[PM-11162] Assign To Collections Permission Update

[Jingo88]

🎟️ Tracking

PM-11162

📔 Objective

Only users with Can Edit permissions will be allowed to Assign To Collections. If the user has Can Edit Except Password they should not see Assign To Collections in the menu of the item row.

UPDATE:
After speaking with product and design we have decided to move away from hiding Can Edit Except Passwords collections from the dropdown.

If an item belongs to only a Can Edit Except Passwords collection, the user will not see the Assign to Collections action in the item row menu, and the collections dropdown will be disabled

If an item belongs to multiple collections with a higher permission (e.g. item is in Can Edit Except Password and Can Manage) the user will see the Assign to Collections action, and the collections dropdown in the edit modal will show all available collections

📸 Screen Recording

PM-11162.mov

Desktop Permissions

PM-11162-Desktop.mov

Screenshot of CLI error when trying to add collection to Can Edit Except PW item UPDATED (shows new error text)

Removed Assign option from Can Edit Except PW items in browser

PM-14165-browser-assign-remove.mov

Recording of Collections dropdown disable for item with only Can Edit Except PW. And dropdown available for item with multiple collections including a Manage/Edit permission.

PM-11162-edit-except-pw-PM-AC.mov

Recording for PM-17390 - When Owners/Admin Access setting is turned on, disable collection options in PM for Owners if they do not have Edit/Manage permissions

Screen.Recording.2025-01-27.at.11.14.53.AM.mov

Recording for PM-17390 - Custom User Flow in PM

PM-17390-custom-user-collection-edit-except-pw-check.mov

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[codecov]

Codecov Report

Attention: Patch coverage is 34.28571% with 23 lines in your changes missing coverage. Please review.

Project coverage is 35.39%. Comparing base (aeb4e21) to head (f98884f).
Report is 8 commits behind head on main.

Files with missing lines	Patch %	Lines
...ult/src/components/assign-collections.component.ts	0.00%	6 Missing ⚠️
...lt/components/vault-items/vault-items.component.ts	0.00%	4 Missing ⚠️
...nts/item-details/item-details-section.component.ts	75.00%	3 Missing and 1 partial ⚠️
libs/common/src/vault/models/view/cipher.view.ts	0.00%	3 Missing ⚠️
apps/cli/src/commands/edit.command.ts	0.00%	2 Missing ⚠️
...mponents/vault-items/vault-cipher-row.component.ts	0.00%	2 Missing ⚠️
...2/item-more-options/item-more-options.component.ts	0.00%	1 Missing ⚠️
apps/cli/src/models/response.ts	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #11367      +/-   ##
==========================================
- Coverage   35.39%   35.39%   -0.01%     
==========================================
  Files        3009     3009              
  Lines       90783    90807      +24     
  Branches    16868    16876       +8     
==========================================
+ Hits        32137    32144       +7     
- Misses      56182    56199      +17     
  Partials     2464     2464              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

Checkmarx One – Scan Summary & Details – 92453ffd-8963-4db9-86af-82646864e2a5

Great job, no security vulnerabilities found in this Pull Request

[shane-melton]

The change to vault-items looks good!

However, we need to make a similar change to the item-details-section.component for the new CipherForm. It also allows users to modify a cipher's collections without the "Assign To Collections" dialog so we need to adjust that component to disable the collections control when !cipher.viewPassword

[shane-melton]

⚠️ this.originalCipherView can be null when creating a new cipher and this will throw.

[shane-melton]

⚠️ We only want to disable the collection control when they don't have access to assign to other collections. Disabling allows the user to still see what its assigned to, otherwise there is no way to view that information.

[eliykat]

I don't follow this - if the cipher isn't in an organization, you can't assign it to a collection.

[shane-melton]

Looks good to go! There do seem to be a couple merge conflicts though

[cd-bitwarden]

Looks good

[cd-bitwarden]

You're most recent changes look good 👍

[cd-bitwarden]

LGTM!

[cd-bitwarden]

lgtm