[EC-850] ProviderUser permissions should prevail over member permissions (#5162)

* Apply provider permissions even if also member * Add org.isMember * Refactor: extract syncProfileOrganizations method * Change isNotProvider logic to isMember * Fix cascading org permissions * Add memberOrganizations$ observable
2025-12-17 00:33:44 +00:00 · 2023-04-17 13:09:53 +10:00
parent fbbaf10488
commit ad0c460687
16 changed files with 99 additions and 59 deletions
--- a/libs/common/src/admin-console/services/organization/organization.service.ts
+++ b/libs/common/src/admin-console/services/organization/organization.service.ts
@@ -1,7 +1,10 @@
 import { BehaviorSubject, concatMap, map, Observable } from "rxjs";

 import { StateService } from "../../../abstractions/state.service";
-import { InternalOrganizationService as InternalOrganizationServiceAbstraction } from "../../abstractions/organization/organization.service.abstraction";
+import {
+  InternalOrganizationService as InternalOrganizationServiceAbstraction,
+  isMember,
+} from "../../abstractions/organization/organization.service.abstraction";
 import { OrganizationData } from "../../models/data/organization.data";
 import { Organization } from "../../models/domain/organization";

@@ -9,6 +12,7 @@ export class OrganizationService implements InternalOrganizationServiceAbstracti
  protected _organizations = new BehaviorSubject<Organization[]>([]);

  organizations$ = this._organizations.asObservable();
+  memberOrganizations$ = this.organizations$.pipe(map((orgs) => orgs.filter(isMember)));

  constructor(private stateService: StateService) {
    this.stateService.activeAccountUnlocked$
--- a/libs/common/src/admin-console/services/policy/policy.service.ts
+++ b/libs/common/src/admin-console/services/policy/policy.service.ts
@@ -260,7 +260,7 @@ export class PolicyService implements InternalPolicyServiceAbstraction {
    await this.stateService.setEncryptedPolicies(null, { userId: userId });
  }

-  private isExcemptFromPolicies(organization: Organization, policyType: PolicyType) {
+  private isExemptFromPolicies(organization: Organization, policyType: PolicyType) {
    if (policyType === PolicyType.MaximumVaultTimeout) {
      return organization.type === OrganizationUserType.Owner;
    }
@@ -291,7 +291,7 @@ export class PolicyService implements InternalPolicyServiceAbstraction {
        o.status >= OrganizationUserStatusType.Accepted &&
        o.usePolicies &&
        policySet.has(o.id) &&
-        !this.isExcemptFromPolicies(o, policyType)
+        !this.isExemptFromPolicies(o, policyType)
    );
  }
 }