Modifying the unsecured reports to check for proper permissions (#10038)

2024-07-19 09:18:30 -04:00 · 2024-07-19 09:18:30 -04:00 · bc1ee0a169
parent 1cdc701328
commit bc1ee0a169
2 changed files with 45 additions and 2 deletions
--- a/apps/web/src/app/admin-console/organizations/tools/unsecured-websites-report.component.ts
+++ b/apps/web/src/app/admin-console/organizations/tools/unsecured-websites-report.component.ts
@ -5,6 +5,7 @@ import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
+import { CollectionService } from "@bitwarden/common/vault/abstractions/collection.service";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
 import { PasswordRepromptService } from "@bitwarden/vault";
@ -29,6 +30,7 @@ export class UnsecuredWebsitesReportComponent
    passwordRepromptService: PasswordRepromptService,
    i18nService: I18nService,
    syncService: SyncService,
+    collectionService: CollectionService,
  ) {
    super(
      cipherService,
@ -37,6 +39,7 @@ export class UnsecuredWebsitesReportComponent
      passwordRepromptService,
      i18nService,
      syncService,
+      collectionService,
    );
  }

--- a/apps/web/src/app/tools/reports/pages/unsecured-websites-report.component.ts
+++ b/apps/web/src/app/tools/reports/pages/unsecured-websites-report.component.ts
@ -4,8 +4,11 @@ import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
+import { CollectionService } from "@bitwarden/common/vault/abstractions/collection.service";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { CipherType } from "@bitwarden/common/vault/enums";
+import { Collection } from "@bitwarden/common/vault/models/domain/collection";
+import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
 import { PasswordRepromptService } from "@bitwarden/vault";

 import { CipherReportComponent } from "./cipher-report.component";
@ -24,6 +27,7 @@ export class UnsecuredWebsitesReportComponent extends CipherReportComponent impl
    passwordRepromptService: PasswordRepromptService,
    i18nService: I18nService,
    syncService: SyncService,
+    private collectionService: CollectionService,
  ) {
    super(
      cipherService,
@ -41,15 +45,51 @@ export class UnsecuredWebsitesReportComponent extends CipherReportComponent impl

  async setCiphers() {
    const allCiphers = await this.getAllCiphers();
+    const allCollections = await this.collectionService.getAll();
    this.filterStatus = [0];
+
    const unsecuredCiphers = allCiphers.filter((c) => {
-      if (c.type !== CipherType.Login || !c.login.hasUris || c.isDeleted) {
+      const containsUnsecured = this.cipherContainsUnsecured(c);
+      if (containsUnsecured === false) {
        return false;
      }

-      return c.login.uris.some((u: any) => u.uri != null && u.uri.indexOf("http://") === 0);
+      const canView = this.canView(c, allCollections);
+      return canView;
    });

    this.filterCiphersByOrg(unsecuredCiphers);
  }
+
+  /**
+   * Cipher needs to be a Login type, contain Uris, and not be deleted
+   * @param cipher Current cipher with unsecured uri
+   */
+  private cipherContainsUnsecured(cipher: CipherView): boolean {
+    if (cipher.type !== CipherType.Login || !cipher.login.hasUris || cipher.isDeleted) {
+      return false;
+    }
+
+    const containsUnsecured = cipher.login.uris.some(
+      (u: any) => u.uri != null && u.uri.indexOf("http://") === 0,
+    );
+    return containsUnsecured;
+  }
+
+  /**
+   * If the user does not have readonly set or it's false they have the ability to edit
+   * @param cipher Current cipher with unsecured uri
+   * @param allCollections The collections for the user
+   */
+  private canView(cipher: CipherView, allCollections: Collection[]): boolean {
+    if (!cipher.organizationId) {
+      return true;
+    }
+
+    return (
+      allCollections.filter(
+        (item) => cipher.collectionIds.indexOf(item.id) > -1 && !(item.readOnly ?? false),
+      ).length > 0
+    );
+  }
 }