[AC-2763] Allow providers who are also members access to items (#9585)
* [AC-2763] Do not restrict providers if they are also a member of the organization * [AC-2763] Reduce branching complexity * [AC-2763] Remove explicit restrict provider access checks in Vault We can safely fall back organization helpers for cipher access as it already accounts for provider users who are members.
This commit is contained in:
parent
d8c764fc9e
commit
e56a3386a2
|
@ -311,10 +311,6 @@ export class VaultComponent implements OnInit, OnDestroy {
|
||||||
|
|
||||||
this.editableCollections$ = this.allCollectionsWithoutUnassigned$.pipe(
|
this.editableCollections$ = this.allCollectionsWithoutUnassigned$.pipe(
|
||||||
map((collections) => {
|
map((collections) => {
|
||||||
// If restricted, providers can not add items to any collections or edit those items
|
|
||||||
if (this.organization.isProviderUser && this.restrictProviderAccessEnabled) {
|
|
||||||
return [];
|
|
||||||
}
|
|
||||||
// Users that can edit all ciphers can implicitly add to / edit within any collection
|
// Users that can edit all ciphers can implicitly add to / edit within any collection
|
||||||
if (
|
if (
|
||||||
this.organization.canEditAllCiphers(
|
this.organization.canEditAllCiphers(
|
||||||
|
@ -356,10 +352,6 @@ export class VaultComponent implements OnInit, OnDestroy {
|
||||||
}
|
}
|
||||||
let ciphers;
|
let ciphers;
|
||||||
|
|
||||||
if (organization.isProviderUser && this.restrictProviderAccessEnabled) {
|
|
||||||
return [];
|
|
||||||
}
|
|
||||||
|
|
||||||
if (this.flexibleCollectionsV1Enabled) {
|
if (this.flexibleCollectionsV1Enabled) {
|
||||||
// Flexible collections V1 logic.
|
// Flexible collections V1 logic.
|
||||||
// If the user can edit all ciphers for the organization then fetch them ALL.
|
// If the user can edit all ciphers for the organization then fetch them ALL.
|
||||||
|
@ -488,10 +480,6 @@ export class VaultComponent implements OnInit, OnDestroy {
|
||||||
organization$,
|
organization$,
|
||||||
]).pipe(
|
]).pipe(
|
||||||
map(([filter, collection, organization]) => {
|
map(([filter, collection, organization]) => {
|
||||||
if (organization.isProviderUser && this.restrictProviderAccessEnabled) {
|
|
||||||
return collection != undefined || filter.collectionId === Unassigned;
|
|
||||||
}
|
|
||||||
|
|
||||||
return (
|
return (
|
||||||
(filter.collectionId === Unassigned &&
|
(filter.collectionId === Unassigned &&
|
||||||
!organization.canEditUnassignedCiphers(this.restrictProviderAccessEnabled)) ||
|
!organization.canEditUnassignedCiphers(this.restrictProviderAccessEnabled)) ||
|
||||||
|
|
|
@ -195,10 +195,18 @@ export class Organization {
|
||||||
}
|
}
|
||||||
|
|
||||||
canEditUnassignedCiphers(restrictProviderAccessFlagEnabled: boolean) {
|
canEditUnassignedCiphers(restrictProviderAccessFlagEnabled: boolean) {
|
||||||
if (this.isProviderUser) {
|
// Providers can access items until the restrictProviderAccess flag is enabled
|
||||||
return !restrictProviderAccessFlagEnabled;
|
// After the flag is enabled and removed, this block will be deleted
|
||||||
|
// so that they permanently lose access to items
|
||||||
|
if (this.isProviderUser && !restrictProviderAccessFlagEnabled) {
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
return this.isAdmin || this.permissions.editAnyCollection;
|
|
||||||
|
return (
|
||||||
|
this.type === OrganizationUserType.Admin ||
|
||||||
|
this.type === OrganizationUserType.Owner ||
|
||||||
|
this.permissions.editAnyCollection
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
canEditAllCiphers(
|
canEditAllCiphers(
|
||||||
|
@ -210,8 +218,11 @@ export class Organization {
|
||||||
return this.isAdmin || this.permissions.editAnyCollection;
|
return this.isAdmin || this.permissions.editAnyCollection;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (this.isProviderUser) {
|
// Providers can access items until the restrictProviderAccess flag is enabled
|
||||||
return !restrictProviderAccessFlagEnabled;
|
// After the flag is enabled and removed, this block will be deleted
|
||||||
|
// so that they permanently lose access to items
|
||||||
|
if (this.isProviderUser && !restrictProviderAccessFlagEnabled) {
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Post Flexible Collections V1, the allowAdminAccessToAllCollectionItems flag can restrict admins
|
// Post Flexible Collections V1, the allowAdminAccessToAllCollectionItems flag can restrict admins
|
||||||
|
|
Loading…
Reference in New Issue