembersTab(org: Organization): boolean {
return org.canAccessImportExport || org.canAccessReports; return org.canManageUsers || org.canManageUsersPassword;
}
export function canAccessGroupsTab(org: Organization): boolean {
return org.canManageGroups;
}
export function canAccessReportingTab(org: Organization): boolean {
return org.canAccessReports || org.canAccessEventLogs;
}
export function canAccessBillingTab(org: Organization): boolean {
return org.canManageBilling;
} }
export function canAccessSettingsTab(org: Organization): boolean { export function canAccessSettingsTab(org: Organization): boolean {
return org.isOwner; return org.isOwner;
} }
export function canAccessManageTab(org: Organization): boolean { export function canAccessOrgAdmin(org: Organization): boolean {
return ( return (
org.canCreateNewCollections || canAccessMembersTab(org) ||
org.canEditAnyCollection || canAccessGroupsTab(org) ||
org.canDeleteAnyCollection || canAccessReportingTab(org) ||
org.canEditAssignedCollections || canAccessBillingTab(org) ||
org.canDeleteAssignedCollections || canAccessSettingsTab(org)
org.canAccessEventLogs ||
org.canManageGroups ||
org.canManageUsers ||
org.canManagePolicies ||
org.canManageSso ||
org.canManageScim
); );
} }
export function canAccessOrgAdmin(org: Organization): boolean {
return canAccessToolsTab(org) || canAccessSettingsTab(org) || canAccessManageTab(org);
}

12
apps/web/src/app/organizations/organization-routing.module.ts
View File

@@ -2,13 +2,17 @@ import { NgModule } from "@angular/core";
import { RouterModule, Routes } from "@angular/router"; import { RouterModule, Routes } from "@angular/router";
import { AuthGuard } from "@bitwarden/angular/guards/auth.guard"; import { AuthGuard } from "@bitwarden/angular/guards/auth.guard";
import { Organization } from "@bitwarden/common/models/domain/organization";
import { OrganizationPermissionsGuard } from "./guards/org-permissions.guard"; import { OrganizationPermissionsGuard } from "./guards/org-permissions.guard";
import { OrganizationLayoutComponent } from "./layouts/organization-layout.component"; import { OrganizationLayoutComponent } from "./layouts/organization-layout.component";
import { GroupsComponent } from "./manage/groups.component"; import { GroupsComponent } from "./manage/groups.component";
import { PeopleComponent } from "./manage/people.component"; import { PeopleComponent } from "./manage/people.component";
import { canAccessOrgAdmin, canAccessSettingsTab } from "./navigation-permissions"; import {
canAccessGroupsTab,
canAccessMembersTab,
canAccessOrgAdmin,
canAccessSettingsTab,
} from "./navigation-permissions";
import { AccountComponent } from "./settings/account.component"; import { AccountComponent } from "./settings/account.component";
import { SettingsComponent } from "./settings/settings.component"; import { SettingsComponent } from "./settings/settings.component";
import { TwoFactorSetupComponent } from "./settings/two-factor-setup.component"; import { TwoFactorSetupComponent } from "./settings/two-factor-setup.component";
@@ -49,7 +53,7 @@ const routes: Routes = [
canActivate: [OrganizationPermissionsGuard], canActivate: [OrganizationPermissionsGuard],
data: { data: {
titleId: "members", titleId: "members",
organizationPermissions: (org: Organization) => org.canManageUsers, organizationPermissions: canAccessMembersTab,
}, },
}, },
{ {
@@ -58,7 +62,7 @@ const routes: Routes = [
canActivate: [OrganizationPermissionsGuard], canActivate: [OrganizationPermissionsGuard],
data: { data: {
titleId: "groups", titleId: "groups",
organizationPermissions: (org: Organization) => org.canManageGroups, organizationPermissions: canAccessGroupsTab,
}, },
}, },
{ {

14
apps/web/src/app/organizations/reporting/organization-reporting-routing.module.ts
View File

@@ -5,6 +5,7 @@ import { Organization } from "@bitwarden/common/models/domain/organization";
import { OrganizationPermissionsGuard } from "../guards/org-permissions.guard"; import { OrganizationPermissionsGuard } from "../guards/org-permissions.guard";
import { EventsComponent } from "../manage/events.component"; import { EventsComponent } from "../manage/events.component";
import { canAccessReportingTab } from "../navigation-permissions";
import { ExposedPasswordsReportComponent } from "../tools/exposed-passwords-report.component"; import { ExposedPasswordsReportComponent } from "../tools/exposed-passwords-report.component";
import { InactiveTwoFactorReportComponent } from "../tools/inactive-two-factor-report.component"; import { InactiveTwoFactorReportComponent } from "../tools/inactive-two-factor-report.component";
import { ReusedPasswordsReportComponent } from "../tools/reused-passwords-report.component"; import { ReusedPasswordsReportComponent } from "../tools/reused-passwords-report.component";
@@ -19,7 +20,7 @@ const routes: Routes = [
path: "", path: "",
component: ReportingComponent, component: ReportingComponent,
canActivate: [OrganizationPermissionsGuard], canActivate: [OrganizationPermissionsGuard],
data: { organizationPermissions: (org: Organization) => org.canAccessReports }, data: { organizationPermissions: canAccessReportingTab },
children: [ children: [
{ path: "", pathMatch: "full", redirectTo: "reports" }, { path: "", pathMatch: "full", redirectTo: "reports" },
{ {
@@ -28,52 +29,41 @@ const routes: Routes = [
canActivate: [OrganizationPermissionsGuard], canActivate: [OrganizationPermissionsGuard],
data: { data: {
titleId: "reports", titleId: "reports",
organizationPermissions: (org: Organization) => org.canAccessReports,
}, },
children: [ children: [
{ {
path: "exposed-passwords-report", path: "exposed-passwords-report",
component: ExposedPasswordsReportComponent, component: ExposedPasswordsReportComponent,
canActivate: [OrganizationPermissionsGuard],
data: { data: {
titleId: "exposedPasswordsReport", titleId: "exposedPasswordsReport",
organizationPermissions: (org: Organization) => org.canAccessReports,
}, },
}, },
{ {
path: "inactive-two-factor-report", path: "inactive-two-factor-report",
component: InactiveTwoFactorReportComponent, component: InactiveTwoFactorReportComponent,
canActivate: [OrganizationPermissionsGuard],
data: { data: {
titleId: "inactive2faReport", titleId: "inactive2faReport",
organizationPermissions: (org: Organization) => org.canAccessReports,
}, },
}, },
{ {
path: "reused-passwords-report", path: "reused-passwords-report",
component: ReusedPasswordsReportComponent, component: ReusedPasswordsReportComponent,
canActivate: [OrganizationPermissionsGuard],
data: { data: {
titleId: "reusedPasswordsReport", titleId: "reusedPasswordsReport",
organizationPermissions: (org: Organization) => org.canAccessReports,
}, },
}, },
{ {
path: "unsecured-websites-report", path: "unsecured-websites-report",
component: UnsecuredWebsitesReportComponent, component: UnsecuredWebsitesReportComponent,
canActivate: [OrganizationPermissionsGuard],
data: { data: {
titleId: "unsecuredWebsitesReport", titleId: "unsecuredWebsitesReport",
organizationPermissions: (org: Organization) => org.canAccessReports,
}, },
}, },
{ {
path: "weak-passwords-report", path: "weak-passwords-report",
component: WeakPasswordsReportComponent, component: WeakPasswordsReportComponent,
canActivate: [OrganizationPermissionsGuard],
data: { data: {
titleId: "weakPasswordsReport", titleId: "weakPasswordsReport",
organizationPermissions: (org: Organization) => org.canAccessReports,
}, },
}, },
], ],

5
bitwarden_license/bit-web/src/app/organizations/organizations-routing.module.ts
View File

@@ -7,7 +7,6 @@ import { Organization } from "@bitwarden/common/models/domain/organization";
import { OrganizationPermissionsGuard } from "src/app/organizations/guards/org-permissions.guard"; import { OrganizationPermissionsGuard } from "src/app/organizations/guards/org-permissions.guard";
import { OrganizationLayoutComponent } from "src/app/organizations/layouts/organization-layout.component"; import { OrganizationLayoutComponent } from "src/app/organizations/layouts/organization-layout.component";
import { ManageComponent } from "src/app/organizations/manage/manage.component"; import { ManageComponent } from "src/app/organizations/manage/manage.component";
import { canAccessManageTab } from "src/app/organizations/navigation-permissions";
import { ScimComponent } from "./manage/scim.component"; import { ScimComponent } from "./manage/scim.component";
import { SsoComponent } from "./manage/sso.component"; import { SsoComponent } from "./manage/sso.component";
@@ -21,10 +20,6 @@ const routes: Routes = [
{ {
path: "manage", path: "manage",
component: ManageComponent, component: ManageComponent,
canActivate: [OrganizationPermissionsGuard],
data: {
organizationPermissions: canAccessManageTab,
},
children: [ children: [
{ {
path: "sso", path: "sso",