bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-10 21:33:27 +00:00
Code Issues Releases Wiki Activity

[AC-2499] Add permission checks on bulk actions menu (#8912)

Browse Source 
* Add permission checks for org vault bulk actions

* Show checkboxes for all collections except Unassigned

* Separate individual and admin logic between CollectionView
  and CollectionAdminView

* Remove heading for error toasts per design feedback
This commit is contained in:
Thomas Rittson
2024-05-15 08:29:54 +10:00
committed by GitHub
parent 3eeafc098a
commit 6ab7336c21
9 changed files with 221 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
libs/common/src/vault/models/view/collection.view.ts
View File

@@ -61,7 +61,10 @@ export class CollectionView implements View, ITreeNodeObject {
return org?.canEditAnyCollection(false) || (org?.canEditAssignedCollections && this.assigned);
}
// For editing collection details, not the items within it.
/**
* Returns true if the user can edit a collection (including user and group access) from the individual vault.
* After FCv1, does not include admin permissions - see {@link CollectionAdminView.canEdit}.
*/
canEdit(org: Organization, flexibleCollectionsV1Enabled: boolean): boolean {
if (org != null && org.id !== this.organizationId) {
throw new Error(
@@ -69,12 +72,18 @@ export class CollectionView implements View, ITreeNodeObject {
);
}
return org?.flexibleCollections
? org?.canEditAnyCollection(flexibleCollectionsV1Enabled) || this.manage
: org?.canEditAnyCollection(flexibleCollectionsV1Enabled) || org?.canEditAssignedCollections;
if (flexibleCollectionsV1Enabled) {
// Only use individual permissions, not admin permissions
return this.manage;
}
return org?.canEditAnyCollection(flexibleCollectionsV1Enabled) || this.manage;
}
// For deleting a collection, not the items within it.
/**
* Returns true if the user can delete a collection from the individual vault.
* After FCv1, does not include admin permissions - see {@link CollectionAdminView.canDelete}.
*/
canDelete(org: Organization, flexibleCollectionsV1Enabled: boolean): boolean {
if (org != null && org.id !== this.organizationId) {
throw new Error(
@@ -83,6 +92,12 @@ export class CollectionView implements View, ITreeNodeObject {
}
const canDeleteManagedCollections = !org?.limitCollectionCreationDeletion || org.isAdmin;
if (flexibleCollectionsV1Enabled) {
// Only use individual permissions, not admin permissions
return canDeleteManagedCollections && this.manage;
}
return (
org?.canDeleteAnyCollection(flexibleCollectionsV1Enabled) ||
(canDeleteManagedCollections && this.manage)