[PM-13360] Respect manage permission to assign collections #4190

SaintPatrck · 2024-10-29T21:33:48Z

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-13360

📔 Objective

This commit prevents users from assigning items to collections if the item is already in a read-only collection where the user does not have "manage" permission.

This change ensures that users with limited permissions cannot modify items in a way that violates the collection's access controls.

📸 Screenshots

Coming soon!

⏰ Reminders before review

Contributor guidelines followed
All formatters and local linters executed and passed
Written new unit and / or integration tests where applicable
Used internationalization (i18n) for all UI strings
CI builds passed
Communicated to DevOps any deployment requirements
Updated any necessary documentation or informed the documentation team

🦮 Reviewer guidelines

👍 (:+1:) or similar for great changes
📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
❓ (:question:) for questions
🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed
issue and could potentially benefit from discussion
🎨 (:art:) for suggestions / improvements
❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
⛏ (:pick:) for minor or nitpick changes

codecov · 2024-10-29T21:55:49Z

Codecov Report

Attention: Patch coverage is 50.00000% with 20 lines in your changes missing coverage. Please review.

Please upload report for BASE (PM-12922/delete-collection-permission@9850607). Learn more about missing BASE report.

Files with missing lines	Patch %	Lines
.../ui/vault/feature/addedit/VaultAddEditViewModel.kt	35.71%	0 Missing and 9 partials ⚠️
...warden/ui/vault/feature/item/VaultItemViewModel.kt	40.00%	0 Missing and 9 partials ⚠️
...den/ui/vault/feature/addedit/VaultAddEditScreen.kt	80.00%	0 Missing and 1 partial ⚠️
...bitwarden/ui/vault/feature/item/VaultItemScreen.kt	75.00%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@                           Coverage Diff                            @@
##             PM-12922/delete-collection-permission    #4190   +/-   ##
========================================================================
  Coverage                                         ?   89.03%           
========================================================================
  Files                                            ?      445           
  Lines                                            ?    38714           
  Branches                                         ?     5442           
========================================================================
  Hits                                             ?    34468           
  Misses                                           ?     2344           
  Partials                                         ?     1902

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

…cResponseJson This commit adds the `canManage` property to the `CollectionEntity` and `SyncResponseJson` classes to support the management of collections. It also includes necessary test updates and updates to the database schema to reflect these changes.

Disables the delete button for items in collections where the user does not have "manage" permission. This change ensures that users cannot delete items from collections they are not authorized to manage. It updates the UI to reflect the user's permissions and prevents accidental or unauthorized deletions.

This commit prevents users from assigning items to collections if the item is already in a read-only collection where the user does not have "manage" permission. This change ensures that users with limited permissions cannot modify items in a way that violates the collection's access controls.

david-livefront · 2024-10-31T20:56:17Z

app/src/main/java/com/x8bit/bitwarden/ui/vault/feature/addedit/VaultAddEditScreen.kt

+                                .takeUnless {
+                                    state.isAddItemMode ||
+                                        (!state.isCipherInCollection ||
+                                            !state.canAssociateToCollections)


You don't need these parenthesis

SaintPatrck requested review from brian-livefront, david-livefront, dseverns-livefront, ahaisting-livefront and a team as code owners October 29, 2024 21:33

SaintPatrck force-pushed the PM-12922/delete-collection-permission branch 2 times, most recently from b935392 to 17d36f0 Compare October 29, 2024 22:24

SaintPatrck force-pushed the PM-12922/delete-collection-permission branch from 17d36f0 to 9850607 Compare October 29, 2024 22:25

SaintPatrck force-pushed the PM-13360/collection-association-permission branch from 9d8e0f0 to 76954d4 Compare October 30, 2024 15:19

SaintPatrck force-pushed the PM-12922/delete-collection-permission branch 4 times, most recently from 4d2f1c2 to 70a7e99 Compare October 31, 2024 14:29

david-livefront reviewed Oct 31, 2024

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[PM-13360] Respect manage permission to assign collections #4190

[PM-13360] Respect manage permission to assign collections #4190

SaintPatrck commented Oct 29, 2024

codecov bot commented Oct 29, 2024 •

edited

Loading

david-livefront Oct 31, 2024

[PM-13360] Respect manage permission to assign collections #4190

Are you sure you want to change the base?

[PM-13360] Respect manage permission to assign collections #4190

Conversation

SaintPatrck commented Oct 29, 2024

🎟️ Tracking

📔 Objective

📸 Screenshots

⏰ Reminders before review

🦮 Reviewer guidelines

codecov bot commented Oct 29, 2024 • edited Loading

Codecov Report

david-livefront Oct 31, 2024

Choose a reason for hiding this comment

codecov bot commented Oct 29, 2024 •

edited

Loading