1
0
mirror of https://github.com/bitwarden/browser synced 2025-01-20 16:31:15 +01:00

Implemented Custom role and permissions (#237)

* Implemented Custom role and permissions

* converted Permissions interface into a class

* formatting fix
This commit is contained in:
Addison Beck 2021-01-11 17:01:39 -05:00 committed by GitHub
parent 8d161d9245
commit 6ac6df75d7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 112 additions and 8 deletions

View File

@ -162,7 +162,7 @@ export class AddEditComponent implements OnInit {
orgs.sort(Utils.getSortFunction(this.i18nService, 'name')).forEach((o) => {
if (o.enabled && o.status === OrganizationUserStatusType.Confirmed) {
this.ownershipOptions.push({ name: o.name, value: o.id });
if (policies != null && o.usePolicies && !o.isAdmin && this.allowPersonal) {
if (policies != null && o.usePolicies && !o.canManagePolicies && this.allowPersonal) {
for (const policy of policies) {
if (policy.organizationId === o.id && policy.enabled) {
this.allowPersonal = false;

View File

@ -3,4 +3,5 @@ export enum OrganizationUserType {
Admin = 1,
User = 2,
Manager = 3,
Custom = 4,
}

12
src/enums/permissions.ts Normal file
View File

@ -0,0 +1,12 @@
export enum Permissions {
AccessBusinessPortal,
AccessEventLogs,
AccessImportExport,
AccessReports,
ManageAllCollections,
ManageAssignedCollections,
ManageGroups,
ManageOrganization,
ManagePolicies,
ManageUsers,
}

View File

@ -0,0 +1,33 @@
import { BaseResponse } from '../response/baseResponse';
export class PermissionsApi extends BaseResponse {
accessBusinessPortal: boolean;
accessEventLogs: boolean;
accessImportExport: boolean;
accessReports: boolean;
manageAllCollections: boolean;
manageAssignedCollections: boolean;
manageCiphers: boolean;
manageGroups: boolean;
manageSso: boolean;
managePolicies: boolean;
manageUsers: boolean;
constructor(data: any = null) {
super(data);
if (data == null) {
return this;
}
this.accessBusinessPortal = this.getResponseProperty('AccessBusinessPortal');
this.accessEventLogs = this.getResponseProperty('AccessEventLogs');
this.accessImportExport = this.getResponseProperty('AccessImportExport');
this.accessReports = this.getResponseProperty('AccessReports');
this.manageAllCollections = this.getResponseProperty('ManageAllCollections');
this.manageAssignedCollections = this.getResponseProperty('ManageAssignedCollections');
this.manageCiphers = this.getResponseProperty('ManageCiphers');
this.manageGroups = this.getResponseProperty('ManageGroups');
this.manageSso = this.getResponseProperty('ManageSso');
this.managePolicies = this.getResponseProperty('ManagePolicies');
this.manageUsers = this.getResponseProperty('ManageUsers');
}
}

View File

@ -2,6 +2,7 @@ import { ProfileOrganizationResponse } from '../response/profileOrganizationResp
import { OrganizationUserStatusType } from '../../enums/organizationUserStatusType';
import { OrganizationUserType } from '../../enums/organizationUserType';
import { PermissionsApi } from '../api/permissionsApi';
export class OrganizationData {
id: string;
@ -25,6 +26,7 @@ export class OrganizationData {
maxStorageGb?: number;
ssoBound: boolean;
identifier: string;
permissions: PermissionsApi;
constructor(response: ProfileOrganizationResponse) {
this.id = response.id;
@ -48,5 +50,6 @@ export class OrganizationData {
this.maxStorageGb = response.maxStorageGb;
this.ssoBound = response.ssoBound;
this.identifier = response.identifier;
this.permissions = response.permissions;
}
}

View File

@ -2,6 +2,8 @@ import { OrganizationData } from '../data/organizationData';
import { OrganizationUserStatusType } from '../../enums/organizationUserStatusType';
import { OrganizationUserType } from '../../enums/organizationUserType';
import { PermissionsApi } from '../api/permissionsApi';
export class Organization {
id: string;
@ -25,6 +27,7 @@ export class Organization {
maxStorageGb?: number;
ssoBound: boolean;
identifier: string;
permissions: PermissionsApi;
constructor(obj?: OrganizationData) {
if (obj == null) {
@ -52,6 +55,7 @@ export class Organization {
this.maxStorageGb = obj.maxStorageGb;
this.ssoBound = obj.ssoBound;
this.identifier = obj.identifier;
this.permissions = obj.permissions;
}
get canAccess() {
@ -73,4 +77,44 @@ export class Organization {
get isOwner() {
return this.type === OrganizationUserType.Owner;
}
get canAccessBusinessPortal() {
return this.isAdmin || this.permissions.accessBusinessPortal;
}
get canAccessEventLogs() {
return this.isAdmin || this.permissions.accessEventLogs;
}
get canAccessImportExport() {
return this.isAdmin || this.permissions.accessImportExport;
}
get canAccessReports() {
return this.isAdmin || this.permissions.accessReports;
}
get canManageAllCollections() {
return this.isAdmin || this.permissions.manageAllCollections;
}
get canManageAssignedCollections() {
return this.isManager || this.permissions.manageAssignedCollections;
}
get canManageGroups() {
return this.isAdmin || this.permissions.manageGroups;
}
get canManageSso() {
return this.isAdmin || this.permissions.manageSso;
}
get canManagePolicies() {
return this.isAdmin || this.permissions.managePolicies;
}
get canManageUsers() {
return this.isAdmin || this.permissions.manageUsers;
}
}

View File

@ -1,10 +1,12 @@
import { OrganizationUserType } from '../../enums/organizationUserType';
import { SelectionReadOnlyRequest } from './selectionReadOnlyRequest';
import { OrganizationUserType } from '../../enums/organizationUserType';
import { PermissionsApi } from '../api/permissionsApi';
export class OrganizationUserInviteRequest {
emails: string[] = [];
type: OrganizationUserType;
accessAll: boolean;
collections: SelectionReadOnlyRequest[] = [];
permissions: PermissionsApi;
}

View File

@ -1,9 +1,11 @@
import { OrganizationUserType } from '../../enums/organizationUserType';
import { SelectionReadOnlyRequest } from './selectionReadOnlyRequest';
import { OrganizationUserType } from '../../enums/organizationUserType';
import { PermissionsApi } from '../api/permissionsApi';
export class OrganizationUserUpdateRequest {
type: OrganizationUserType;
accessAll: boolean;
collections: SelectionReadOnlyRequest[] = [];
permissions: PermissionsApi;
}

View File

@ -1,15 +1,18 @@
import { OrganizationUserStatusType } from '../../enums/organizationUserStatusType';
import { OrganizationUserType } from '../../enums/organizationUserType';
import { BaseResponse } from './baseResponse';
import { SelectionReadOnlyResponse } from './selectionReadOnlyResponse';
import { PermissionsApi } from '../api/permissionsApi';
import { OrganizationUserStatusType } from '../../enums/organizationUserStatusType';
import { OrganizationUserType } from '../../enums/organizationUserType';
export class OrganizationUserResponse extends BaseResponse {
id: string;
userId: string;
type: OrganizationUserType;
status: OrganizationUserStatusType;
accessAll: boolean;
permissions: PermissionsApi;
constructor(response: any) {
super(response);
@ -17,6 +20,7 @@ export class OrganizationUserResponse extends BaseResponse {
this.userId = this.getResponseProperty('UserId');
this.type = this.getResponseProperty('Type');
this.status = this.getResponseProperty('Status');
this.permissions = new PermissionsApi(this.getResponseProperty('Permissions'));
this.accessAll = this.getResponseProperty('AccessAll');
}
}

View File

@ -2,6 +2,7 @@ import { BaseResponse } from './baseResponse';
import { OrganizationUserStatusType } from '../../enums/organizationUserStatusType';
import { OrganizationUserType } from '../../enums/organizationUserType';
import { PermissionsApi } from '../api/permissionsApi';
export class ProfileOrganizationResponse extends BaseResponse {
id: string;
@ -26,6 +27,7 @@ export class ProfileOrganizationResponse extends BaseResponse {
enabled: boolean;
ssoBound: boolean;
identifier: string;
permissions: PermissionsApi;
constructor(response: any) {
super(response);
@ -51,5 +53,6 @@ export class ProfileOrganizationResponse extends BaseResponse {
this.enabled = this.getResponseProperty('Enabled');
this.ssoBound = this.getResponseProperty('SsoBound');
this.identifier = this.getResponseProperty('Identifier');
this.permissions = new PermissionsApi(this.getResponseProperty('permissions'));
}
}