bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-10 13:23:34 +00:00
Code Issues Releases Wiki Activity

[PM-15506] Implement vNextOrganizationService (#12839)

Browse Source 
* [PM-15506] Wire up vNextOrganizationService for libs/common and libs/angular (#12683)

* Wire up vNextOrganizationService in PolicyService

* Wire vNextOrganizationService in SyncService

* wire vNextOrganizationService for EventCollectionService

* wire vNextOrganizationService for KeyConnectorService

* wire up vNextOrganizationService for CipherAuthorizationService

* Wire up vNextOrganizationService in PolicyService

* Wire vNextOrganizationService in SyncService

* wire vNextOrganizationService for EventCollectionService

* wire vNextOrganizationService for KeyConnectorService

* wire up vNextOrganizationService for CipherAuthorizationService

* wire vNextOrganizationService for share.component

* wire vNextOrganizationService for collections.component

* wire vNextOrganizationServcie for add-account-credit-dialog

* wire vNextOrganizationService for vault-filter.service

* fix browser errors for vNextOrganizationService implementation in libs

* fix desktop errors for vNextOrganizationService implementation for libs

* fix linter errors

* fix CLI errors on vNextOrganizationServcie implementations for libs

* [PM-15506] Wire up vNextOrganizationService for web client (#12810)

PR to a feature branch, no need to review until this goes to main.

* implement vNextOrganization service for browser client (#12844)

PR to feature branch, no need for review yet.

* wire vNextOrganizationService for licence and some web router guards

* wire vNextOrganizationService in tests

* remove vNext notation for OrganizationService and related

* Merge branch 'main' into ac/pm-15506-vNextOrganizationService

* fix tsstrict error

* fix test, fix ts strict error
This commit is contained in:
Brandon Treston
2025-01-22 15:20:25 -05:00
committed by GitHub
parent ba4d762dc1
commit a949f793ed
163 changed files with 1972 additions and 1246 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
libs/common/src/admin-console/abstractions/organization/organization.service.abstraction.ts
View File

@@ -57,14 +57,6 @@ export function getOrganizationById(id: string) {
return map<Organization[], Organization | undefined>((orgs) => orgs.find((o) => o.id === id));
}
/**
* Returns `true` if a user is a member of an organization (rather than only being a ProviderUser)
* @deprecated Use organizationService.organizations$ with a filter instead
*/
export function isMember(org: Organization): boolean {
return org.isMember;
}
/**
* Publishes an observable stream of organizations. This service is meant to
* be used widely across Bitwarden as the primary way of fetching organizations.
@@ -73,41 +65,23 @@ export function isMember(org: Organization): boolean {
*/
export abstract class OrganizationService {
/**
* Publishes state for all organizations under the active user.
* Publishes state for all organizations under the specified user.
* @returns An observable list of organizations
*/
organizations$: Observable<Organization[]>;
organizations$: (userId: UserId) => Observable<Organization[]>;
// @todo Clean these up. Continuing to expand them is not recommended.
// @see https://bitwarden.atlassian.net/browse/AC-2252
memberOrganizations$: Observable<Organization[]>;
/**
* @deprecated This is currently only used in the CLI, and should not be
* used in any new calls. Use get$ instead for the time being, and we'll be
* removing this method soon. See Jira for details:
* https://bitwarden.atlassian.net/browse/AC-2252.
*/
getFromState: (id: string) => Promise<Organization>;
memberOrganizations$: (userId: UserId) => Observable<Organization[]>;
/**
* Emits true if the user can create or manage a Free Bitwarden Families sponsorship.
*/
canManageSponsorships$: Observable<boolean>;
canManageSponsorships$: (userId: UserId) => Observable<boolean>;
/**
* Emits true if any of the user's organizations have a Free Bitwarden Families sponsorship available.
*/
familySponsorshipAvailable$: Observable<boolean>;
hasOrganizations: () => Promise<boolean>;
get$: (id: string) => Observable<Organization | undefined>;
get: (id: string) => Promise<Organization>;
/**
* @deprecated This method is only used in key connector and will be removed soon as part of https://bitwarden.atlassian.net/browse/AC-2252.
*/
getAll: (userId?: string) => Promise<Organization[]>;
/**
* Publishes state for all organizations for the given user id or the active user.
*/
getAll$: (userId?: UserId) => Observable<Organization[]>;
familySponsorshipAvailable$: (userId: UserId) => Observable<boolean>;
hasOrganizations: (userId: UserId) => Observable<boolean>;
}
/**
@@ -120,20 +94,18 @@ export abstract class InternalOrganizationServiceAbstraction extends Organizatio
/**
* Replaces state for the provided organization, or creates it if not found.
* @param organization The organization state being saved.
* @param userId The userId to replace state for. Defaults to the active
* user.
* @param userId The userId to replace state for.
*/
upsert: (OrganizationData: OrganizationData) => Promise<void>;
upsert: (OrganizationData: OrganizationData, userId: UserId) => Promise<void>;
/**
* Replaces state for the entire registered organization list for the active user.
* Replaces state for the entire registered organization list for the specified user.
* You probably don't want this unless you're calling from a full sync
* operation or a logout. See `upsert` for creating & updating a single
* organization in the state.
* @param organizations A complete list of all organization state for the active
* user.
* @param userId The userId to replace state for. Defaults to the active
* @param organizations A complete list of all organization state for the provided
* user.
* @param userId The userId to replace state for.
*/
replace: (organizations: { [id: string]: OrganizationData }, userId?: UserId) => Promise<void>;
replace: (organizations: { [id: string]: OrganizationData }, userId: UserId) => Promise<void>;
}

111
libs/common/src/admin-console/abstractions/organization/vnext.organization.service.ts
View File

@@ -1,111 +0,0 @@
// FIXME: Update this file to be type safe and remove this and next line
// @ts-strict-ignore
import { map, Observable } from "rxjs";
import { UserId } from "../../../types/guid";
import { OrganizationData } from "../../models/data/organization.data";
import { Organization } from "../../models/domain/organization";
export function canAccessVaultTab(org: Organization): boolean {
return org.canViewAllCollections;
}
export function canAccessSettingsTab(org: Organization): boolean {
return (
org.isOwner ||
org.canManagePolicies ||
org.canManageSso ||
org.canManageScim ||
org.canAccessImport ||
org.canAccessExport ||
org.canManageDeviceApprovals
);
}
export function canAccessMembersTab(org: Organization): boolean {
return org.canManageUsers || org.canManageUsersPassword;
}
export function canAccessGroupsTab(org: Organization): boolean {
return org.canManageGroups;
}
export function canAccessReportingTab(org: Organization): boolean {
return org.canAccessReports || org.canAccessEventLogs;
}
export function canAccessBillingTab(org: Organization): boolean {
return org.isOwner;
}
export function canAccessOrgAdmin(org: Organization): boolean {
// Admin console can only be accessed by Owners for disabled organizations
if (!org.enabled && !org.isOwner) {
return false;
}
return (
canAccessMembersTab(org) ||
canAccessGroupsTab(org) ||
canAccessReportingTab(org) ||
canAccessBillingTab(org) ||
canAccessSettingsTab(org) ||
canAccessVaultTab(org)
);
}
export function getOrganizationById(id: string) {
return map<Organization[], Organization | undefined>((orgs) => orgs.find((o) => o.id === id));
}
/**
* Publishes an observable stream of organizations. This service is meant to
* be used widely across Bitwarden as the primary way of fetching organizations.
* Risky operations like updates are isolated to the
* internal extension `InternalOrganizationServiceAbstraction`.
*/
export abstract class vNextOrganizationService {
/**
* Publishes state for all organizations under the specified user.
* @returns An observable list of organizations
*/
organizations$: (userId: UserId) => Observable<Organization[]>;
// @todo Clean these up. Continuing to expand them is not recommended.
// @see https://bitwarden.atlassian.net/browse/AC-2252
memberOrganizations$: (userId: UserId) => Observable<Organization[]>;
/**
* Emits true if the user can create or manage a Free Bitwarden Families sponsorship.
*/
canManageSponsorships$: (userId: UserId) => Observable<boolean>;
/**
* Emits true if any of the user's organizations have a Free Bitwarden Families sponsorship available.
*/
familySponsorshipAvailable$: (userId: UserId) => Observable<boolean>;
hasOrganizations: (userId: UserId) => Observable<boolean>;
}
/**
* Big scary buttons that **update** organization state. These should only be
* called from within admin-console scoped code. Extends the base
* `OrganizationService` for easy access to `get` calls.
* @internal
*/
export abstract class vNextInternalOrganizationServiceAbstraction extends vNextOrganizationService {
/**
* Replaces state for the provided organization, or creates it if not found.
* @param organization The organization state being saved.
* @param userId The userId to replace state for.
*/
upsert: (OrganizationData: OrganizationData, userId: UserId) => Promise<void>;
/**
* Replaces state for the entire registered organization list for the specified user.
* You probably don't want this unless you're calling from a full sync
* operation or a logout. See `upsert` for creating & updating a single
* organization in the state.
* @param organizations A complete list of all organization state for the provided
* user.
* @param userId The userId to replace state for.
*/
replace: (organizations: { [id: string]: OrganizationData }, userId: UserId) => Promise<void>;
}

2
libs/common/src/admin-console/models/data/organization.data.spec.ts
View File

@@ -1,6 +1,6 @@
import { ProductTierType } from "../../../billing/enums/product-tier-type.enum";
import { OrganizationUserStatusType, OrganizationUserType } from "../../enums";
import { ORGANIZATIONS } from "../../services/organization/organization.service";
import { ORGANIZATIONS } from "../../services/organization/organization.state";
import { OrganizationData } from "./organization.data";

8
libs/common/src/admin-console/services/organization/default-vnext-organization.service.spec.ts → libs/common/src/admin-console/services/organization/default-organization.service.spec.ts
View File

@@ -6,11 +6,11 @@ import { OrganizationId, UserId } from "../../../types/guid";
import { OrganizationData } from "../../models/data/organization.data";
import { Organization } from "../../models/domain/organization";
import { DefaultvNextOrganizationService } from "./default-vnext-organization.service";
import { ORGANIZATIONS } from "./vnext-organization.state";
import { DefaultOrganizationService } from "./default-organization.service";
import { ORGANIZATIONS } from "./organization.state";
describe("OrganizationService", () => {
let organizationService: DefaultvNextOrganizationService;
let organizationService: DefaultOrganizationService;
const fakeUserId = Utils.newGuid() as UserId;
let fakeStateProvider: FakeStateProvider;
@@ -86,7 +86,7 @@ describe("OrganizationService", () => {
beforeEach(async () => {
fakeStateProvider = new FakeStateProvider(mockAccountServiceWith(fakeUserId));
organizationService = new DefaultvNextOrganizationService(fakeStateProvider);
organizationService = new DefaultOrganizationService(fakeStateProvider);
});
describe("canManageSponsorships", () => {

8
libs/common/src/admin-console/services/organization/default-vnext-organization.service.ts → libs/common/src/admin-console/services/organization/default-organization.service.ts
View File

@@ -4,11 +4,11 @@ import { map, Observable } from "rxjs";
import { StateProvider } from "../../../platform/state";
import { UserId } from "../../../types/guid";
import { vNextInternalOrganizationServiceAbstraction } from "../../abstractions/organization/vnext.organization.service";
import { InternalOrganizationServiceAbstraction } from "../../abstractions/organization/organization.service.abstraction";
import { OrganizationData } from "../../models/data/organization.data";
import { Organization } from "../../models/domain/organization";
import { ORGANIZATIONS } from "./vnext-organization.state";
import { ORGANIZATIONS } from "./organization.state";
/**
* Filter out organizations from an observable that __do not__ offer a
@@ -41,9 +41,7 @@ function mapToBooleanHasAnyOrganizations() {
return map<Organization[], boolean>((orgs) => orgs.length > 0);
}
export class DefaultvNextOrganizationService
implements vNextInternalOrganizationServiceAbstraction
{
export class DefaultOrganizationService implements InternalOrganizationServiceAbstraction {
memberOrganizations$(userId: UserId): Observable<Organization[]> {
return this.organizations$(userId).pipe(mapToExcludeProviderOrganizations());
}

324
libs/common/src/admin-console/services/organization/organization.service.spec.ts
View File

@@ -1,324 +0,0 @@
import { firstValueFrom } from "rxjs";
import { FakeAccountService, FakeStateProvider, mockAccountServiceWith } from "../../../../spec";
import { FakeActiveUserState } from "../../../../spec/fake-state";
import { Utils } from "../../../platform/misc/utils";
import { OrganizationId, UserId } from "../../../types/guid";
import { OrganizationData } from "../../models/data/organization.data";
import { Organization } from "../../models/domain/organization";
import { OrganizationService, ORGANIZATIONS } from "./organization.service";
describe("OrganizationService", () => {
let organizationService: OrganizationService;
const fakeUserId = Utils.newGuid() as UserId;
let fakeAccountService: FakeAccountService;
let fakeStateProvider: FakeStateProvider;
let fakeActiveUserState: FakeActiveUserState<Record<string, OrganizationData>>;
/**
* It is easier to read arrays than records in code, but we store a record
* in state. This helper methods lets us build organization arrays in tests
* and easily map them to records before storing them in state.
*/
function arrayToRecord(input: OrganizationData[]): Record<OrganizationId, OrganizationData> {
if (input == null) {
return undefined;
}
return Object.fromEntries(input?.map((i) => [i.id, i]));
}
/**
* There are a few assertions in this spec that check for array equality
* but want to ignore a specific index that _should_ be different. This
* function takes two arrays, and an index. It checks for equality of the
* arrays, but splices out the specified index from both arrays first.
*/
function expectIsEqualExceptForIndex(x: any[], y: any[], indexToExclude: number) {
// Clone the arrays to avoid modifying the reference values
const a = [...x];
const b = [...y];
delete a[indexToExclude];
delete b[indexToExclude];
expect(a).toEqual(b);
}
/**
* Builds a simple mock `OrganizationData[]` array that can be used in tests
* to populate state.
* @param count The number of organizations to populate the list with. The
* function returns undefined if this is less than 1. The default value is 1.
* @param suffix A string to append to data fields on each organization.
* This defaults to the index of the organization in the list.
* @returns an `OrganizationData[]` array that can be used to populate
* stateProvider.
*/
function buildMockOrganizations(count = 1, suffix?: string): OrganizationData[] {
if (count < 1) {
return undefined;
}
function buildMockOrganization(id: OrganizationId, name: string, identifier: string) {
const data = new OrganizationData({} as any, {} as any);
data.id = id;
data.name = name;
data.identifier = identifier;
return data;
}
const mockOrganizations = [];
for (let i = 0; i < count; i++) {
const s = suffix ? suffix + i.toString() : i.toString();
mockOrganizations.push(
buildMockOrganization(("org" + s) as OrganizationId, "org" + s, "orgIdentifier" + s),
);
}
return mockOrganizations;
}
/**
* `OrganizationService` deals with multiple accounts at times. This helper
* function can be used to add a new non-active account to the test data.
* This function is **not** needed to handle creation of the first account,
* as that is handled by the `FakeAccountService` in `mockAccountServiceWith()`
* @returns The `UserId` of the newly created state account and the mock data
* created for them as an `Organization[]`.
*/
async function addNonActiveAccountToStateProvider(): Promise<[UserId, OrganizationData[]]> {
const nonActiveUserId = Utils.newGuid() as UserId;
const mockOrganizations = buildMockOrganizations(10);
const fakeNonActiveUserState = fakeStateProvider.singleUser.getFake(
nonActiveUserId,
ORGANIZATIONS,
);
fakeNonActiveUserState.nextState(arrayToRecord(mockOrganizations));
return [nonActiveUserId, mockOrganizations];
}
beforeEach(async () => {
fakeAccountService = mockAccountServiceWith(fakeUserId);
fakeStateProvider = new FakeStateProvider(fakeAccountService);
fakeActiveUserState = fakeStateProvider.activeUser.getFake(ORGANIZATIONS);
organizationService = new OrganizationService(fakeStateProvider);
});
it("getAll", async () => {
const mockData: OrganizationData[] = buildMockOrganizations(1);
fakeActiveUserState.nextState(arrayToRecord(mockData));
const orgs = await organizationService.getAll();
expect(orgs).toHaveLength(1);
const org = orgs[0];
expect(org).toEqual(new Organization(mockData[0]));
});
describe("canManageSponsorships", () => {
it("can because one is available", async () => {
const mockData: OrganizationData[] = buildMockOrganizations(1);
mockData[0].familySponsorshipAvailable = true;
fakeActiveUserState.nextState(arrayToRecord(mockData));
const result = await firstValueFrom(organizationService.canManageSponsorships$);
expect(result).toBe(true);
});
it("can because one is used", async () => {
const mockData: OrganizationData[] = buildMockOrganizations(1);
mockData[0].familySponsorshipFriendlyName = "Something";
fakeActiveUserState.nextState(arrayToRecord(mockData));
const result = await firstValueFrom(organizationService.canManageSponsorships$);
expect(result).toBe(true);
});
it("can not because one isn't available or taken", async () => {
const mockData: OrganizationData[] = buildMockOrganizations(1);
mockData[0].familySponsorshipFriendlyName = null;
fakeActiveUserState.nextState(arrayToRecord(mockData));
const result = await firstValueFrom(organizationService.canManageSponsorships$);
expect(result).toBe(false);
});
});
describe("get", () => {
it("exists", async () => {
const mockData = buildMockOrganizations(1);
fakeActiveUserState.nextState(arrayToRecord(mockData));
const result = await organizationService.get(mockData[0].id);
expect(result).toEqual(new Organization(mockData[0]));
});
it("does not exist", async () => {
const result = await organizationService.get("this-org-does-not-exist");
expect(result).toBe(undefined);
});
});
describe("organizations$", () => {
describe("null checking behavior", () => {
it("publishes an empty array if organizations in state = undefined", async () => {
const mockData: OrganizationData[] = undefined;
fakeActiveUserState.nextState(arrayToRecord(mockData));
const result = await firstValueFrom(organizationService.organizations$);
expect(result).toEqual([]);
});
it("publishes an empty array if organizations in state = null", async () => {
const mockData: OrganizationData[] = null;
fakeActiveUserState.nextState(arrayToRecord(mockData));
const result = await firstValueFrom(organizationService.organizations$);
expect(result).toEqual([]);
});
it("publishes an empty array if organizations in state = []", async () => {
const mockData: OrganizationData[] = [];
fakeActiveUserState.nextState(arrayToRecord(mockData));
const result = await firstValueFrom(organizationService.organizations$);
expect(result).toEqual([]);
});
});
describe("parameter handling & returns", () => {
it("publishes all organizations for the active user by default", async () => {
const mockData = buildMockOrganizations(10);
fakeActiveUserState.nextState(arrayToRecord(mockData));
const result = await firstValueFrom(organizationService.organizations$);
expect(result).toEqual(mockData);
});
it("can be used to publish the organizations of a non active user if requested", async () => {
const activeUserMockData = buildMockOrganizations(10, "activeUserState");
fakeActiveUserState.nextState(arrayToRecord(activeUserMockData));
const [nonActiveUserId, nonActiveUserMockOrganizations] =
await addNonActiveAccountToStateProvider();
// This can be updated to use
// `firstValueFrom(organizations$(nonActiveUserId)` once all the
// promise based methods are removed from `OrganizationService` and the
// main observable is refactored to accept a userId
const result = await organizationService.getAll(nonActiveUserId);
expect(result).toEqual(nonActiveUserMockOrganizations);
expect(result).not.toEqual(await firstValueFrom(organizationService.organizations$));
});
});
});
describe("upsert()", () => {
it("can create the organization list if necassary", async () => {
// Notice that no default state is provided in this test, so the list in
// `stateProvider` will be null when the `upsert` method is called.
const mockData = buildMockOrganizations();
await organizationService.upsert(mockData[0]);
const result = await firstValueFrom(organizationService.organizations$);
expect(result).toEqual(mockData.map((x) => new Organization(x)));
});
it("updates an organization that already exists in state, defaulting to the active user", async () => {
const mockData = buildMockOrganizations(10);
fakeActiveUserState.nextState(arrayToRecord(mockData));
const indexToUpdate = 5;
const anUpdatedOrganization = {
...buildMockOrganizations(1, "UPDATED").pop(),
id: mockData[indexToUpdate].id,
};
await organizationService.upsert(anUpdatedOrganization);
const result = await firstValueFrom(organizationService.organizations$);
expect(result[indexToUpdate]).not.toEqual(new Organization(mockData[indexToUpdate]));
expect(result[indexToUpdate].id).toEqual(new Organization(mockData[indexToUpdate]).id);
expectIsEqualExceptForIndex(
result,
mockData.map((x) => new Organization(x)),
indexToUpdate,
);
});
it("can also update an organization in state for a non-active user, if requested", async () => {
const activeUserMockData = buildMockOrganizations(10, "activeUserOrganizations");
fakeActiveUserState.nextState(arrayToRecord(activeUserMockData));
const [nonActiveUserId, nonActiveUserMockOrganizations] =
await addNonActiveAccountToStateProvider();
const indexToUpdate = 5;
const anUpdatedOrganization = {
...buildMockOrganizations(1, "UPDATED").pop(),
id: nonActiveUserMockOrganizations[indexToUpdate].id,
};
await organizationService.upsert(anUpdatedOrganization, nonActiveUserId);
// This can be updated to use
// `firstValueFrom(organizations$(nonActiveUserId)` once all the
// promise based methods are removed from `OrganizationService` and the
// main observable is refactored to accept a userId
const result = await organizationService.getAll(nonActiveUserId);
expect(result[indexToUpdate]).not.toEqual(
new Organization(nonActiveUserMockOrganizations[indexToUpdate]),
);
expect(result[indexToUpdate].id).toEqual(
new Organization(nonActiveUserMockOrganizations[indexToUpdate]).id,
);
expectIsEqualExceptForIndex(
result,
nonActiveUserMockOrganizations.map((x) => new Organization(x)),
indexToUpdate,
);
// Just to be safe, lets make sure the active user didn't get updated
// at all
const activeUserState = await firstValueFrom(organizationService.organizations$);
expect(activeUserState).toEqual(activeUserMockData.map((x) => new Organization(x)));
expect(activeUserState).not.toEqual(result);
});
});
describe("replace()", () => {
it("replaces the entire organization list in state, defaulting to the active user", async () => {
const originalData = buildMockOrganizations(10);
fakeActiveUserState.nextState(arrayToRecord(originalData));
const newData = buildMockOrganizations(10, "newData");
await organizationService.replace(arrayToRecord(newData));
const result = await firstValueFrom(organizationService.organizations$);
expect(result).toEqual(newData);
expect(result).not.toEqual(originalData);
});
// This is more or less a test for logouts
it("can replace state with null", async () => {
const originalData = buildMockOrganizations(2);
fakeActiveUserState.nextState(arrayToRecord(originalData));
await organizationService.replace(null);
const result = await firstValueFrom(organizationService.organizations$);
expect(result).toEqual([]);
expect(result).not.toEqual(originalData);
});
it("can also replace state for a non-active user, if requested", async () => {
const activeUserMockData = buildMockOrganizations(10, "activeUserOrganizations");
fakeActiveUserState.nextState(arrayToRecord(activeUserMockData));
const [nonActiveUserId, originalOrganizations] = await addNonActiveAccountToStateProvider();
const newData = buildMockOrganizations(10, "newData");
await organizationService.replace(arrayToRecord(newData), nonActiveUserId);
// This can be updated to use
// `firstValueFrom(organizations$(nonActiveUserId)` once all the
// promise based methods are removed from `OrganizationService` and the
// main observable is refactored to accept a userId
const result = await organizationService.getAll(nonActiveUserId);
expect(result).toEqual(newData);
expect(result).not.toEqual(originalOrganizations);
// Just to be safe, lets make sure the active user didn't get updated
// at all
const activeUserState = await firstValueFrom(organizationService.organizations$);
expect(activeUserState).toEqual(activeUserMockData.map((x) => new Organization(x)));
expect(activeUserState).not.toEqual(result);
});
});
});

160
libs/common/src/admin-console/services/organization/organization.service.ts
View File

@@ -1,160 +0,0 @@
// FIXME: Update this file to be type safe and remove this and next line
// @ts-strict-ignore
import { map, Observable, firstValueFrom } from "rxjs";
import { Jsonify } from "type-fest";
import { ORGANIZATIONS_DISK, StateProvider, UserKeyDefinition } from "../../../platform/state";
import { UserId } from "../../../types/guid";
import { InternalOrganizationServiceAbstraction } from "../../abstractions/organization/organization.service.abstraction";
import { OrganizationData } from "../../models/data/organization.data";
import { Organization } from "../../models/domain/organization";
/**
* The `KeyDefinition` for accessing organization lists in application state.
* @todo Ideally this wouldn't require a `fromJSON()` call, but `OrganizationData`
* has some properties that contain functions. This should probably get
* cleaned up.
*/
export const ORGANIZATIONS = UserKeyDefinition.record<OrganizationData>(
ORGANIZATIONS_DISK,
"organizations",
{
deserializer: (obj: Jsonify<OrganizationData>) => OrganizationData.fromJSON(obj),
clearOn: ["logout"],
},
);
/**
* Filter out organizations from an observable that __do not__ offer a
* families-for-enterprise sponsorship to members.
* @returns a function that can be used in `Observable<Organization[]>` pipes,
* like `organizationService.organizations$`
*/
function mapToExcludeOrganizationsWithoutFamilySponsorshipSupport() {
return map<Organization[], Organization[]>((orgs) => orgs.filter((o) => o.canManageSponsorships));
}
/**
* Filter out organizations from an observable that the organization user
* __is not__ a direct member of. This will exclude organizations only
* accessible as a provider.
* @returns a function that can be used in `Observable<Organization[]>` pipes,
* like `organizationService.organizations$`
*/
function mapToExcludeProviderOrganizations() {
return map<Organization[], Organization[]>((orgs) => orgs.filter((o) => o.isMember));
}
/**
* Map an observable stream of organizations down to a boolean indicating
* if any organizations exist (`orgs.length > 0`).
* @returns a function that can be used in `Observable<Organization[]>` pipes,
* like `organizationService.organizations$`
*/
function mapToBooleanHasAnyOrganizations() {
return map<Organization[], boolean>((orgs) => orgs.length > 0);
}
/**
* Map an observable stream of organizations down to a single organization.
* @param `organizationId` The ID of the organization you'd like to subscribe to
* @returns a function that can be used in `Observable<Organization[]>` pipes,
* like `organizationService.organizations$`
*/
function mapToSingleOrganization(organizationId: string) {
return map<Organization[], Organization>((orgs) => orgs?.find((o) => o.id === organizationId));
}
export class OrganizationService implements InternalOrganizationServiceAbstraction {
organizations$: Observable<Organization[]> = this.getOrganizationsFromState$();
memberOrganizations$: Observable<Organization[]> = this.organizations$.pipe(
mapToExcludeProviderOrganizations(),
);
constructor(private stateProvider: StateProvider) {}
get$(id: string): Observable<Organization | undefined> {
return this.organizations$.pipe(mapToSingleOrganization(id));
}
getAll$(userId?: UserId): Observable<Organization[]> {
return this.getOrganizationsFromState$(userId);
}
async getAll(userId?: string): Promise<Organization[]> {
return await firstValueFrom(this.getOrganizationsFromState$(userId as UserId));
}
canManageSponsorships$ = this.organizations$.pipe(
mapToExcludeOrganizationsWithoutFamilySponsorshipSupport(),
mapToBooleanHasAnyOrganizations(),
);
familySponsorshipAvailable$ = this.organizations$.pipe(
map((orgs) => orgs.some((o) => o.familySponsorshipAvailable)),
);
async hasOrganizations(): Promise<boolean> {
return await firstValueFrom(this.organizations$.pipe(mapToBooleanHasAnyOrganizations()));
}
async upsert(organization: OrganizationData, userId?: UserId): Promise<void> {
await this.stateFor(userId).update((existingOrganizations) => {
const organizations = existingOrganizations ?? {};
organizations[organization.id] = organization;
return organizations;
});
}
async get(id: string): Promise<Organization> {
return await firstValueFrom(this.organizations$.pipe(mapToSingleOrganization(id)));
}
/**
* @deprecated For the CLI only
* @param id id of the organization
*/
async getFromState(id: string): Promise<Organization> {
return await firstValueFrom(this.organizations$.pipe(mapToSingleOrganization(id)));
}
async replace(organizations: { [id: string]: OrganizationData }, userId?: UserId): Promise<void> {
await this.stateFor(userId).update(() => organizations);
}
// Ideally this method would be renamed to organizations$() and the
// $organizations observable as it stands would be removed. This will
// require updates to callers, and so this method exists as a temporary
// workaround until we have time & a plan to update callers.
//
// It can be thought of as "organizations$ but with a userId option".
private getOrganizationsFromState$(userId?: UserId): Observable<Organization[] | undefined> {
return this.stateFor(userId).state$.pipe(this.mapOrganizationRecordToArray());
}
/**
* Accepts a record of `OrganizationData`, which is how we store the
* organization list as a JSON object on disk, to an array of
* `Organization`, which is how the data is published to callers of the
* service.
* @returns a function that can be used to pipe organization data from
* stored state to an exposed object easily consumable by others.
*/
private mapOrganizationRecordToArray() {
return map<Record<string, OrganizationData>, Organization[]>((orgs) =>
Object.values(orgs ?? {})?.map((o) => new Organization(o)),
);
}
/**
* Fetches the organization list from on disk state for the specified user.
* @param userId the user ID to fetch the organization list for. Defaults to
* the currently active user.
* @returns an observable of organization state as it is stored on disk.
*/
private stateFor(userId?: UserId) {
return userId
? this.stateProvider.getUser(userId, ORGANIZATIONS)
: this.stateProvider.getActive(ORGANIZATIONS);
}
}

0
libs/common/src/admin-console/services/organization/vnext-organization.state.ts → libs/common/src/admin-console/services/organization/organization.state.ts
View File

8
libs/common/src/admin-console/services/policy/policy.service.spec.ts
View File

@@ -3,7 +3,6 @@ import { firstValueFrom, of } from "rxjs";
import { FakeStateProvider, mockAccountServiceWith } from "../../../../spec";
import { FakeActiveUserState } from "../../../../spec/fake-state";
import { OrganizationService } from "../../../admin-console/abstractions/organization/organization.service.abstraction";
import {
OrganizationUserStatusType,
OrganizationUserType,
@@ -18,6 +17,7 @@ import { Policy } from "../../../admin-console/models/domain/policy";
import { ResetPasswordPolicyOptions } from "../../../admin-console/models/domain/reset-password-policy-options";
import { POLICIES, PolicyService } from "../../../admin-console/services/policy/policy.service";
import { PolicyId, UserId } from "../../../types/guid";
import { OrganizationService } from "../../abstractions/organization/organization.service.abstraction";
describe("PolicyService", () => {
const userId = "userId" as UserId;
@@ -56,9 +56,7 @@ describe("PolicyService", () => {
organization("org6", true, true, OrganizationUserStatusType.Confirmed, true),
]);
organizationService.organizations$ = organizations$;
organizationService.getAll$.mockReturnValue(organizations$);
organizationService.organizations$.mockReturnValue(organizations$);
policyService = new PolicyService(stateProvider, organizationService);
});
@@ -196,7 +194,7 @@ describe("PolicyService", () => {
describe("getResetPasswordPolicyOptions", () => {
it("default", async () => {
const result = policyService.getResetPasswordPolicyOptions(null, null);
const result = policyService.getResetPasswordPolicyOptions([], "");
expect(result).toEqual([new ResetPasswordPolicyOptions(), false]);
});

10
libs/common/src/admin-console/services/policy/policy.service.ts
View File

@@ -1,6 +1,6 @@
// FIXME: Update this file to be type safe and remove this and next line
// @ts-strict-ignore
import { combineLatest, firstValueFrom, map, Observable, of } from "rxjs";
import { combineLatest, firstValueFrom, map, Observable, of, switchMap } from "rxjs";
import { UserKeyDefinition, POLICIES_DISK, StateProvider } from "../../../platform/state";
import { PolicyId, UserId } from "../../../types/guid";
@@ -39,7 +39,11 @@ export class PolicyService implements InternalPolicyServiceAbstraction {
map((policies) => policies.filter((p) => p.type === policyType)),
);
return combineLatest([filteredPolicies$, this.organizationService.organizations$]).pipe(
const organizations$ = this.stateProvider.activeUserId$.pipe(
switchMap((userId) => this.organizationService.organizations$(userId)),
);
return combineLatest([filteredPolicies$, organizations$]).pipe(
map(
([policies, organizations]) =>
this.enforcedPolicyFilter(policies, organizations)?.at(0) ?? null,
@@ -53,7 +57,7 @@ export class PolicyService implements InternalPolicyServiceAbstraction {
map((policies) => policies.filter((p) => p.type === policyType)),
);
return combineLatest([filteredPolicies$, this.organizationService.getAll$(userId)]).pipe(
return combineLatest([filteredPolicies$, this.organizationService.organizations$(userId)]).pipe(
map(([policies, organizations]) => this.enforcedPolicyFilter(policies, organizations)),
);
}

18
libs/common/src/auth/services/key-connector.service.spec.ts
View File

@@ -1,11 +1,13 @@
import { mock } from "jest-mock-extended";
import { of } from "rxjs";
import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
// FIXME: remove `src` and fix import
// eslint-disable-next-line no-restricted-imports
import { KeyService } from "../../../../key-management/src/abstractions/key.service";
import { FakeAccountService, FakeStateProvider, mockAccountServiceWith } from "../../../spec";
import { ApiService } from "../../abstractions/api.service";
import { OrganizationService } from "../../admin-console/abstractions/organization/organization.service.abstraction";
import { OrganizationData } from "../../admin-console/models/data/organization.data";
import { Organization } from "../../admin-console/models/domain/organization";
import { ProfileOrganizationResponse } from "../../admin-console/models/response/profile-organization.response";
@@ -95,7 +97,7 @@ describe("KeyConnectorService", () => {
organizationData(true, false, "https://key-connector-url.com", 2, false),
organizationData(true, true, "https://other-url.com", 2, false),
];
organizationService.getAll.mockResolvedValue(orgs);
organizationService.organizations$.mockReturnValue(of(orgs));
// Act
const result = await keyConnectorService.getManagingOrganization();
@@ -110,7 +112,7 @@ describe("KeyConnectorService", () => {
organizationData(true, false, "https://key-connector-url.com", 2, false),
organizationData(false, false, "https://key-connector-url.com", 2, false),
];
organizationService.getAll.mockResolvedValue(orgs);
organizationService.organizations$.mockReturnValue(of(orgs));
// Act
const result = await keyConnectorService.getManagingOrganization();
@@ -125,7 +127,7 @@ describe("KeyConnectorService", () => {
organizationData(true, true, "https://key-connector-url.com", 0, false),
organizationData(true, true, "https://key-connector-url.com", 1, false),
];
organizationService.getAll.mockResolvedValue(orgs);
organizationService.organizations$.mockReturnValue(of(orgs));
// Act
const result = await keyConnectorService.getManagingOrganization();
@@ -140,7 +142,7 @@ describe("KeyConnectorService", () => {
organizationData(true, true, "https://key-connector-url.com", 2, true),
organizationData(false, true, "https://key-connector-url.com", 2, true),
];
organizationService.getAll.mockResolvedValue(orgs);
organizationService.organizations$.mockReturnValue(of(orgs));
// Act
const result = await keyConnectorService.getManagingOrganization();
@@ -181,7 +183,7 @@ describe("KeyConnectorService", () => {
// create organization object
const data = organizationData(true, true, "https://key-connector-url.com", 2, false);
organizationService.getAll.mockResolvedValue([data]);
organizationService.organizations$.mockReturnValue(of([data]));
// uses KeyConnector
const state = stateProvider.activeUser.getFake(USES_KEY_CONNECTOR);
@@ -195,7 +197,7 @@ describe("KeyConnectorService", () => {
it("should return false if the user does not need migration", async () => {
tokenService.getIsExternal.mockResolvedValue(false);
const data = organizationData(false, false, "https://key-connector-url.com", 2, false);
organizationService.getAll.mockResolvedValue([data]);
organizationService.organizations$.mockReturnValue(of([data]));
const state = stateProvider.activeUser.getFake(USES_KEY_CONNECTOR);
state.nextState(true);
@@ -275,7 +277,7 @@ describe("KeyConnectorService", () => {
const masterKey = getMockMasterKey();
const keyConnectorRequest = new KeyConnectorUserKeyRequest(masterKey.encKeyB64);
const error = new Error("Failed to post user key to key connector");
organizationService.getAll.mockResolvedValue([organization]);
organizationService.organizations$.mockReturnValue(of([organization]));
masterPasswordService.masterKeySubject.next(masterKey);
jest.spyOn(keyConnectorService, "getManagingOrganization").mockResolvedValue(organization);

6
libs/common/src/auth/services/key-connector.service.ts
View File

@@ -3,6 +3,8 @@
import { firstValueFrom } from "rxjs";
import { LogoutReason } from "@bitwarden/auth/common";
import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
import {
Argon2KdfConfig,
KdfConfig,
@@ -12,7 +14,6 @@ import {
} from "@bitwarden/key-management";
import { ApiService } from "../../abstractions/api.service";
import { OrganizationService } from "../../admin-console/abstractions/organization/organization.service.abstraction";
import { OrganizationUserType } from "../../admin-console/enums";
import { Organization } from "../../admin-console/models/domain/organization";
import { KeysRequest } from "../../models/request/keys.request";
@@ -28,7 +29,6 @@ import {
} from "../../platform/state";
import { UserId } from "../../types/guid";
import { MasterKey } from "../../types/key";
import { AccountService } from "../abstractions/account.service";
import { KeyConnectorService as KeyConnectorServiceAbstraction } from "../abstractions/key-connector.service";
import { InternalMasterPasswordServiceAbstraction } from "../abstractions/master-password.service.abstraction";
import { TokenService } from "../abstractions/token.service";
@@ -122,7 +122,7 @@ export class KeyConnectorService implements KeyConnectorServiceAbstraction {
}
async getManagingOrganization(userId?: UserId): Promise<Organization> {
const orgs = await this.organizationService.getAll(userId);
const orgs = await firstValueFrom(this.organizationService.organizations$(userId));
return orgs.find(
(o) =>
o.keyConnectorEnabled &&

3
libs/common/src/platform/sync/core-sync.service.ts
View File

@@ -8,6 +8,7 @@ import { ApiService } from "../../abstractions/api.service";
import { AccountService } from "../../auth/abstractions/account.service";
import { AuthService } from "../../auth/abstractions/auth.service";
import { AuthenticationStatus } from "../../auth/enums/authentication-status";
import { getUserId } from "../../auth/services/account.service";
import {
SyncCipherNotification,
SyncFolderNotification,
@@ -58,7 +59,7 @@ export abstract class CoreSyncService implements SyncService {
abstract fullSync(forceSync: boolean, allowThrowOnError?: boolean): Promise<boolean>;
async getLastSync(): Promise<Date> {
const userId = await firstValueFrom(this.accountService.activeAccount$.pipe(map((a) => a?.id)));
const userId = await firstValueFrom(getUserId(this.accountService.activeAccount$));
if (userId == null) {
return null;
}

5
libs/common/src/platform/sync/default-sync.service.ts
View File

@@ -1,6 +1,6 @@
// FIXME: Update this file to be type safe and remove this and next line
// @ts-strict-ignore
import { firstValueFrom, map } from "rxjs";
import { firstValueFrom } from "rxjs";
import {
CollectionService,
@@ -34,6 +34,7 @@ import { InternalMasterPasswordServiceAbstraction } from "../../auth/abstraction
import { TokenService } from "../../auth/abstractions/token.service";
import { AuthenticationStatus } from "../../auth/enums/authentication-status";
import { ForceSetPasswordReason } from "../../auth/models/domain/force-set-password-reason";
import { getUserId } from "../../auth/services/account.service";
import { DomainSettingsService } from "../../autofill/services/domain-settings.service";
import { BillingAccountProfileStateService } from "../../billing/abstractions";
import { DomainsResponse } from "../../models/response/domains.response";
@@ -107,7 +108,7 @@ export class DefaultSyncService extends CoreSyncService {
@sequentialize(() => "fullSync")
override async fullSync(forceSync: boolean, allowThrowOnError = false): Promise<boolean> {
const userId = await firstValueFrom(this.accountService.activeAccount$.pipe(map((a) => a?.id)));
const userId = await firstValueFrom(getUserId(this.accountService.activeAccount$));
this.syncStarted();
const authStatus = await firstValueFrom(this.authService.authStatusFor$(userId));
if (authStatus === AuthenticationStatus.LoggedOut) {

36
libs/common/src/services/event/event-collection.service.ts
View File

@@ -1,11 +1,14 @@
// FIXME: Update this file to be type safe and remove this and next line
// @ts-strict-ignore
import { firstValueFrom, map, from, zip, Observable } from "rxjs";
import { firstValueFrom, map, from, zip } from "rxjs";
import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
import { getUserId } from "@bitwarden/common/auth/services/account.service";
import { EventCollectionService as EventCollectionServiceAbstraction } from "../../abstractions/event/event-collection.service";
import { EventUploadService } from "../../abstractions/event/event-upload.service";
import { OrganizationService } from "../../admin-console/abstractions/organization/organization.service.abstraction";
import { AccountService } from "../../auth/abstractions/account.service";
import { AuthService } from "../../auth/abstractions/auth.service";
import { AuthenticationStatus } from "../../auth/enums/authentication-status";
import { EventType } from "../../enums";
@@ -17,8 +20,6 @@ import { CipherView } from "../../vault/models/view/cipher.view";
import { EVENT_COLLECTION } from "./key-definitions";
export class EventCollectionService implements EventCollectionServiceAbstraction {
private orgIds$: Observable<string[]>;
constructor(
private cipherService: CipherService,
private stateProvider: StateProvider,
@@ -26,11 +27,11 @@ export class EventCollectionService implements EventCollectionServiceAbstraction
private eventUploadService: EventUploadService,
private authService: AuthService,
private accountService: AccountService,
) {
this.orgIds$ = this.organizationService.organizations$.pipe(
map((orgs) => orgs?.filter((o) => o.useEvents)?.map((x) => x.id) ?? []),
);
}
) {}
private getOrgIds = (orgs: Organization[]): string[] => {
return orgs?.filter((o) => o.useEvents)?.map((x) => x.id) ?? [];
};
/** Adds an event to the active user's event collection
* @param eventType the event type to be added
@@ -42,14 +43,15 @@ export class EventCollectionService implements EventCollectionServiceAbstraction
ciphers: CipherView[],
uploadImmediately = false,
): Promise<any> {
const userId = await firstValueFrom(this.accountService.activeAccount$.pipe(map((a) => a?.id)));
const userId = await firstValueFrom(getUserId(this.accountService.activeAccount$));
const eventStore = this.stateProvider.getUser(userId, EVENT_COLLECTION);
if (!(await this.shouldUpdate(null, eventType, ciphers))) {
return;
}
const events$ = this.orgIds$.pipe(
const events$ = this.organizationService.organizations$(userId).pipe(
map((orgs) => this.getOrgIds(orgs)),
map((orgs) =>
ciphers
.filter((c) => orgs.includes(c.organizationId))
@@ -86,7 +88,7 @@ export class EventCollectionService implements EventCollectionServiceAbstraction
uploadImmediately = false,
organizationId: string = null,
): Promise<any> {
const userId = await firstValueFrom(this.accountService.activeAccount$.pipe(map((a) => a?.id)));
const userId = await firstValueFrom(getUserId(this.accountService.activeAccount$));
const eventStore = this.stateProvider.getUser(userId, EVENT_COLLECTION);
if (!(await this.shouldUpdate(organizationId, eventType, undefined, cipherId))) {
@@ -122,8 +124,14 @@ export class EventCollectionService implements EventCollectionServiceAbstraction
): Promise<boolean> {
const cipher$ = from(this.cipherService.get(cipherId));
const userId = await firstValueFrom(getUserId(this.accountService.activeAccount$));
const orgIds$ = this.organizationService
.organizations$(userId)
.pipe(map((orgs) => this.getOrgIds(orgs)));
const [authStatus, orgIds, cipher] = await firstValueFrom(
zip(this.authService.activeAccountStatus$, this.orgIds$, cipher$),
zip(this.authService.activeAccountStatus$, orgIds$, cipher$),
);
// The user must be authorized

59
libs/common/src/vault/services/cipher-authorization.service.spec.ts
View File

@@ -1,11 +1,13 @@
import { mock } from "jest-mock-extended";
import { firstValueFrom, of } from "rxjs";
import { Observable, firstValueFrom, of } from "rxjs";
import { CollectionService, CollectionView } from "@bitwarden/admin-console/common";
import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
import { Utils } from "@bitwarden/common/platform/misc/utils";
import { CollectionId, UserId } from "@bitwarden/common/types/guid";
import { OrganizationService } from "../../admin-console/abstractions/organization/organization.service.abstraction";
import { Organization } from "../../admin-console/models/domain/organization";
import { CollectionId } from "../../types/guid";
import { FakeAccountService, mockAccountServiceWith } from "../../../spec";
import { CipherView } from "../models/view/cipher.view";
import {
@@ -18,6 +20,8 @@ describe("CipherAuthorizationService", () => {
const mockCollectionService = mock<CollectionService>();
const mockOrganizationService = mock<OrganizationService>();
const mockUserId = Utils.newGuid() as UserId;
let mockAccountService: FakeAccountService;
// Mock factories
const createMockCipher = (
@@ -42,6 +46,7 @@ describe("CipherAuthorizationService", () => {
isAdmin = false,
editAnyCollection = false,
} = {}) => ({
id: "org1",
allowAdminAccessToAllCollectionItems,
canEditAllCiphers,
canEditUnassignedCiphers,
@@ -53,9 +58,11 @@ describe("CipherAuthorizationService", () => {
beforeEach(() => {
jest.clearAllMocks();
mockAccountService = mockAccountServiceWith(mockUserId);
cipherAuthorizationService = new DefaultCipherAuthorizationService(
mockCollectionService,
mockOrganizationService,
mockAccountService,
);
});
@@ -72,7 +79,9 @@ describe("CipherAuthorizationService", () => {
it("should return true if isAdminConsoleAction is true and cipher is unassigned", (done) => {
const cipher = createMockCipher("org1", []) as CipherView;
const organization = createMockOrganization({ canEditUnassignedCiphers: true });
mockOrganizationService.get$.mockReturnValue(of(organization as Organization));
mockOrganizationService.organizations$.mockReturnValue(
of([organization]) as Observable<Organization[]>,
);
cipherAuthorizationService.canDeleteCipher$(cipher, [], true).subscribe((result) => {
expect(result).toBe(true);
@@ -83,11 +92,13 @@ describe("CipherAuthorizationService", () => {
it("should return true if isAdminConsoleAction is true and user can edit all ciphers in the org", (done) => {
const cipher = createMockCipher("org1", ["col1"]) as CipherView;
const organization = createMockOrganization({ canEditAllCiphers: true });
mockOrganizationService.get$.mockReturnValue(of(organization as Organization));
mockOrganizationService.organizations$.mockReturnValue(
of([organization]) as Observable<Organization[]>,
);
cipherAuthorizationService.canDeleteCipher$(cipher, [], true).subscribe((result) => {
expect(result).toBe(true);
expect(mockOrganizationService.get$).toHaveBeenCalledWith("org1");
expect(mockOrganizationService.organizations$).toHaveBeenCalledWith(mockUserId);
done();
});
});
@@ -95,7 +106,7 @@ describe("CipherAuthorizationService", () => {
it("should return false if isAdminConsoleAction is true but user does not have permission to edit unassigned ciphers", (done) => {
const cipher = createMockCipher("org1", []) as CipherView;
const organization = createMockOrganization({ canEditUnassignedCiphers: false });
mockOrganizationService.get$.mockReturnValue(of(organization as Organization));
mockOrganizationService.organizations$.mockReturnValue(of([organization] as Organization[]));
cipherAuthorizationService.canDeleteCipher$(cipher, [], true).subscribe((result) => {
expect(result).toBe(false);
@@ -106,8 +117,8 @@ describe("CipherAuthorizationService", () => {
it("should return true if activeCollectionId is provided and has manage permission", (done) => {
const cipher = createMockCipher("org1", ["col1", "col2"]) as CipherView;
const activeCollectionId = "col1" as CollectionId;
const org = createMockOrganization();
mockOrganizationService.get$.mockReturnValue(of(org as Organization));
const organization = createMockOrganization();
mockOrganizationService.organizations$.mockReturnValue(of([organization] as Organization[]));
const allCollections = [
createMockCollection("col1", true),
@@ -132,8 +143,8 @@ describe("CipherAuthorizationService", () => {
it("should return false if activeCollectionId is provided and manage permission is not present", (done) => {
const cipher = createMockCipher("org1", ["col1", "col2"]) as CipherView;
const activeCollectionId = "col1" as CollectionId;
const org = createMockOrganization();
mockOrganizationService.get$.mockReturnValue(of(org as Organization));
const organization = createMockOrganization();
mockOrganizationService.organizations$.mockReturnValue(of([organization] as Organization[]));
const allCollections = [
createMockCollection("col1", false),
@@ -157,8 +168,8 @@ describe("CipherAuthorizationService", () => {
it("should return true if any collection has manage permission", (done) => {
const cipher = createMockCipher("org1", ["col1", "col2", "col3"]) as CipherView;
const org = createMockOrganization();
mockOrganizationService.get$.mockReturnValue(of(org as Organization));
const organization = createMockOrganization();
mockOrganizationService.organizations$.mockReturnValue(of([organization] as Organization[]));
const allCollections = [
createMockCollection("col1", false),
@@ -182,8 +193,8 @@ describe("CipherAuthorizationService", () => {
it("should return false if no collection has manage permission", (done) => {
const cipher = createMockCipher("org1", ["col1", "col2"]) as CipherView;
const org = createMockOrganization();
mockOrganizationService.get$.mockReturnValue(of(org as Organization));
const organization = createMockOrganization();
mockOrganizationService.organizations$.mockReturnValue(of([organization] as Organization[]));
const allCollections = [
createMockCollection("col1", false),
@@ -216,7 +227,9 @@ describe("CipherAuthorizationService", () => {
it("should return true for admin users", async () => {
const cipher = createMockCipher("org1", []) as CipherView;
const organization = createMockOrganization({ isAdmin: true });
mockOrganizationService.get$.mockReturnValue(of(organization as Organization));
mockOrganizationService.organizations$.mockReturnValue(
of([organization] as Organization[]),
);
const result = await firstValueFrom(
cipherAuthorizationService.canCloneCipher$(cipher, true),
@@ -227,7 +240,9 @@ describe("CipherAuthorizationService", () => {
it("should return true for custom user with canEditAnyCollection", async () => {
const cipher = createMockCipher("org1", []) as CipherView;
const organization = createMockOrganization({ editAnyCollection: true });
mockOrganizationService.get$.mockReturnValue(of(organization as Organization));
mockOrganizationService.organizations$.mockReturnValue(
of([organization] as Organization[]),
);
const result = await firstValueFrom(
cipherAuthorizationService.canCloneCipher$(cipher, true),
@@ -240,7 +255,9 @@ describe("CipherAuthorizationService", () => {
it("should return true if at least one cipher collection has manage permission", async () => {
const cipher = createMockCipher("org1", ["col1", "col2"]) as CipherView;
const organization = createMockOrganization();
mockOrganizationService.get$.mockReturnValue(of(organization as Organization));
mockOrganizationService.organizations$.mockReturnValue(
of([organization] as Organization[]),
);
const allCollections = [
createMockCollection("col1", true),
@@ -257,7 +274,9 @@ describe("CipherAuthorizationService", () => {
it("should return false if no collection has manage permission", async () => {
const cipher = createMockCipher("org1", ["col1", "col2"]) as CipherView;
const organization = createMockOrganization();
mockOrganizationService.get$.mockReturnValue(of(organization as Organization));
mockOrganizationService.organizations$.mockReturnValue(
of([organization] as Organization[]),
);
const allCollections = [
createMockCollection("col1", false),

15
libs/common/src/vault/services/cipher-authorization.service.ts
View File

@@ -3,9 +3,10 @@
import { map, Observable, of, shareReplay, switchMap } from "rxjs";
import { CollectionService } from "@bitwarden/admin-console/common";
import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
import { CollectionId } from "@bitwarden/common/types/guid";
import { OrganizationService } from "../../admin-console/abstractions/organization/organization.service.abstraction";
import { CollectionId } from "../../types/guid";
import { Cipher } from "../models/domain/cipher";
import { CipherView } from "../models/view/cipher.view";
@@ -51,8 +52,14 @@ export class DefaultCipherAuthorizationService implements CipherAuthorizationSer
constructor(
private collectionService: CollectionService,
private organizationService: OrganizationService,
private accountService: AccountService,
) {}
private organization$ = (cipher: CipherLike) =>
this.accountService.activeAccount$.pipe(
switchMap((account) => this.organizationService.organizations$(account?.id)),
map((orgs) => orgs.find((org) => org.id === cipher.organizationId)),
);
/**
*
* {@link CipherAuthorizationService.canDeleteCipher$}
@@ -66,7 +73,7 @@ export class DefaultCipherAuthorizationService implements CipherAuthorizationSer
return of(true);
}
return this.organizationService.get$(cipher.organizationId).pipe(
return this.organization$(cipher).pipe(
switchMap((organization) => {
if (isAdminConsoleAction) {
// If the user is an admin, they can delete an unassigned cipher
@@ -104,7 +111,7 @@ export class DefaultCipherAuthorizationService implements CipherAuthorizationSer
return of(true);
}
return this.organizationService.get$(cipher.organizationId).pipe(
return this.organization$(cipher).pipe(
switchMap((organization) => {
// Admins and custom users can always clone when in the Admin Console
if (