bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-16 16:23:44 +00:00
Code Issues Releases Wiki Activity

Merge branch 'main' into autofill/pm-8027-inline-menu-appears-within-input-fields-that-do-not-relate-to-user-login

Browse Source
This commit is contained in:
Cesar Gonzalez
2024-06-13 11:07:48 -05:00
committed by GitHub
parent eb4925be1a e56a3386a2
commit 90098168b6
2 changed files with 16 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
apps/web/src/app/vault/org-vault/vault.component.ts
View File

@@ -311,10 +311,6 @@ export class VaultComponent implements OnInit, OnDestroy {
this.editableCollections$ = this.allCollectionsWithoutUnassigned$.pipe( this.editableCollections$ = this.allCollectionsWithoutUnassigned$.pipe(
map((collections) => { map((collections) => {
// If restricted, providers can not add items to any collections or edit those items
if (this.organization.isProviderUser && this.restrictProviderAccessEnabled) {
return [];
}
// Users that can edit all ciphers can implicitly add to / edit within any collection // Users that can edit all ciphers can implicitly add to / edit within any collection
if ( if (
this.organization.canEditAllCiphers( this.organization.canEditAllCiphers(
@@ -356,10 +352,6 @@ export class VaultComponent implements OnInit, OnDestroy {
} }
let ciphers; let ciphers;
if (organization.isProviderUser && this.restrictProviderAccessEnabled) {
return [];
}
if (this.flexibleCollectionsV1Enabled) { if (this.flexibleCollectionsV1Enabled) {
// Flexible collections V1 logic. // Flexible collections V1 logic.
// If the user can edit all ciphers for the organization then fetch them ALL. // If the user can edit all ciphers for the organization then fetch them ALL.
@@ -488,10 +480,6 @@ export class VaultComponent implements OnInit, OnDestroy {
organization$, organization$,
]).pipe( ]).pipe(
map(([filter, collection, organization]) => { map(([filter, collection, organization]) => {
if (organization.isProviderUser && this.restrictProviderAccessEnabled) {
return collection != undefined || filter.collectionId === Unassigned;
}
return ( return (
(filter.collectionId === Unassigned && (filter.collectionId === Unassigned &&
!organization.canEditUnassignedCiphers(this.restrictProviderAccessEnabled)) || !organization.canEditUnassignedCiphers(this.restrictProviderAccessEnabled)) ||

21
libs/common/src/admin-console/models/domain/organization.ts
View File

@@ -195,10 +195,18 @@ export class Organization {
} }
canEditUnassignedCiphers(restrictProviderAccessFlagEnabled: boolean) { canEditUnassignedCiphers(restrictProviderAccessFlagEnabled: boolean) {
if (this.isProviderUser) { // Providers can access items until the restrictProviderAccess flag is enabled
return !restrictProviderAccessFlagEnabled; // After the flag is enabled and removed, this block will be deleted
// so that they permanently lose access to items
if (this.isProviderUser && !restrictProviderAccessFlagEnabled) {
return true;
} }
return this.isAdmin || this.permissions.editAnyCollection;
return (
this.type === OrganizationUserType.Admin ||
this.type === OrganizationUserType.Owner ||
this.permissions.editAnyCollection
);
} }
canEditAllCiphers( canEditAllCiphers(
@@ -210,8 +218,11 @@ export class Organization {
return this.isAdmin || this.permissions.editAnyCollection; return this.isAdmin || this.permissions.editAnyCollection;
} }
if (this.isProviderUser) { // Providers can access items until the restrictProviderAccess flag is enabled
return !restrictProviderAccessFlagEnabled; // After the flag is enabled and removed, this block will be deleted
// so that they permanently lose access to items
if (this.isProviderUser && !restrictProviderAccessFlagEnabled) {
return true;
} }
// Post Flexible Collections V1, the allowAdminAccessToAllCollectionItems flag can restrict admins // Post Flexible Collections V1, the allowAdminAccessToAllCollectionItems flag can restrict admins