[PM-7292] Fix viewing/editing unassigned ciphers for admins (#8627)

* [PM-7292] Introduce canEditUnassignedCiphers helper

* [PM-7292] Use new canEditUnassignedCiphers helper

* [PM-7292] Remove duplicate canUseAdminCollections helper
This commit is contained in:
Shane Melton 2024-04-05 08:23:50 -07:00 committed by GitHub
parent 09169cac71
commit cbf48decec
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 9 additions and 10 deletions

View File

@ -213,7 +213,7 @@ export class VaultComponent implements OnInit, OnDestroy {
switchMap(async ([organization]) => { switchMap(async ([organization]) => {
this.organization = organization; this.organization = organization;
if (!organization.canUseAdminCollections(this.flexibleCollectionsV1Enabled)) { if (!organization.canEditAnyCollection(this.flexibleCollectionsV1Enabled)) {
await this.syncService.fullSync(false); await this.syncService.fullSync(false);
} }
@ -407,8 +407,7 @@ export class VaultComponent implements OnInit, OnDestroy {
]).pipe( ]).pipe(
map(([filter, collection, organization]) => { map(([filter, collection, organization]) => {
return ( return (
(filter.collectionId === Unassigned && (filter.collectionId === Unassigned && !organization.canEditUnassignedCiphers()) ||
!organization.canUseAdminCollections(this.flexibleCollectionsV1Enabled)) ||
(!organization.canEditAllCiphers(this.flexibleCollectionsV1Enabled) && (!organization.canEditAllCiphers(this.flexibleCollectionsV1Enabled) &&
collection != undefined && collection != undefined &&
!collection.node.assigned) !collection.node.assigned)
@ -454,12 +453,11 @@ export class VaultComponent implements OnInit, OnDestroy {
map(([filter, collection, organization]) => { map(([filter, collection, organization]) => {
return ( return (
// Filtering by unassigned, show message if not admin // Filtering by unassigned, show message if not admin
(filter.collectionId === Unassigned && (filter.collectionId === Unassigned && !organization.canEditUnassignedCiphers()) ||
!organization.canUseAdminCollections(this.flexibleCollectionsV1Enabled)) ||
// Filtering by a collection, so show message if user is not assigned // Filtering by a collection, so show message if user is not assigned
(collection != undefined && (collection != undefined &&
!collection.node.assigned && !collection.node.assigned &&
!organization.canUseAdminCollections(this.flexibleCollectionsV1Enabled)) !organization.canEditAnyCollection(this.flexibleCollectionsV1Enabled))
); );
}), }),
shareReplay({ refCount: true, bufferSize: 1 }), shareReplay({ refCount: true, bufferSize: 1 }),
@ -482,7 +480,7 @@ export class VaultComponent implements OnInit, OnDestroy {
(await firstValueFrom(allCipherMap$))[cipherId] != undefined; (await firstValueFrom(allCipherMap$))[cipherId] != undefined;
} else { } else {
canEditCipher = canEditCipher =
organization.canUseAdminCollections(this.flexibleCollectionsV1Enabled) || organization.canEditAnyCollection(this.flexibleCollectionsV1Enabled) ||
(await this.cipherService.get(cipherId)) != null; (await this.cipherService.get(cipherId)) != null;
} }

View File

@ -662,7 +662,7 @@ export class AddEditComponent implements OnInit, OnDestroy {
// if a cipher is unassigned we want to check if they are an admin or have permission to edit any collection // if a cipher is unassigned we want to check if they are an admin or have permission to edit any collection
if (!cipher.collectionIds) { if (!cipher.collectionIds) {
orgAdmin = this.organization?.canEditAllCiphers(this.flexibleCollectionsV1Enabled); orgAdmin = this.organization?.canEditUnassignedCiphers();
} }
return this.cipher.id == null return this.cipher.id == null

View File

@ -203,8 +203,9 @@ export class Organization {
); );
} }
canUseAdminCollections(flexibleCollectionsV1Enabled: boolean) { canEditUnassignedCiphers() {
return this.canEditAnyCollection(flexibleCollectionsV1Enabled); // TODO: Update this to exclude Providers if provider access is restricted in AC-1707
return this.isAdmin || this.permissions.editAnyCollection;
} }
canEditAllCiphers(flexibleCollectionsV1Enabled: boolean) { canEditAllCiphers(flexibleCollectionsV1Enabled: boolean) {