mirror of
https://github.com/bitwarden/browser
synced 2025-12-17 08:43:33 +00:00
0c3b569d0e
* [AC-1117] Add manage permission (#5910) * Add 'manage' option to collection access permissions * Add 'manage' to collection permissions * remove service accidentally committed from another branch * Update CLI commands * update message casing to be consistent * access selector model updates * [AC-1374] Limit collection create/delete (#5963) * feat: udate request/response/data/domain models for new column, refs AC-1374 * feat: create collection management ui, refs AC-1374 * fix: remove limitCollectionCdOwnerAdmin boolean from org update request, refs AC-1374 * fix: moved collection management UI, removed comments, refs AC-1374 * fix: observable chaining now properly calls API when local org updated, refs AC-1374 * fix: remove unused form template variables, refs AC-1374 * fix: clean up observable chain, refs AC-1374 * fix: remove parent.parent route, refs AC-1374 * fix: add cd explaination, refs AC-1374 * [AC-1649] Remove organizationId from collection-bulk-delete.request (#6343) * refactor: remove organizationId from collection-bulk-delete-request, refs AC-1649 * refactor: remove request model from dialog component, refs AC-1649 * [AC-1174] Bulk collection management (#6133) * [AC-1174] Add bulk edit collection access event type * [AC-1174] Add bulk edit collection access menu option * [AC-1174] Add initial bulk collections access dialog * [AC-1174] Add logic to open bulk edit collections dialog * [AC-1174] Move AccessItemView helper methods to access selector model to be shared * [AC-1174] Add access selector to bulk collections dialog * [AC-1174] Add bulk assign access method to collection-admin service * [AC-1174] Introduce strongly typed BulkCollectionAccessRequest model * [AC-1174] Update vault item event type name * Update DialogService dependency --------- Co-authored-by: Thomas Rittson <trittson@bitwarden.com> * Rename LimitCollectionCdOwnerAdmin -> LimitCollectionCreationDeletion (#6409) * Add manage property to synced Collection data * Revert "Add manage property to synced Collection data" Pushed to feature branch instead of a new one This reverts commit65cd39589c. * Add manage property to synced Collection data * Revert "Add manage property to synced Collection data" This reverts commitf7fa30b79a. * [AC-1680] Add manage property to collection view and response models (#6417) * Add manage property to synced Collection data * Update tests * feat: add LimitCollectionCreationDeletion conditional to canCreateNewCollections logic, refs AC-1659 (#6429) * [AC-1669] Enforce Can Manage permission on Collection dialog (#6493) * [AC-1669] Cleanup unhandled promise warnings * [AC-1669] Force change detection to ensure AccessSelector has the most recent items * [AC-1669] Initially select acting member when creating a new collection * [AC-1669] Add validator to ensure manage permission is selected * [AC-1669] Update error toast logic to support access tab errors * [AC-1669] Add error icon * [AC-1713] [Flexible collections] Add feature flags to clients (#6486) * Add FlexibleCollections and BulkCollectionAccess flags * Flag Collection Management settings * Flag bulk collection access dialog * Flag collection access modal changes * [AC-1662] Add LimitCollecitonCreationDeletion conditional to CanDelete logic (#6526) * feat: implement limitCollectionCreationDeletion into canDelete logic, refs AC-1662 * feat: make canDelete functions backwards compatible with feature flag, refs AC-1662 * feat: update vault-items.component for async getter, refs AC-1662 * feat: update configService injection, refs AC-1662 * feat: add config service to canDelete reference, refs AC-1662 * fix: remove configservice dependency from views, refs AC-1757 (#6686) * Add missing provider to vault-items.stories (#6690) * Fix imports after update from master --------- Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com> Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com> Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com> Co-authored-by: Shane Melton <smelton@bitwarden.com>
197 lines
7.1 KiB
TypeScript
197 lines
7.1 KiB
TypeScript
import { ApiService } from "@bitwarden/common/abstractions/api.service";
|
|
import { SelectionReadOnlyRequest } from "@bitwarden/common/admin-console/models/request/selection-read-only.request";
|
|
import { CipherExport } from "@bitwarden/common/models/export/cipher.export";
|
|
import { CollectionExport } from "@bitwarden/common/models/export/collection.export";
|
|
import { FolderExport } from "@bitwarden/common/models/export/folder.export";
|
|
import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
|
|
import { Utils } from "@bitwarden/common/platform/misc/utils";
|
|
import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
|
|
import { FolderApiServiceAbstraction } from "@bitwarden/common/vault/abstractions/folder/folder-api.service.abstraction";
|
|
import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
|
|
import { CollectionRequest } from "@bitwarden/common/vault/models/request/collection.request";
|
|
|
|
import { OrganizationCollectionRequest } from "../admin-console/models/request/organization-collection.request";
|
|
import { OrganizationCollectionResponse } from "../admin-console/models/response/organization-collection.response";
|
|
import { Response } from "../models/response";
|
|
import { CliUtils } from "../utils";
|
|
import { CipherResponse } from "../vault/models/cipher.response";
|
|
import { FolderResponse } from "../vault/models/folder.response";
|
|
|
|
export class EditCommand {
|
|
constructor(
|
|
private cipherService: CipherService,
|
|
private folderService: FolderService,
|
|
private cryptoService: CryptoService,
|
|
private apiService: ApiService,
|
|
private folderApiService: FolderApiServiceAbstraction
|
|
) {}
|
|
|
|
async run(
|
|
object: string,
|
|
id: string,
|
|
requestJson: any,
|
|
cmdOptions: Record<string, any>
|
|
): Promise<Response> {
|
|
if (process.env.BW_SERVE !== "true" && (requestJson == null || requestJson === "")) {
|
|
requestJson = await CliUtils.readStdin();
|
|
}
|
|
|
|
if (requestJson == null || requestJson === "") {
|
|
return Response.badRequest("`requestJson` was not provided.");
|
|
}
|
|
|
|
let req: any = null;
|
|
if (typeof requestJson !== "string") {
|
|
req = requestJson;
|
|
} else {
|
|
try {
|
|
const reqJson = Buffer.from(requestJson, "base64").toString();
|
|
req = JSON.parse(reqJson);
|
|
} catch (e) {
|
|
return Response.badRequest("Error parsing the encoded request data.");
|
|
}
|
|
}
|
|
|
|
if (id != null) {
|
|
id = id.toLowerCase();
|
|
}
|
|
|
|
const normalizedOptions = new Options(cmdOptions);
|
|
switch (object.toLowerCase()) {
|
|
case "item":
|
|
return await this.editCipher(id, req);
|
|
case "item-collections":
|
|
return await this.editCipherCollections(id, req);
|
|
case "folder":
|
|
return await this.editFolder(id, req);
|
|
case "org-collection":
|
|
return await this.editOrganizationCollection(id, req, normalizedOptions);
|
|
default:
|
|
return Response.badRequest("Unknown object.");
|
|
}
|
|
}
|
|
|
|
private async editCipher(id: string, req: CipherExport) {
|
|
const cipher = await this.cipherService.get(id);
|
|
if (cipher == null) {
|
|
return Response.notFound();
|
|
}
|
|
|
|
let cipherView = await cipher.decrypt(
|
|
await this.cipherService.getKeyForCipherKeyDecryption(cipher)
|
|
);
|
|
if (cipherView.isDeleted) {
|
|
return Response.badRequest("You may not edit a deleted item. Use the restore command first.");
|
|
}
|
|
cipherView = CipherExport.toView(req, cipherView);
|
|
const encCipher = await this.cipherService.encrypt(cipherView);
|
|
try {
|
|
await this.cipherService.updateWithServer(encCipher);
|
|
const updatedCipher = await this.cipherService.get(cipher.id);
|
|
const decCipher = await updatedCipher.decrypt(
|
|
await this.cipherService.getKeyForCipherKeyDecryption(updatedCipher)
|
|
);
|
|
const res = new CipherResponse(decCipher);
|
|
return Response.success(res);
|
|
} catch (e) {
|
|
return Response.error(e);
|
|
}
|
|
}
|
|
|
|
private async editCipherCollections(id: string, req: string[]) {
|
|
const cipher = await this.cipherService.get(id);
|
|
if (cipher == null) {
|
|
return Response.notFound();
|
|
}
|
|
if (cipher.organizationId == null) {
|
|
return Response.badRequest(
|
|
"Item does not belong to an organization. Consider moving it first."
|
|
);
|
|
}
|
|
|
|
cipher.collectionIds = req;
|
|
try {
|
|
await this.cipherService.saveCollectionsWithServer(cipher);
|
|
const updatedCipher = await this.cipherService.get(cipher.id);
|
|
const decCipher = await updatedCipher.decrypt(
|
|
await this.cipherService.getKeyForCipherKeyDecryption(updatedCipher)
|
|
);
|
|
const res = new CipherResponse(decCipher);
|
|
return Response.success(res);
|
|
} catch (e) {
|
|
return Response.error(e);
|
|
}
|
|
}
|
|
|
|
private async editFolder(id: string, req: FolderExport) {
|
|
const folder = await this.folderService.getFromState(id);
|
|
if (folder == null) {
|
|
return Response.notFound();
|
|
}
|
|
|
|
let folderView = await folder.decrypt();
|
|
folderView = FolderExport.toView(req, folderView);
|
|
const encFolder = await this.folderService.encrypt(folderView);
|
|
try {
|
|
await this.folderApiService.save(encFolder);
|
|
const updatedFolder = await this.folderService.get(folder.id);
|
|
const decFolder = await updatedFolder.decrypt();
|
|
const res = new FolderResponse(decFolder);
|
|
return Response.success(res);
|
|
} catch (e) {
|
|
return Response.error(e);
|
|
}
|
|
}
|
|
|
|
private async editOrganizationCollection(
|
|
id: string,
|
|
req: OrganizationCollectionRequest,
|
|
options: Options
|
|
) {
|
|
if (options.organizationId == null || options.organizationId === "") {
|
|
return Response.badRequest("`organizationid` option is required.");
|
|
}
|
|
if (!Utils.isGuid(id)) {
|
|
return Response.badRequest("`" + id + "` is not a GUID.");
|
|
}
|
|
if (!Utils.isGuid(options.organizationId)) {
|
|
return Response.badRequest("`" + options.organizationId + "` is not a GUID.");
|
|
}
|
|
if (options.organizationId !== req.organizationId) {
|
|
return Response.badRequest("`organizationid` option does not match request object.");
|
|
}
|
|
try {
|
|
const orgKey = await this.cryptoService.getOrgKey(req.organizationId);
|
|
if (orgKey == null) {
|
|
throw new Error("No encryption key for this organization.");
|
|
}
|
|
|
|
const groups =
|
|
req.groups == null
|
|
? null
|
|
: req.groups.map(
|
|
(g) => new SelectionReadOnlyRequest(g.id, g.readOnly, g.hidePasswords, g.manage)
|
|
);
|
|
const request = new CollectionRequest();
|
|
request.name = (await this.cryptoService.encrypt(req.name, orgKey)).encryptedString;
|
|
request.externalId = req.externalId;
|
|
request.groups = groups;
|
|
const response = await this.apiService.putCollection(req.organizationId, id, request);
|
|
const view = CollectionExport.toView(req);
|
|
view.id = response.id;
|
|
const res = new OrganizationCollectionResponse(view, groups);
|
|
return Response.success(res);
|
|
} catch (e) {
|
|
return Response.error(e);
|
|
}
|
|
}
|
|
}
|
|
|
|
class Options {
|
|
organizationId: string;
|
|
|
|
constructor(passedOptions: Record<string, any>) {
|
|
this.organizationId = passedOptions?.organizationid || passedOptions?.organizationId;
|
|
}
|
|
}
|