mirror of
https://github.com/bitwarden/browser
synced 2025-01-20 16:31:15 +01:00
Implemented Custom role and permissions (#237)
* Implemented Custom role and permissions * converted Permissions interface into a class * formatting fix
This commit is contained in:
parent
8d161d9245
commit
6ac6df75d7
@ -162,7 +162,7 @@ export class AddEditComponent implements OnInit {
|
||||
orgs.sort(Utils.getSortFunction(this.i18nService, 'name')).forEach((o) => {
|
||||
if (o.enabled && o.status === OrganizationUserStatusType.Confirmed) {
|
||||
this.ownershipOptions.push({ name: o.name, value: o.id });
|
||||
if (policies != null && o.usePolicies && !o.isAdmin && this.allowPersonal) {
|
||||
if (policies != null && o.usePolicies && !o.canManagePolicies && this.allowPersonal) {
|
||||
for (const policy of policies) {
|
||||
if (policy.organizationId === o.id && policy.enabled) {
|
||||
this.allowPersonal = false;
|
||||
|
@ -3,4 +3,5 @@ export enum OrganizationUserType {
|
||||
Admin = 1,
|
||||
User = 2,
|
||||
Manager = 3,
|
||||
Custom = 4,
|
||||
}
|
||||
|
12
src/enums/permissions.ts
Normal file
12
src/enums/permissions.ts
Normal file
@ -0,0 +1,12 @@
|
||||
export enum Permissions {
|
||||
AccessBusinessPortal,
|
||||
AccessEventLogs,
|
||||
AccessImportExport,
|
||||
AccessReports,
|
||||
ManageAllCollections,
|
||||
ManageAssignedCollections,
|
||||
ManageGroups,
|
||||
ManageOrganization,
|
||||
ManagePolicies,
|
||||
ManageUsers,
|
||||
}
|
33
src/models/api/permissionsApi.ts
Normal file
33
src/models/api/permissionsApi.ts
Normal file
@ -0,0 +1,33 @@
|
||||
import { BaseResponse } from '../response/baseResponse';
|
||||
|
||||
export class PermissionsApi extends BaseResponse {
|
||||
accessBusinessPortal: boolean;
|
||||
accessEventLogs: boolean;
|
||||
accessImportExport: boolean;
|
||||
accessReports: boolean;
|
||||
manageAllCollections: boolean;
|
||||
manageAssignedCollections: boolean;
|
||||
manageCiphers: boolean;
|
||||
manageGroups: boolean;
|
||||
manageSso: boolean;
|
||||
managePolicies: boolean;
|
||||
manageUsers: boolean;
|
||||
|
||||
constructor(data: any = null) {
|
||||
super(data);
|
||||
if (data == null) {
|
||||
return this;
|
||||
}
|
||||
this.accessBusinessPortal = this.getResponseProperty('AccessBusinessPortal');
|
||||
this.accessEventLogs = this.getResponseProperty('AccessEventLogs');
|
||||
this.accessImportExport = this.getResponseProperty('AccessImportExport');
|
||||
this.accessReports = this.getResponseProperty('AccessReports');
|
||||
this.manageAllCollections = this.getResponseProperty('ManageAllCollections');
|
||||
this.manageAssignedCollections = this.getResponseProperty('ManageAssignedCollections');
|
||||
this.manageCiphers = this.getResponseProperty('ManageCiphers');
|
||||
this.manageGroups = this.getResponseProperty('ManageGroups');
|
||||
this.manageSso = this.getResponseProperty('ManageSso');
|
||||
this.managePolicies = this.getResponseProperty('ManagePolicies');
|
||||
this.manageUsers = this.getResponseProperty('ManageUsers');
|
||||
}
|
||||
}
|
@ -2,6 +2,7 @@ import { ProfileOrganizationResponse } from '../response/profileOrganizationResp
|
||||
|
||||
import { OrganizationUserStatusType } from '../../enums/organizationUserStatusType';
|
||||
import { OrganizationUserType } from '../../enums/organizationUserType';
|
||||
import { PermissionsApi } from '../api/permissionsApi';
|
||||
|
||||
export class OrganizationData {
|
||||
id: string;
|
||||
@ -25,6 +26,7 @@ export class OrganizationData {
|
||||
maxStorageGb?: number;
|
||||
ssoBound: boolean;
|
||||
identifier: string;
|
||||
permissions: PermissionsApi;
|
||||
|
||||
constructor(response: ProfileOrganizationResponse) {
|
||||
this.id = response.id;
|
||||
@ -48,5 +50,6 @@ export class OrganizationData {
|
||||
this.maxStorageGb = response.maxStorageGb;
|
||||
this.ssoBound = response.ssoBound;
|
||||
this.identifier = response.identifier;
|
||||
this.permissions = response.permissions;
|
||||
}
|
||||
}
|
||||
|
@ -2,6 +2,8 @@ import { OrganizationData } from '../data/organizationData';
|
||||
|
||||
import { OrganizationUserStatusType } from '../../enums/organizationUserStatusType';
|
||||
import { OrganizationUserType } from '../../enums/organizationUserType';
|
||||
import { PermissionsApi } from '../api/permissionsApi';
|
||||
|
||||
|
||||
export class Organization {
|
||||
id: string;
|
||||
@ -25,6 +27,7 @@ export class Organization {
|
||||
maxStorageGb?: number;
|
||||
ssoBound: boolean;
|
||||
identifier: string;
|
||||
permissions: PermissionsApi;
|
||||
|
||||
constructor(obj?: OrganizationData) {
|
||||
if (obj == null) {
|
||||
@ -52,6 +55,7 @@ export class Organization {
|
||||
this.maxStorageGb = obj.maxStorageGb;
|
||||
this.ssoBound = obj.ssoBound;
|
||||
this.identifier = obj.identifier;
|
||||
this.permissions = obj.permissions;
|
||||
}
|
||||
|
||||
get canAccess() {
|
||||
@ -73,4 +77,44 @@ export class Organization {
|
||||
get isOwner() {
|
||||
return this.type === OrganizationUserType.Owner;
|
||||
}
|
||||
|
||||
get canAccessBusinessPortal() {
|
||||
return this.isAdmin || this.permissions.accessBusinessPortal;
|
||||
}
|
||||
|
||||
get canAccessEventLogs() {
|
||||
return this.isAdmin || this.permissions.accessEventLogs;
|
||||
}
|
||||
|
||||
get canAccessImportExport() {
|
||||
return this.isAdmin || this.permissions.accessImportExport;
|
||||
}
|
||||
|
||||
get canAccessReports() {
|
||||
return this.isAdmin || this.permissions.accessReports;
|
||||
}
|
||||
|
||||
get canManageAllCollections() {
|
||||
return this.isAdmin || this.permissions.manageAllCollections;
|
||||
}
|
||||
|
||||
get canManageAssignedCollections() {
|
||||
return this.isManager || this.permissions.manageAssignedCollections;
|
||||
}
|
||||
|
||||
get canManageGroups() {
|
||||
return this.isAdmin || this.permissions.manageGroups;
|
||||
}
|
||||
|
||||
get canManageSso() {
|
||||
return this.isAdmin || this.permissions.manageSso;
|
||||
}
|
||||
|
||||
get canManagePolicies() {
|
||||
return this.isAdmin || this.permissions.managePolicies;
|
||||
}
|
||||
|
||||
get canManageUsers() {
|
||||
return this.isAdmin || this.permissions.manageUsers;
|
||||
}
|
||||
}
|
||||
|
@ -1,10 +1,12 @@
|
||||
import { OrganizationUserType } from '../../enums/organizationUserType';
|
||||
|
||||
import { SelectionReadOnlyRequest } from './selectionReadOnlyRequest';
|
||||
|
||||
import { OrganizationUserType } from '../../enums/organizationUserType';
|
||||
import { PermissionsApi } from '../api/permissionsApi';
|
||||
|
||||
export class OrganizationUserInviteRequest {
|
||||
emails: string[] = [];
|
||||
type: OrganizationUserType;
|
||||
accessAll: boolean;
|
||||
collections: SelectionReadOnlyRequest[] = [];
|
||||
permissions: PermissionsApi;
|
||||
}
|
||||
|
@ -1,9 +1,11 @@
|
||||
import { OrganizationUserType } from '../../enums/organizationUserType';
|
||||
|
||||
import { SelectionReadOnlyRequest } from './selectionReadOnlyRequest';
|
||||
|
||||
import { OrganizationUserType } from '../../enums/organizationUserType';
|
||||
import { PermissionsApi } from '../api/permissionsApi';
|
||||
|
||||
export class OrganizationUserUpdateRequest {
|
||||
type: OrganizationUserType;
|
||||
accessAll: boolean;
|
||||
collections: SelectionReadOnlyRequest[] = [];
|
||||
permissions: PermissionsApi;
|
||||
}
|
||||
|
@ -1,15 +1,18 @@
|
||||
import { OrganizationUserStatusType } from '../../enums/organizationUserStatusType';
|
||||
import { OrganizationUserType } from '../../enums/organizationUserType';
|
||||
|
||||
import { BaseResponse } from './baseResponse';
|
||||
import { SelectionReadOnlyResponse } from './selectionReadOnlyResponse';
|
||||
|
||||
import { PermissionsApi } from '../api/permissionsApi';
|
||||
|
||||
import { OrganizationUserStatusType } from '../../enums/organizationUserStatusType';
|
||||
import { OrganizationUserType } from '../../enums/organizationUserType';
|
||||
|
||||
export class OrganizationUserResponse extends BaseResponse {
|
||||
id: string;
|
||||
userId: string;
|
||||
type: OrganizationUserType;
|
||||
status: OrganizationUserStatusType;
|
||||
accessAll: boolean;
|
||||
permissions: PermissionsApi;
|
||||
|
||||
constructor(response: any) {
|
||||
super(response);
|
||||
@ -17,6 +20,7 @@ export class OrganizationUserResponse extends BaseResponse {
|
||||
this.userId = this.getResponseProperty('UserId');
|
||||
this.type = this.getResponseProperty('Type');
|
||||
this.status = this.getResponseProperty('Status');
|
||||
this.permissions = new PermissionsApi(this.getResponseProperty('Permissions'));
|
||||
this.accessAll = this.getResponseProperty('AccessAll');
|
||||
}
|
||||
}
|
||||
|
@ -2,6 +2,7 @@ import { BaseResponse } from './baseResponse';
|
||||
|
||||
import { OrganizationUserStatusType } from '../../enums/organizationUserStatusType';
|
||||
import { OrganizationUserType } from '../../enums/organizationUserType';
|
||||
import { PermissionsApi } from '../api/permissionsApi';
|
||||
|
||||
export class ProfileOrganizationResponse extends BaseResponse {
|
||||
id: string;
|
||||
@ -26,6 +27,7 @@ export class ProfileOrganizationResponse extends BaseResponse {
|
||||
enabled: boolean;
|
||||
ssoBound: boolean;
|
||||
identifier: string;
|
||||
permissions: PermissionsApi;
|
||||
|
||||
constructor(response: any) {
|
||||
super(response);
|
||||
@ -51,5 +53,6 @@ export class ProfileOrganizationResponse extends BaseResponse {
|
||||
this.enabled = this.getResponseProperty('Enabled');
|
||||
this.ssoBound = this.getResponseProperty('SsoBound');
|
||||
this.identifier = this.getResponseProperty('Identifier');
|
||||
this.permissions = new PermissionsApi(this.getResponseProperty('permissions'));
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user