[EC-850] ProviderUser permissions should prevail over member permissions (#5162)

* Apply provider permissions even if also member * Add org.isMember * Refactor: extract syncProfileOrganizations method * Change isNotProvider logic to isMember * Fix cascading org permissions * Add memberOrganizations$ observable
2025-12-15 15:53:27 +00:00 · 2023-04-17 13:09:53 +10:00
parent fbbaf10488
commit ad0c460687
16 changed files with 99 additions and 59 deletions
--- a/apps/browser/src/vault/popup/components/vault/vault-select.component.ts
+++ b/apps/browser/src/vault/popup/components/vault/vault-select.component.ts
@@ -17,11 +17,9 @@ import { BehaviorSubject, concatMap, map, merge, Observable, Subject, takeUntil

 import { I18nService } from "@bitwarden/common/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/abstractions/platformUtils.service";
-import {
-  isNotProviderUser,
-  OrganizationService,
-} from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
+import { Utils } from "@bitwarden/common/misc/utils";

 import { VaultFilterService } from "../../../services/vault-filter.service";

@@ -101,11 +99,9 @@ export class VaultSelectComponent implements OnInit, OnDestroy {
  }

  async ngOnInit() {
-    this.organizations$ = this.organizationService.organizations$
+    this.organizations$ = this.organizationService.memberOrganizations$
      .pipe(takeUntil(this._destroy))
-      .pipe(
-        map((orgs) => orgs.filter(isNotProviderUser).sort((a, b) => a.name.localeCompare(b.name)))
-      );
+      .pipe(map((orgs) => orgs.sort(Utils.getSortFunction(this.i18nService, "name"))));

    this.organizations$
      .pipe(
--- a/apps/web/src/app/admin-console/components/organization-switcher.component.ts
+++ b/apps/web/src/app/admin-console/components/organization-switcher.component.ts
@@ -4,7 +4,6 @@ import { map, Observable } from "rxjs";
 import { I18nService } from "@bitwarden/common/abstractions/i18n.service";
 import {
  canAccessAdmin,
-  isNotProviderUser,
  OrganizationService,
 } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
@@ -23,8 +22,7 @@ export class OrganizationSwitcherComponent implements OnInit {
  loaded = false;

  async ngOnInit() {
-    this.organizations$ = this.organizationService.organizations$.pipe(
-      map((orgs) => orgs.filter(isNotProviderUser)),
+    this.organizations$ = this.organizationService.memberOrganizations$.pipe(
      canAccessAdmin(this.i18nService),
      map((orgs) => orgs.sort(Utils.getSortFunction(this.i18nService, "name")))
    );
--- a/apps/web/src/app/layouts/navbar.component.ts
+++ b/apps/web/src/app/layouts/navbar.component.ts
@@ -1,12 +1,11 @@
 import { Component, OnInit } from "@angular/core";
-import { map, Observable } from "rxjs";
+import { Observable } from "rxjs";

 import { I18nService } from "@bitwarden/common/abstractions/i18n.service";
 import { MessagingService } from "@bitwarden/common/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/abstractions/platformUtils.service";
 import {
  canAccessAdmin,
-  isNotProviderUser,
  OrganizationService,
 } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { ProviderService } from "@bitwarden/common/admin-console/abstractions/provider.service";
@@ -54,8 +53,7 @@ export class NavbarComponent implements OnInit {
    }
    this.providers = await this.providerService.getAll();

-    this.organizations$ = this.organizationService.organizations$.pipe(
-      map((orgs) => orgs.filter(isNotProviderUser)),
+    this.organizations$ = this.organizationService.memberOrganizations$.pipe(
      canAccessAdmin(this.i18nService)
    );
  }
--- a/apps/web/src/app/vault/individual-vault/vault-filter/services/vault-filter.service.spec.ts
+++ b/apps/web/src/app/vault/individual-vault/vault-filter/services/vault-filter.service.spec.ts
@@ -251,6 +251,7 @@ describe("vault filter service", () => {
    org.id = id;
    org.name = name;
    org.identifier = name;
+    org.isMember = true;
    return org;
  }

--- a/apps/web/src/app/vault/individual-vault/vault-filter/services/vault-filter.service.ts
+++ b/apps/web/src/app/vault/individual-vault/vault-filter/services/vault-filter.service.ts
@@ -14,7 +14,7 @@ import {
 import { I18nService } from "@bitwarden/common/abstractions/i18n.service";
 import { StateService } from "@bitwarden/common/abstractions/state.service";
 import {
-  isNotProviderUser,
+  isMember,
  OrganizationService,
 } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
@@ -139,7 +139,7 @@ export class VaultFilterService implements VaultFilterServiceAbstraction {
    }
    if (orgs) {
      const orgNodes: TreeNode<OrganizationFilter>[] = [];
-      orgs.filter(isNotProviderUser).forEach((org) => {
+      orgs.filter(isMember).forEach((org) => {
        const orgCopy = org as OrganizationFilter;
        orgCopy.icon = "bwi-business";
        const node = new TreeNode<OrganizationFilter>(orgCopy, headNode, orgCopy.name);