diff --git a/libs/common/src/admin-console/abstractions/policy/policy.service.abstraction.ts b/libs/common/src/admin-console/abstractions/policy/policy.service.abstraction.ts index 0683bbd585..971b32d5d6 100644 --- a/libs/common/src/admin-console/abstractions/policy/policy.service.abstraction.ts +++ b/libs/common/src/admin-console/abstractions/policy/policy.service.abstraction.ts @@ -9,34 +9,87 @@ import { ResetPasswordPolicyOptions } from "../../models/domain/reset-password-p import { PolicyResponse } from "../../models/response/policy.response"; export abstract class PolicyService { + /** + * All {@link Policy} objects for the active user (from sync data). + * May include policies that are disabled or otherwise do not apply to the user. + * @see {@link get$} or {@link policyAppliesToActiveUser$} if you want to know when a policy applies to a user. + */ policies$: Observable; + + /** + * @returns the first {@link Policy} found that applies to the active user. + * A policy "applies" if it is enabled and the user is not exempt (e.g. because they are an Owner). + * @param policyType the {@link PolicyType} to search for + * @param policyFilter Optional predicate to apply when filtering policies + */ get$: (policyType: PolicyType, policyFilter?: (policy: Policy) => boolean) => Observable; - masterPasswordPolicyOptions$: (policies?: Policy[]) => Observable; + + /** + * All {@link Policy} objects for the specified user (from sync data). + * May include policies that are disabled or otherwise do not apply to the user. + * @see {@link policyAppliesToUser} if you want to know when a policy applies to the user. + * @deprecated Use {@link policies$} instead + */ + getAll: (type?: PolicyType, userId?: string) => Promise; + + /** + * @returns true if the {@link PolicyType} applies to the current user, otherwise false. + * @remarks A policy "applies" if it is enabled and the user is not exempt (e.g. because they are an Owner). + */ policyAppliesToActiveUser$: ( policyType: PolicyType, policyFilter?: (policy: Policy) => boolean ) => Observable; /** - * @deprecated Do not call this, use the policies$ observable collection + * @returns true if the {@link PolicyType} applies to the specified user, otherwise false. + * @remarks A policy "applies" if it is enabled and the user is not exempt (e.g. because they are an Owner). + * @see {@link policyAppliesToActiveUser$} if you only want to know about the current user. */ - getAll: (type?: PolicyType, userId?: string) => Promise; - evaluateMasterPassword: ( - passwordStrength: number, - newPassword: string, - enforcedPolicyOptions?: MasterPasswordPolicyOptions - ) => boolean; - getResetPasswordPolicyOptions: ( - policies: Policy[], - orgId: string - ) => [ResetPasswordPolicyOptions, boolean]; - mapPolicyFromResponse: (policyResponse: PolicyResponse) => Policy; - mapPoliciesFromToken: (policiesResponse: ListResponse) => Policy[]; policyAppliesToUser: ( policyType: PolicyType, policyFilter?: (policy: Policy) => boolean, userId?: string ) => Promise; + + // Policy specific interfaces + + /** + * Combines all Master Password policies that apply to the user. + * @returns a set of options which represent the minimum Master Password settings that the user must + * comply with in order to comply with **all** Master Password policies. + */ + masterPasswordPolicyOptions$: (policies?: Policy[]) => Observable; + + /** + * Evaluates whether a proposed Master Password complies with all Master Password policies that apply to the user. + */ + evaluateMasterPassword: ( + passwordStrength: number, + newPassword: string, + enforcedPolicyOptions?: MasterPasswordPolicyOptions + ) => boolean; + + /** + * @returns Reset Password policy options for the specified organization and a boolean indicating whether the policy + * is enabled + */ + getResetPasswordPolicyOptions: ( + policies: Policy[], + orgId: string + ) => [ResetPasswordPolicyOptions, boolean]; + + // Helpers + + /** + * Instantiates {@link Policy} objects from {@link PolicyResponse} objects. + */ + mapPolicyFromResponse: (policyResponse: PolicyResponse) => Policy; + + /** + * Instantiates {@link Policy} objects from {@link ListResponse} objects. + */ + mapPoliciesFromToken: (policiesResponse: ListResponse) => Policy[]; } export abstract class InternalPolicyService extends PolicyService { diff --git a/libs/common/src/admin-console/models/domain/policy.ts b/libs/common/src/admin-console/models/domain/policy.ts index 223066a253..70e9e53704 100644 --- a/libs/common/src/admin-console/models/domain/policy.ts +++ b/libs/common/src/admin-console/models/domain/policy.ts @@ -7,6 +7,11 @@ export class Policy extends Domain { organizationId: string; type: PolicyType; data: any; + + /** + * Warning: a user can be exempt from a policy even if the policy is enabled. + * @see {@link PolicyService} has methods to tell you whether a policy applies to a user. + */ enabled: boolean; constructor(obj?: PolicyData) { diff --git a/libs/common/src/admin-console/services/policy/policy.service.ts b/libs/common/src/admin-console/services/policy/policy.service.ts index d57a7fef3c..1312c01d48 100644 --- a/libs/common/src/admin-console/services/policy/policy.service.ts +++ b/libs/common/src/admin-console/services/policy/policy.service.ts @@ -42,11 +42,6 @@ export class PolicyService implements InternalPolicyServiceAbstraction { .subscribe(); } - /** - * Returns the first policy found that applies to the active user - * @param policyType Policy type to search for - * @param policyFilter Additional filter to apply to the policy - */ get$(policyType: PolicyType, policyFilter?: (policy: Policy) => boolean): Observable { return this.policies$.pipe( concatMap(async (policies) => { @@ -64,9 +59,6 @@ export class PolicyService implements InternalPolicyServiceAbstraction { ); } - /** - * @deprecated Do not call this, use the policies$ observable collection - */ async getAll(type?: PolicyType, userId?: string): Promise { let response: Policy[] = []; const decryptedPolicies = await this.stateService.getDecryptedPolicies({ userId: userId });