vaultwarden
/
bitwarden-estensione-browser
mirror of https://github.com/bitwarden/browser
1
0
Fork 0
Code Issues 1 Releases Wiki Activity

Merge branch 'main' into autofill/pm-8027-inline-menu-appears-within-input-fields-that-do-not-relate-to-user-login

This commit is contained in:
Cesar Gonzalez 2024-06-13 11:07:48 -05:00 committed by GitHub
parent eb4925be1a e56a3386a2
commit 90098168b6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 16 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
apps/web/src/app/vault/org-vault/vault.component.ts
View File

@ -311,10 +311,6 @@ export class VaultComponent implements OnInit, OnDestroy {
this.editableCollections$ = this.allCollectionsWithoutUnassigned$.pipe(
map((collections) => {
// If restricted, providers can not add items to any collections or edit those items
if (this.organization.isProviderUser && this.restrictProviderAccessEnabled) {
return [];
}
// Users that can edit all ciphers can implicitly add to / edit within any collection
if (
this.organization.canEditAllCiphers(
@ -356,10 +352,6 @@ export class VaultComponent implements OnInit, OnDestroy {
}
let ciphers;
if (organization.isProviderUser && this.restrictProviderAccessEnabled) {
return [];
}
if (this.flexibleCollectionsV1Enabled) {
// Flexible collections V1 logic.
// If the user can edit all ciphers for the organization then fetch them ALL.
@ -488,10 +480,6 @@ export class VaultComponent implements OnInit, OnDestroy {
organization$,
]).pipe(
map(([filter, collection, organization]) => {
if (organization.isProviderUser && this.restrictProviderAccessEnabled) {
return collection != undefined || filter.collectionId === Unassigned;
}
return (
(filter.collectionId === Unassigned &&
!organization.canEditUnassignedCiphers(this.restrictProviderAccessEnabled)) ||

21
libs/common/src/admin-console/models/domain/organization.ts
View File

@ -195,10 +195,18 @@ export class Organization {
}
canEditUnassignedCiphers(restrictProviderAccessFlagEnabled: boolean) {
if (this.isProviderUser) {
return !restrictProviderAccessFlagEnabled;
// Providers can access items until the restrictProviderAccess flag is enabled
// After the flag is enabled and removed, this block will be deleted
// so that they permanently lose access to items
if (this.isProviderUser && !restrictProviderAccessFlagEnabled) {
return true;
}
return this.isAdmin || this.permissions.editAnyCollection;
return (
this.type === OrganizationUserType.Admin ||
this.type === OrganizationUserType.Owner ||
this.permissions.editAnyCollection
);
}
canEditAllCiphers(
@ -210,8 +218,11 @@ export class Organization {
return this.isAdmin || this.permissions.editAnyCollection;
}
if (this.isProviderUser) {
return !restrictProviderAccessFlagEnabled;
// Providers can access items until the restrictProviderAccess flag is enabled
// After the flag is enabled and removed, this block will be deleted
// so that they permanently lose access to items
if (this.isProviderUser && !restrictProviderAccessFlagEnabled) {
return true;
}
// Post Flexible Collections V1, the allowAdminAccessToAllCollectionItems flag can restrict admins