-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[AC-2172] Member modal - limit admin access #8343
[AC-2172] Member modal - limit admin access #8343
Conversation
… collections in the org vault edit collections modal
…all collections in ciphers
…ed, readonly, and manage properties
…when in individual vault
… super.loadCipher
…cover custom users with manage access
…ditCipherCollections for better updates to collections modal when flag is off
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #8343 +/- ##
==========================================
- Coverage 27.37% 27.37% -0.01%
==========================================
Files 2344 2344
Lines 68455 68463 +8
Branches 12798 12800 +2
==========================================
Hits 18739 18739
- Misses 48312 48320 +8
Partials 1404 1404 ☔ View full report in Codecov by Sentry. |
New Issues
Fixed Issues
|
…unassigned does not show in modal
* Return value depends on collection management setting, wrapped behind the v1 feature flag * Update calling locations
I had some interesting issues with data flow in Angular. I noticed that disabled rows were still appearing in the value being emitted by the access-selector until the user interacted with it. (The commit exhibiting this problem is 3d406bb.) I tried to fix this in fdbeb48, but that is not a proper fix, and it caused unit tests to start failing because the control was emitting more times than expected. My diagnosis:
After some experimentation, I thought the best way to resolve it was to not pass potentially "disabled" values into the FormControl to begin with. The fixes are in the last 2 commits. The updated logic is:
It does make the logic more complex in some ways, but the LOC impact is still small, and it avoids trying to hack around Angular change detection, which I think is worth it. Interestingly, it reverts all changes to the access-selector - we now set up all our data in the member modal only. Arguably that's a good thing because it reflects the presentational design of the component and avoids adding complexity to it. |
I noticed that the previous logic did not filter out readonly collections when inviting a new user. This meant they were all selected by default. I moved the initial assignment of |
), | ||
); | ||
|
||
const accessSelections = mapToAccessSelections(userDetails); | ||
// Set current collections and groups the user has access to (excluding collections the current user doesn't have | ||
// permissions to change - they are included as readonly via the CollectionAccessItems |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing a closing )
for this comment.
* limit admin permissions to assign members to collections that the admin doesn't have can manage permissions for
Type of change
Objective
In the Member modal, if owners and admins cannot manage all collections and items, then you should only be able to edit collection assignments for collections that you have Can Manage access to.
This depends on:
On the plus side, once those are merged, this PR is fairly minimal (if dense).
Sever changes are WIP.
Code changes
member-dialog.component.ts
- most of this diff is just adding acollection.canEdit
check inmapCollectionToAccessItemView
. However, that requires the org and the v1 flag, so there's a large footprint just getting those values there.access-selector.component.ts
-item.readonly
to mean "collection access via a group", because that was the only type of readonly item. However, we now have 2 types (collection access via group, and a collection you don't manage), so some places needed updating to limit their reach.Screenshots
Before you submit