Skip to content

Commit d5a02e6

Browse files
andrebispo5andrebispo5
authored
[PM-15969] Users with Can Edit access cannot assign collections (#4522)
1 parent a35ec8c commit d5a02e6

File tree

3 files changed

+14
-29
lines changed

3 files changed

+14
-29
lines changed

app/src/main/java/com/x8bit/bitwarden/ui/vault/feature/util/CollectionViewExtensions.kt

+6-19
Original file line numberDiff line numberDiff line change
@@ -110,33 +110,20 @@ fun List<CollectionView>?.hasDeletePermissionInAtLeastOneCollection(
110110
/**
111111
* Checks if the user has permission to assign an item to a collection.
112112
*
113-
* Assigning to a collection is not allowed when the item is in a collection that the user does not
114-
* have "manage" permission for and is also in a collection they cannot view the passwords in.
115-
*
116-
* E.g., If an item is in A collection with "view except passwords" or "edit except passwords"
117-
* permission and in another with "manage" permission, the user **cannot** assign the item to other
118-
* collections. Conversely, if an item is in a collection with "manage" permission and another with
119-
* "view" or "edit" permission, the user **can** assign the item to other collections.
113+
* Assigning to a collection is only allowed when the item is in a collection that the user does
114+
* have "manage" or "edit" permission.
120115
*/
121116
fun List<CollectionView>?.canAssignToCollections(currentCollectionIds: List<String>?): Boolean {
122117
if (this.isNullOrEmpty()) return true
123118
if (currentCollectionIds.isNullOrEmpty()) return true
124119

125-
// Verify user can MANAGE at least one collection the item is in.
120+
// Verify user can MANAGE or EDIT at least one collection the item is in.
126121
return this
127122
.any {
128123
currentCollectionIds.contains(it.id) &&
129-
it.permission == CollectionPermission.MANAGE
130-
} &&
131-
132-
// Verify user does not have "edit except password" or "view except passwords"
133-
// permission in any collection the item is not in.
134-
this
135-
.none {
136-
currentCollectionIds.contains(it.id) &&
137-
(it.permission == CollectionPermission.EDIT_EXCEPT_PASSWORD ||
138-
it.permission == CollectionPermission.VIEW_EXCEPT_PASSWORDS)
139-
}
124+
(it.permission == CollectionPermission.MANAGE ||
125+
it.permission == CollectionPermission.EDIT)
126+
}
140127
}
141128

142129
/**

app/src/test/java/com/x8bit/bitwarden/ui/vault/feature/addedit/VaultAddEditViewModelTest.kt

+7-7
Original file line numberDiff line numberDiff line change
@@ -1187,7 +1187,7 @@ class VaultAddEditViewModelTest : BaseViewModelTest() {
11871187
resourceManager = resourceManager,
11881188
clock = fixedClock,
11891189
canDelete = false,
1190-
canAssignToCollections = false,
1190+
canAssignToCollections = true,
11911191
)
11921192
} returns stateWithName.viewState
11931193

@@ -1215,7 +1215,7 @@ class VaultAddEditViewModelTest : BaseViewModelTest() {
12151215
resourceManager = resourceManager,
12161216
clock = fixedClock,
12171217
canDelete = false,
1218-
canAssignToCollections = false,
1218+
canAssignToCollections = true,
12191219
)
12201220
}
12211221
}
@@ -1385,7 +1385,7 @@ class VaultAddEditViewModelTest : BaseViewModelTest() {
13851385
resourceManager = resourceManager,
13861386
clock = fixedClock,
13871387
canDelete = true,
1388-
canAssignToCollections = false,
1388+
canAssignToCollections = true,
13891389
)
13901390
} returns stateWithName.viewState
13911391

@@ -1414,7 +1414,7 @@ class VaultAddEditViewModelTest : BaseViewModelTest() {
14141414
resourceManager = resourceManager,
14151415
clock = fixedClock,
14161416
canDelete = true,
1417-
canAssignToCollections = false,
1417+
canAssignToCollections = true,
14181418
)
14191419
}
14201420
}
@@ -1440,7 +1440,7 @@ class VaultAddEditViewModelTest : BaseViewModelTest() {
14401440
),
14411441
notes = "mockNotes-1",
14421442
canDelete = true,
1443-
canAssociateToCollections = false,
1443+
canAssociateToCollections = true,
14441444
),
14451445
)
14461446

@@ -1452,7 +1452,7 @@ class VaultAddEditViewModelTest : BaseViewModelTest() {
14521452
resourceManager = resourceManager,
14531453
clock = fixedClock,
14541454
canDelete = true,
1455-
canAssignToCollections = false,
1455+
canAssignToCollections = true,
14561456
)
14571457
} returns stateWithName.viewState
14581458

@@ -1481,7 +1481,7 @@ class VaultAddEditViewModelTest : BaseViewModelTest() {
14811481
resourceManager = resourceManager,
14821482
clock = fixedClock,
14831483
canDelete = true,
1484-
canAssignToCollections = false,
1484+
canAssignToCollections = true,
14851485
)
14861486
}
14871487
}

app/src/test/java/com/x8bit/bitwarden/ui/vault/feature/util/CollectionViewExtensionsTest.kt

+1-3
Original file line numberDiff line numberDiff line change
@@ -155,13 +155,11 @@ class CollectionViewExtensionsTest {
155155

156156
@Suppress("MaxLineLength")
157157
@Test
158-
fun `canAssociateToCollections should return false if the user has except password permission at least one collection`() {
158+
fun `canAssociateToCollections should return false if the user doesn't have any manage or edit permissions`() {
159159
val collectionList: List<CollectionView> = listOf(
160160
createEditExceptPasswordsCollectionView(number = 1),
161161
createViewCollectionView(number = 2),
162162
createViewExceptPasswordsCollectionView(number = 3),
163-
createManageCollectionView(number = 4),
164-
createEditCollectionView(number = 5),
165163
)
166164
val collectionIds = collectionList.mapNotNull { it.id }
167165
assertFalse(collectionList.canAssignToCollections(collectionIds))

0 commit comments

Comments
 (0)