Org permission guards for accessing reports and displaying access intelligence (#15060)

2025-12-11 05:43:41 +00:00 · 2025-07-01 13:58:12 -04:00
parent 4cb80b4a03
commit 832e4b16f0
3 changed files with 5 additions and 2 deletions
--- a/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.html
+++ b/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.html
@@ -4,7 +4,7 @@
    <org-switcher [filter]="orgFilter" [hideNewButton]="hideNewOrgButton$ | async"></org-switcher>
    <bit-nav-group
      icon="bwi-filter"
-      *ngIf="organization.useRiskInsights"
+      *ngIf="organization.useRiskInsights && organization.canAccessReports"
      [text]="'accessIntelligence' | i18n"
      route="access-intelligence"
    >
--- a/bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts
@@ -79,6 +79,7 @@ const routes: Routes = [
      },
      {
        path: "access-intelligence",
+        canActivate: [organizationPermissionsGuard((org) => org.canAccessReports)],
        loadChildren: () =>
          import("../../dirt/access-intelligence/access-intelligence.module").then(
            (m) => m.AccessIntelligenceModule,
--- a/bitwarden_license/bit-web/src/app/dirt/access-intelligence/access-intelligence-routing.module.ts
+++ b/bitwarden_license/bit-web/src/app/dirt/access-intelligence/access-intelligence-routing.module.ts
@@ -9,7 +9,9 @@ const routes: Routes = [
  { path: "", pathMatch: "full", redirectTo: "risk-insights" },
  {
    path: "risk-insights",
-    canActivate: [organizationPermissionsGuard((org) => org.useRiskInsights)],
+    canActivate: [
+      organizationPermissionsGuard((org) => org.useRiskInsights && org.canAccessReports),
+    ],
    component: RiskInsightsComponent,
    data: {
      titleId: "RiskInsights",