diff --git a/src/Api/AdminConsole/Public/Controllers/GroupsController.cs b/src/Api/AdminConsole/Public/Controllers/GroupsController.cs index 01c38a084f..4113014ac3 100644 --- a/src/Api/AdminConsole/Public/Controllers/GroupsController.cs +++ b/src/Api/AdminConsole/Public/Controllers/GroupsController.cs @@ -110,7 +110,7 @@ public class GroupsController : Controller public async Task Post([FromBody] GroupCreateUpdateRequestModel model) { var group = model.ToGroup(_currentContext.OrganizationId.Value); - var associations = model.Collections?.Select(c => c.ToSelectionReadOnly()); + var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection()); var organization = await _organizationRepository.GetByIdAsync(_currentContext.OrganizationId.Value); await _createGroupCommand.CreateGroupAsync(group, organization, associations); var response = new GroupResponseModel(group, associations); @@ -139,7 +139,7 @@ public class GroupsController : Controller } var updatedGroup = model.ToGroup(existingGroup); - var associations = model.Collections?.Select(c => c.ToSelectionReadOnly()); + var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection()); var organization = await _organizationRepository.GetByIdAsync(_currentContext.OrganizationId.Value); await _updateGroupCommand.UpdateGroupAsync(updatedGroup, organization, associations); var response = new GroupResponseModel(updatedGroup, associations); diff --git a/src/Api/AdminConsole/Public/Controllers/MembersController.cs b/src/Api/AdminConsole/Public/Controllers/MembersController.cs index 9c862f5202..3fde19faa7 100644 --- a/src/Api/AdminConsole/Public/Controllers/MembersController.cs +++ b/src/Api/AdminConsole/Public/Controllers/MembersController.cs @@ -119,7 +119,7 @@ public class MembersController : Controller [ProducesResponseType(typeof(ErrorResponseModel), (int)HttpStatusCode.BadRequest)] public async Task Post([FromBody] MemberCreateRequestModel model) { - var associations = model.Collections?.Select(c => c.ToSelectionReadOnly()); + var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection()); var invite = new OrganizationUserInvite { Emails = new List { model.Email }, @@ -154,7 +154,7 @@ public class MembersController : Controller return new NotFoundResult(); } var updatedUser = model.ToOrganizationUser(existingUser); - var associations = model.Collections?.Select(c => c.ToSelectionReadOnly()); + var associations = model.Collections?.Select(c => c.ToCollectionAccessSelection()); await _organizationService.SaveUserAsync(updatedUser, null, associations, model.Groups); MemberResponseModel response = null; if (existingUser.UserId.HasValue) diff --git a/src/Api/AdminConsole/Public/Models/AssociationWithPermissionsBaseModel.cs b/src/Api/AdminConsole/Public/Models/AssociationWithPermissionsBaseModel.cs index 9ccc17915d..4e24d2462f 100644 --- a/src/Api/AdminConsole/Public/Models/AssociationWithPermissionsBaseModel.cs +++ b/src/Api/AdminConsole/Public/Models/AssociationWithPermissionsBaseModel.cs @@ -15,4 +15,9 @@ public abstract class AssociationWithPermissionsBaseModel /// [Required] public bool? ReadOnly { get; set; } + /// + /// When true, the hide passwords permission will not allow the user or group to view passwords. + /// This prevents easy copy-and-paste of hidden items, however it may not completely prevent user access. + /// + public bool? HidePasswords { get; set; } } diff --git a/src/Api/AdminConsole/Public/Models/Request/AssociationWithPermissionsRequestModel.cs b/src/Api/AdminConsole/Public/Models/Request/AssociationWithPermissionsRequestModel.cs index a367e8d4e6..fcf5a68ba2 100644 --- a/src/Api/AdminConsole/Public/Models/Request/AssociationWithPermissionsRequestModel.cs +++ b/src/Api/AdminConsole/Public/Models/Request/AssociationWithPermissionsRequestModel.cs @@ -4,12 +4,13 @@ namespace Bit.Api.AdminConsole.Public.Models.Request; public class AssociationWithPermissionsRequestModel : AssociationWithPermissionsBaseModel { - public CollectionAccessSelection ToSelectionReadOnly() + public CollectionAccessSelection ToCollectionAccessSelection() { return new CollectionAccessSelection { Id = Id.Value, - ReadOnly = ReadOnly.Value + ReadOnly = ReadOnly.Value, + HidePasswords = HidePasswords.GetValueOrDefault() }; } } diff --git a/src/Api/AdminConsole/Public/Models/Response/AssociationWithPermissionsResponseModel.cs b/src/Api/AdminConsole/Public/Models/Response/AssociationWithPermissionsResponseModel.cs index 08d9e36d45..798234e7a6 100644 --- a/src/Api/AdminConsole/Public/Models/Response/AssociationWithPermissionsResponseModel.cs +++ b/src/Api/AdminConsole/Public/Models/Response/AssociationWithPermissionsResponseModel.cs @@ -12,5 +12,6 @@ public class AssociationWithPermissionsResponseModel : AssociationWithPermission } Id = selection.Id; ReadOnly = selection.ReadOnly; + HidePasswords = selection.HidePasswords; } } diff --git a/src/Api/Public/Controllers/CollectionsController.cs b/src/Api/Public/Controllers/CollectionsController.cs index f2a745862c..97f082cb8a 100644 --- a/src/Api/Public/Controllers/CollectionsController.cs +++ b/src/Api/Public/Controllers/CollectionsController.cs @@ -89,7 +89,7 @@ public class CollectionsController : Controller return new NotFoundResult(); } var updatedCollection = model.ToCollection(existingCollection); - var associations = model.Groups?.Select(c => c.ToSelectionReadOnly()); + var associations = model.Groups?.Select(c => c.ToCollectionAccessSelection()); await _collectionService.SaveAsync(updatedCollection, associations); var response = new CollectionResponseModel(updatedCollection, associations); return new JsonResult(response);