bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-16 08:13:42 +00:00
Code Issues Releases Wiki Activity

[PM-19746] Add new permission check to browser (#14075)

Browse Source 
* add new permisssions check to browser

* add permission logic to view

* fix tests

* cleanup

* fix permissions model for CLI and desktop

* feedback
This commit is contained in:
Brandon Treston
2025-04-02 12:49:08 -04:00
committed by GitHub
parent 0d9794e968
commit 9b3c28fcea
11 changed files with 82 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
apps/cli/src/commands/restore.command.ts
View File

@@ -1,8 +1,11 @@
import { firstValueFrom } from "rxjs";
import { combineLatest, firstValueFrom, map } from "rxjs";
import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
import { getUserId } from "@bitwarden/common/auth/services/account.service";
import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
import { CipherAuthorizationService } from "@bitwarden/common/vault/services/cipher-authorization.service";
import { Response } from "../models/response";
@@ -10,6 +13,8 @@ export class RestoreCommand {
constructor(
private cipherService: CipherService,
private accountService: AccountService,
private configService: ConfigService,
private cipherAuthorizationService: CipherAuthorizationService,
) {}
async run(object: string, id: string): Promise<Response> {
@@ -27,8 +32,8 @@ export class RestoreCommand {
private async restoreCipher(id: string) {
const activeUserId = await firstValueFrom(this.accountService.activeAccount$.pipe(getUserId));
const cipher = await this.cipherService.get(id, activeUserId);
if (cipher == null) {
return Response.notFound();
}
@@ -36,6 +41,24 @@ export class RestoreCommand {
return Response.badRequest("Cipher is not in trash.");
}
const canRestore = await firstValueFrom(
combineLatest([
this.configService.getFeatureFlag$(FeatureFlag.LimitItemDeletion),
this.cipherAuthorizationService.canRestoreCipher$(cipher),
]).pipe(
map(([enabled, canRestore]) => {
if (enabled && !canRestore) {
return false;
}
return true;
}),
),
);
if (!canRestore) {
return Response.error("You do not have permission to restore this item");
}
try {
await this.cipherService.restoreWithServer(id, activeUserId);
return Response.success();