-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[PM-11162] Assign To Collections Permission Update #11367
base: main
Are you sure you want to change the base?
Conversation
Codecov ReportAttention: Patch coverage is
✅ All tests successful. No failed tests found. Additional details and impacted files@@ Coverage Diff @@
## main #11367 +/- ##
==========================================
+ Coverage 33.16% 33.19% +0.03%
==========================================
Files 2779 2780 +1
Lines 86228 86417 +189
Branches 16421 16472 +51
==========================================
+ Hits 28597 28688 +91
- Misses 55365 55443 +78
- Partials 2266 2286 +20 ☔ View full report in Codecov by Sentry. |
New Issues
Fixed Issues
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The change to vault-items
looks good!
However, we need to make a similar change to the item-details-section.component
for the new CipherForm. It also allows users to modify a cipher's collections without the "Assign To Collections" dialog so we need to adjust that component to disable the collections control when !cipher.viewPassword
return org.id === this.originalCipherView.organizationId; | ||
}); | ||
|
||
const filteredCollections = this.originalCipherView.collectionIds.find((id) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this.originalCipherView
can be null when creating a new cipher and this will throw.
filteredCollections?.length > 0 || | ||
(this.originalCipherView.edit && this.originalCipherView.viewPassword) | ||
) { | ||
this.showCollectionsControl = true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🎨 I think we can put a check in the initFromExistingCipher
method after the call to updateCollectionOptions()
to check if originalCipher.edit && originalCipher.viewPassword
. If that is false
then we should call this.itemDetailsForm.controls.collectionIds.disable()
which will prevent the user from changing the value.
Then we wouldn't need to modify the updateCollectionOptions()
method.
@@ -191,7 +191,10 @@ export class VaultItemsComponent { | |||
} | |||
|
|||
const organization = this.allOrganizations.find((o) => o.id === cipher.organizationId); | |||
return (organization.canEditAllCiphers && this.viewingOrgVault) || cipher.edit; | |||
return ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💭 I noticed this returned value is used by the vault-cipher-row.component
to show the attachments button. I don't think we want to disable that with when viewPassword == false
so we may need to introduce a new option specifically for assigning collections (e.g. canAssignCollections
)
…ot remove assign to collections based on permissions
this.canAssignCollections = true; | ||
} | ||
|
||
this.organizationService.get$(cipher.organizationId).subscribe((org) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This observable is not unsubscribed.
if (cipher?.organizationId == null) { | ||
this.canAssignCollections = true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't follow this - if the cipher isn't in an organization, you can't assign it to a collection.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@shane-melton this is the file that tagged me for a review, but I think this would fall under Vault ownership under the team boundaries we discussed. Do you agree? If so I can just rubber stamp this review once Vault have approved, but if you could then move it into Vault ownership that would be really helpful.
Also, I was trying to figure out how this is used. I found it in desktop
, but there's also a subclass in web
which appears unused: https://github.com/bitwarden/clients/blob/main/apps/web/src/app/vault/individual-vault/collections.component.ts#L1.
} | ||
|
||
this.organizationService.get$(cipher.organizationId).subscribe((org) => { | ||
this.canAssignCollections = org.canEditAllCiphers || (cipher.edit && cipher.viewPassword); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
org.canEditAllCiphers
checks admin permissions. Do we recognise admin permissions from the individual vault on desktop? I thought we only recognised admin permissions in the Admin Console, regardless of client.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, a canAssignToCollections()
getter on CipherView
might be a useful abstraction, but that's very much your call.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah apologies! All this was a first draft in my brain and I was going to come back to it after working on some CLI stuff.
Thanks for the review, it was super helpful and got me reducing a ton of that code.
🎟️ Tracking
PM-11162
📔 Objective
Only users with
Can Edit
permissions will be allowed toAssign To Collections
. If the user hasCan Edit Except Password
they should not seeAssign To Collections
in the menu of the item row.📸 Screen Recording
PM-11162.mov
Desktop Permissions
PM-11162-Desktop.mov
Screenshot of CLI error when trying to add collection to
Can Edit Except PW
item⏰ Reminders before review
🦮 Reviewer guidelines
:+1:
) or similar for great changes:memo:
) or ℹ️ (:information_source:
) for notes or general info:question:
) for questions:thinking:
) or 💭 (:thought_balloon:
) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion:art:
) for suggestions / improvements:x:
) or:warning:
) for more significant problems or concerns needing attention:seedling:
) or ♻️ (:recycle:
) for future improvements or indications of technical debt:pick:
) for minor or nitpick changes