From 562e1fe459e33f633b8c6b501253789318fa8d5a Mon Sep 17 00:00:00 2001 From: Matt Gibson Date: Fri, 1 Oct 2021 07:50:30 -0500 Subject: [PATCH] Feature/split manage collections permission (#504) * Split manage collections permissions * Convert camel to pascal case for element id -> name --- common/src/enums/permissions.ts | 37 ++++++++++++++++-------- common/src/misc/utils.ts | 4 +++ common/src/models/api/permissionsApi.ts | 22 ++++++++++++++ common/src/models/domain/organization.ts | 28 +++++++++++++++--- 4 files changed, 75 insertions(+), 16 deletions(-) diff --git a/common/src/enums/permissions.ts b/common/src/enums/permissions.ts index 7eede95ed8..9ce61d544d 100644 --- a/common/src/enums/permissions.ts +++ b/common/src/enums/permissions.ts @@ -1,14 +1,27 @@ export enum Permissions { - AccessBusinessPortal, - AccessEventLogs, - AccessImportExport, - AccessReports, - ManageAllCollections, - ManageAssignedCollections, - ManageGroups, - ManageOrganization, - ManagePolicies, - ManageProvider, - ManageUsers, - ManageUsersPassword, + AccessBusinessPortal = 0, + AccessEventLogs = 1, + AccessImportExport = 2, + AccessReports = 3, + /** + * @deprecated Sep 29 2021: This permission has been split out to `createNewCollections`, `editAnyCollection`, and + * `deleteAnyCollection`. It exists here for backwards compatibility with Server versions <= 1.43.0 + */ + ManageAllCollections = 4, + /** + * @deprecated Sep 29 2021: This permission has been split out to `editAssignedCollections` and + * `deleteAssignedCollections`. It exists here for backwards compatibility with Server versions <= 1.43.0 + */ + ManageAssignedCollections = 5, + ManageGroups = 6, + ManageOrganization = 7, + ManagePolicies = 8, + ManageProvider = 9, + ManageUsers = 10, + ManageUsersPassword = 11, + CreateNewCollections = 12, + EditAnyCollection = 13, + DeleteAnyCollection = 14, + EditAssignedCollections = 15, + DeleteAssignedCollections = 16, } diff --git a/common/src/misc/utils.ts b/common/src/misc/utils.ts index 4501716c87..a6921c92ea 100644 --- a/common/src/misc/utils.ts +++ b/common/src/misc/utils.ts @@ -325,6 +325,10 @@ export class Utils { return url; } + static camelToPascalCase(s: string) { + return s.charAt(0).toUpperCase() + s.slice(1); + } + private static validIpAddress(ipString: string): boolean { // tslint:disable-next-line const ipRegex = /^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/; diff --git a/common/src/models/api/permissionsApi.ts b/common/src/models/api/permissionsApi.ts index 1d305d0bcf..65ee7941fd 100644 --- a/common/src/models/api/permissionsApi.ts +++ b/common/src/models/api/permissionsApi.ts @@ -5,8 +5,21 @@ export class PermissionsApi extends BaseResponse { accessEventLogs: boolean; accessImportExport: boolean; accessReports: boolean; + /** + * @deprecated Sep 29 2021: This permission has been split out to `createNewCollections`, `editAnyCollection`, and + * `deleteAnyCollection`. It exists here for backwards compatibility with Server versions <= 1.43.0 + */ manageAllCollections: boolean; + createNewCollections: boolean; + editAnyCollection: boolean; + deleteAnyCollection: boolean; + /** + * @deprecated Sep 29 2021: This permission has been split out to `editAssignedCollections` and + * `deleteAssignedCollections`. It exists here for backwards compatibility with Server versions <= 1.43.0 + */ manageAssignedCollections: boolean; + editAssignedCollections: boolean; + deleteAssignedCollections: boolean; manageCiphers: boolean; manageGroups: boolean; manageSso: boolean; @@ -23,8 +36,17 @@ export class PermissionsApi extends BaseResponse { this.accessEventLogs = this.getResponseProperty('AccessEventLogs'); this.accessImportExport = this.getResponseProperty('AccessImportExport'); this.accessReports = this.getResponseProperty('AccessReports'); + + // For backwards compatibility with Server <= 1.43.0 this.manageAllCollections = this.getResponseProperty('ManageAllCollections'); this.manageAssignedCollections = this.getResponseProperty('ManageAssignedCollections'); + + this.createNewCollections = this.getResponseProperty('CreateNewCollections'); + this.editAnyCollection = this.getResponseProperty('EditAnyCollection'); + this.deleteAnyCollection = this.getResponseProperty('DeleteAnyCollection'); + this.editAssignedCollections = this.getResponseProperty('EditAssignedCollections'); + this.deleteAssignedCollections = this.getResponseProperty('DeleteAssignedCollections'); + this.manageCiphers = this.getResponseProperty('ManageCiphers'); this.manageGroups = this.getResponseProperty('ManageGroups'); this.manageSso = this.getResponseProperty('ManageSso'); diff --git a/common/src/models/domain/organization.ts b/common/src/models/domain/organization.ts index 3ba4d4b4e7..bd06516d8f 100644 --- a/common/src/models/domain/organization.ts +++ b/common/src/models/domain/organization.ts @@ -108,12 +108,32 @@ export class Organization { return this.isAdmin || this.permissions.accessReports; } - get canManageAllCollections() { - return this.isAdmin || this.permissions.manageAllCollections; + get canCreateNewCollections() { + return this.isAdmin || (this.permissions.createNewCollections ?? this.permissions.manageAllCollections); } - get canManageAssignedCollections() { - return this.isManager || this.permissions.manageAssignedCollections; + get canEditAnyCollection() { + return this.isAdmin || (this.permissions.editAnyCollection ?? this.permissions.manageAllCollections); + } + + get canDeleteAnyCollection() { + return this.isAdmin || (this.permissions.deleteAnyCollection ?? this.permissions.manageAllCollections); + } + + get canViewAllCollections() { + return this.canEditAnyCollection || this.canDeleteAnyCollection; + } + + get canEditAssignedCollections() { + return this.isManager || (this.permissions.deleteAssignedCollections ?? this.permissions.manageAssignedCollections); + } + + get canDeleteAssignedCollections() { + return this.isManager || (this.permissions.deleteAssignedCollections ?? this.permissions.manageAssignedCollections); + } + + get canViewAssignedCollections() { + return this.canDeleteAssignedCollections || this.canEditAssignedCollections; } get canManageGroups() {