[PM-19357] - [Defect] Unauthorised access allows limited access user to change custom hidden field of Items (#14068)

* update tests * finish tests * only disallow hidden fields for hiddenPassword users * fix failing tests * fix story * only disable hidden field option when editing
2025-12-13 23:03:32 +00:00 · 2025-04-16 11:06:40 -07:00
parent 1efdcacd16
commit defbbd586f
6 changed files with 136 additions and 4 deletions
--- a/libs/vault/src/cipher-form/components/custom-fields/custom-fields.component.html
+++ b/libs/vault/src/cipher-form/components/custom-fields/custom-fields.component.html
@@ -89,7 +89,7 @@
          bitIconButton="bwi-pencil-square"
          class="tw-self-center tw-mt-2"
          data-testid="edit-custom-field-button"
-          *ngIf="!isPartialEdit"
+          *ngIf="canEdit(field.value.type)"
        ></button>

        <button
@@ -100,7 +100,7 @@
          [appA11yTitle]="'reorderToggleButton' | i18n: field.value.name"
          (keydown)="handleKeyDown($event, field.value.name, i)"
          data-testid="reorder-toggle-button"
-          *ngIf="!isPartialEdit"
+          *ngIf="canEdit(field.value.type)"
        ></button>
      </div>