nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 23:52:50 -05:00
Code Activity

Add RBAC to Bitwarden Portal (#2853)

Browse Source 
* Auth/pm-48 (#2680)

* PM-48 - add user's role as a claim and establish access control service

* PM-48 - remove function unrelated to the role claim

* PM-48 - fix whitespace issues

* PM-48 - move registration of CustomClaimsPrincipalFactory, replace role claim type string with constant, streamline code that retrieves the user's role

* Auth/pm-47 (#2699)

* PM-48 - add user's role as a claim and establish access control service

* PM-48 - remove function unrelated to the role claim

* PM-48 - fix whitespace issues

* PM-47 - add list of permission enums, role:permissions mapping, and function that determines if the logged in user has the given permission

* PM-47 - remove unneeded service registration, set role to lowercase

* PM-47 - fix code style issues

* PM-46 - create permission filter attribute (#2753)

* Auth/pm-54 add rbac for users (#2758)

* PM-54 - add permission gates to User elements

* PM-54 - fix formatting

* PM-54 - remove unused function

* PM-54 - fix variable reference, add permission to billing role

* PM-54 - handle Upgrade Premium button functionality and fix spelling

* PM-54 - change permission name to be more accurate

* PM-49 - update role retrieval (#2779)

* Auth/[PM-50] add rbac for logs (#2782)

* PM-50 - add rbac for logs

* PM-50 - remove unnecessary action filter

* PM-51 - add RBAC for tools (#2799)

* Auth/[pm-52] add rbac providers (#2818)

* PM-52 add rbac for providers

* PM-52 - update redirect action

* PM-52 - add back edit functionality and permission

* PM-52 - reverse changes around removing edit functionality

* PM-52 - moved permission check to variable assignement

* PM-53 - add rbac for organizations (#2798)

* PM-52 - add missed permission to billing role (#2836)

* Fixed merge conflicts.

* [PM-1846] Updates to add RBAC back after merge conflicts (#2870)

* Updates to add RBAC to changes from reseller.

* Added back checks for delete and initiating a trial.

* Removed extraneous Razor tag.

---------

Co-authored-by: dgoodman-bw <109169446+dgoodman-bw@users.noreply.github.com>
Co-authored-by: Danielle Goodman <dgoodman@bitwarden.com>
Co-authored-by: Jacob Fink <jfink@bitwarden.com>
This commit is contained in:
Todd Martin
2023-05-04 15:18:49 -04:00
committed by GitHub
parent 2ac513e15a
commit 0bd0910c39
24 changed files with 1101 additions and 410 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
src/Admin/Views/Organizations/Edit.cshtml
View File

@ -1,6 +1,13 @@
@model OrganizationEditModel
@using Bit.Admin.Enums;
@inject Bit.Admin.Services.IAccessControlService AccessControlService
@model OrganizationEditModel
@{
ViewData["Title"] = (Model.Provider != null ? "Client " : string.Empty) + "Organization: " + Model.Organization.Name;
var canViewOrganizationInformation = AccessControlService.UserHasPermission(Permission.Org_OrgInformation_View);
var canViewBillingInformation = AccessControlService.UserHasPermission(Permission.Org_BillingInformation_View);
var canInitiateTrial = AccessControlService.UserHasPermission(Permission.Org_InitiateTrial);
var canDelete = AccessControlService.UserHasPermission(Permission.Org_Delete);
}
@section Scripts {
@ -79,24 +86,41 @@
<h2>Provider Relationship</h2>
@await Html.PartialAsync("_ProviderInformation", Model.Provider)
}
<h2>Organization Information</h2>
@await Html.PartialAsync("_ViewInformation", Model)
<h2>Billing Information</h2>
@await Html.PartialAsync("_BillingInformation",
new BillingInformationModel { BillingInfo = Model.BillingInfo, OrganizationId = Model.Organization.Id })
@if (canViewOrganizationInformation)
{
<h2>Organization Information</h2>
@await Html.PartialAsync("_ViewInformation", Model)
}
@if (canViewBillingInformation)
{
<h2>Billing Information</h2>
@await Html.PartialAsync("_BillingInformation",
new BillingInformationModel { BillingInfo = Model.BillingInfo, OrganizationId = Model.Organization.Id, Entity = "Organization" })
}
@await Html.PartialAsync("_OrganizationForm", Model)
<div class="d-flex mt-4">
<button type="submit" class="btn btn-primary" form="edit-form">Save</button>
<div class="ml-auto d-flex">
<button class="btn btn-secondary mr-2" type="button" id="teams-trial">
Teams Trial
</button>
<button class="btn btn-secondary mr-2" type="button" id="enterprise-trial">
Enterprise Trial
</button>
<form asp-action="Delete" asp-route-id="@Model.Organization.Id"
onsubmit="return confirm('Are you sure you want to delete this organization?')">
<button class="btn btn-danger" type="submit">Delete</button>
</form>
@if (canInitiateTrial)
{
<button class="btn btn-secondary mr-2" type="button" id="teams-trial">
Teams Trial
</button>
<button class="btn btn-secondary mr-2" type="button" id="enterprise-trial">
Enterprise Trial
</button>
}
@if (canDelete)
{
<form asp-action="Delete" asp-route-id="@Model.Organization.Id"
onsubmit="return confirm('Are you sure you want to delete this organization?')">
<button class="btn btn-danger" type="submit">Delete</button>
</form>
}
</div>
</div>

10
src/Admin/Views/Providers/Admins.cshtml
View File

@ -1,4 +1,11 @@
@using Bit.Admin.Enums;
@inject Bit.Admin.Services.IAccessControlService AccessControlService
@model ProviderViewModel
@{
var canResendEmailInvite = AccessControlService.UserHasPermission(Permission.Provider_ResendEmailInvite);
}
<h2>Provider Admins</h2>
<div class="row">
<div class="col-8">
@ -31,7 +38,8 @@
</td>
<td>
@if(admin.Status.Equals(ProviderUserStatusType.Confirmed)
&& @Model.Provider.Status.Equals(ProviderStatusType.Pending))
&& @Model.Provider.Status.Equals(ProviderStatusType.Pending)
&& canResendEmailInvite)
{
@if(@TempData["InviteResentTo"] != null && @TempData["InviteResentTo"].ToString() == @admin.UserId.Value.ToString())
{

43
src/Admin/Views/Providers/Edit.cshtml
View File

@ -1,6 +1,11 @@
@model ProviderEditModel
@using Bit.Admin.Enums;
@inject Bit.Admin.Services.IAccessControlService AccessControlService
@model ProviderEditModel
@{
ViewData["Title"] = "Provider: " + Model.Provider.Name;
var canEdit = AccessControlService.UserHasPermission(Permission.Provider_Edit);
}
<h1>Provider <small>@Model.Provider.Name</small></h1>
@ -10,29 +15,21 @@
@await Html.PartialAsync("Admins", Model)
<form method="post" id="edit-form">
<h2>General</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="Name"></label>
<input type="text" class="form-control" asp-for="Name" required>
</div>
</div>
</div>
<dl class="row">
<dt class="col-sm-4 col-lg-3">Name</dt>
<dd class="col-sm-8 col-lg-9">@Model.Provider.Name</dd>
</dl>
<h2>Business Information</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="BusinessName"></label>
<input type="text" class="form-control" asp-for="BusinessName">
</div>
</div>
</div>
<dl class="row">
<dt class="col-sm-4 col-lg-3">Business Name</dt>
<dd class="col-sm-8 col-lg-9">@Model.Provider.BusinessName</dd>
</dl>
<h2>Billing</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="BillingEmail"></label>
<input type="email" class="form-control" asp-for="BillingEmail">
<input type="email" class="form-control" asp-for="BillingEmail" readonly='@(!canEdit)'>
</div>
</div>
</div>
@ -46,6 +43,10 @@
</div>
</form>
@await Html.PartialAsync("Organizations", Model)
<div class="d-flex mt-4">
<button type="submit" class="btn btn-primary" form="edit-form">Save</button>
</div>
@if (canEdit)
{
<div class="d-flex mt-4">
<button type="submit" class="btn btn-primary" form="edit-form">Save</button>
</div>
}

16
src/Admin/Views/Providers/Index.cshtml
View File

@ -1,7 +1,12 @@
@using Bit.SharedWeb.Utilities
@using Bit.SharedWeb.Utilities
@using Bit.Admin.Enums;
@inject Bit.Admin.Services.IAccessControlService AccessControlService
@model ProvidersModel
@{
ViewData["Title"] = "Providers";
var canCreateProvider = AccessControlService.UserHasPermission(Permission.Provider_Create);
}
<h1>Providers</h1>
@ -16,9 +21,12 @@
<button type="submit" class="btn btn-primary mb-2" title="Search"><i class="fa fa-search"></i> Search</button>
</form>
</div>
<div class="col-auto">
<a asp-action="Create" class="btn btn-secondary">Create Provider</a>
</div>
@if (canCreateProvider)
{
<div class="col-auto">
<a asp-action="Create" class="btn btn-secondary">Create Provider</a>
</div>
}
</div>
<div class="table-responsive">

48
src/Admin/Views/Shared/_BillingInformation.cshtml
View File

@ -1,4 +1,15 @@
@model BillingInformationModel
@using Bit.Admin.Enums;
@inject Bit.Admin.Services.IAccessControlService AccessControlService
@model BillingInformationModel
@{
var canManageTransactions = Model.Entity == "User" ? AccessControlService.UserHasPermission(Permission.User_BillingInformation_CreateEditTransaction)
: AccessControlService.UserHasPermission(Permission.Org_BillingInformation_CreateEditTransaction);
var canDownloadInvoice = Model.Entity == "User" ? AccessControlService.UserHasPermission(Permission.User_BillingInformation_DownloadInvoice)
: AccessControlService.UserHasPermission(Permission.Org_BillingInformation_DownloadInvoice);
}
<dl class="row">
<dt class="col-sm-4 col-lg-3">Account @(Model.BillingInfo.Balance <= 0 ? "Credit" : "Balance")</dt>
<dd class="col-sm-8 col-lg-9">@Math.Abs(Model.BillingInfo.Balance).ToString("C")</dd>
@ -16,11 +27,14 @@
<td><a target="_blank" href="@invoice.Url" title="View Invoice">@invoice.Number</a></td>
<td>@invoice.Amount.ToString("C")</td>
<td>@(invoice.Paid ? "Paid" : "Unpaid")</td>
<td>
<a target="_blank" href="@invoice.PdfUrl" title="Download Invoice">
<i class="fa fa-file-pdf-o"></i>
</a>
</td>
@if (canDownloadInvoice)
{
<td>
<a target="_blank" href="@invoice.PdfUrl" title="Download Invoice">
<i class="fa fa-file-pdf-o"></i>
</a>
</td>
}
</tr>
}
</tbody>
@ -46,10 +60,13 @@
<td>@transaction.PaymentMethodType.ToString()</td>
<td>@transaction.Details</td>
<td>@transaction.Amount.ToString("C")</td>
<td>
<a title="Edit Transaction" asp-controller="Tools" asp-action="EditTransaction"
asp-route-id="@transaction.Id"><i class="fa fa-edit"></i></a>
</td>
@if (canManageTransactions)
{
<td>
<a title="Edit Transaction" asp-controller="Tools" asp-action="EditTransaction"
asp-route-id="@transaction.Id"><i class="fa fa-edit"></i></a>
</td>
}
</tr>
}
</tbody>
@ -59,9 +76,12 @@
{
<p>No transactions.</p>
}
<a asp-action="CreateTransaction" asp-controller="Tools" asp-route-organizationId="@Model.OrganizationId"
asp-route-userId="@Model.UserId" class="btn btn-sm btn-outline-primary">
<i class="fa fa-plus"></i> New Transaction
</a>
@if (canManageTransactions)
{
<a asp-action="CreateTransaction" asp-controller="Tools" asp-route-organizationId="@Model.OrganizationId"
asp-route-userId="@Model.UserId" class="btn btn-sm btn-outline-primary">
<i class="fa fa-plus"></i> New Transaction
</a>
}
</dd>
</dl>

137
src/Admin/Views/Shared/_Layout.cshtml
View File

@ -1,5 +1,25 @@
@inject SignInManager<IdentityUser> SignInManager
@using Bit.Admin.Enums;
@inject SignInManager<IdentityUser> SignInManager
@inject Bit.Core.Settings.GlobalSettings GlobalSettings
@inject Bit.Admin.Services.IAccessControlService AccessControlService
@{
var canViewUsers = AccessControlService.UserHasPermission(Permission.User_List_View);
var canViewOrgs = AccessControlService.UserHasPermission(Permission.Org_List_View);
var canViewProviders = AccessControlService.UserHasPermission(Permission.Provider_List_View);
var canViewLogs = AccessControlService.UserHasPermission(Permission.Logs_View);
var canChargeBraintree = AccessControlService.UserHasPermission(Permission.Tools_ChargeBrainTreeCustomer);
var canCreateTransaction = AccessControlService.UserHasPermission(Permission.Tools_CreateEditTransaction);
var canPromoteAdmin = AccessControlService.UserHasPermission(Permission.Tools_PromoteAdmin);
var canGenerateLicense = AccessControlService.UserHasPermission(Permission.Tools_GenerateLicenseFile);
var canManageTaxRates = AccessControlService.UserHasPermission(Permission.Tools_ManageTaxRates);
var canManageStripeSubscriptions = AccessControlService.UserHasPermission(Permission.Tools_ManageStripeSubscriptions);
var canViewTools = canChargeBraintree || canCreateTransaction || canPromoteAdmin ||
canGenerateLicense || canManageTaxRates || canManageStripeSubscriptions;
}
<!DOCTYPE html>
<html>
<head>
@ -32,58 +52,91 @@
</button>
<div class="collapse navbar-collapse" id="navbarCollapse">
<ul class="navbar-nav mr-auto">
@if(SignInManager.IsSignedIn(User))
@if (SignInManager.IsSignedIn(User))
{
<li class="nav-item" active-controller="Users">
<a class="nav-link" asp-controller="Users" asp-action="Index">Users</a>
</li>
<li class="nav-item" active-controller="Organizations">
<a class="nav-link" asp-controller="Organizations" asp-action="Index">Organizations</a>
</li>
@if(!GlobalSettings.SelfHosted)
@if (canViewUsers)
{
<li class="nav-item" active-controller="Providers">
<a class="nav-link" asp-controller="Providers" asp-action="Index">Providers</a>
</li>
<li class="nav-item dropdown" active-controller="tools">
<a class="nav-link dropdown-toggle" href="#" id="toolsDropdown" role="button"
data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
Tools
</a>
<div class="dropdown-menu" aria-labelledby="toolsDropdown">
<a class="dropdown-item" asp-controller="Tools" asp-action="ChargeBraintree">
Charge Braintree Customer
</a>
<a class="dropdown-item" asp-controller="Tools" asp-action="CreateTransaction">
Create Transaction
</a>
<a class="dropdown-item" asp-controller="Tools" asp-action="PromoteAdmin">
Promote Admin
</a>
<a class="dropdown-item" asp-controller="Tools" asp-action="GenerateLicense">
Generate License
</a>
<a class="dropdown-item" asp-controller="Tools" asp-action="TaxRate">
Manage Tax Rates
</a>
<a class="dropdown-item" asp-controller="Tools" asp-action="StripeSubscriptions">
Manage Stripe Subscriptions
</a>
</div>
</li>
<li class="nav-item" active-controller="Logs">
<a class="nav-link" asp-controller="Logs" asp-action="Index">Logs</a>
<li class="nav-item" active-controller="Users">
<a class="nav-link" asp-controller="Users" asp-action="Index">Users</a>
</li>
}
@if (canViewOrgs)
{
<li class="nav-item" active-controller="Organizations">
<a class="nav-link" asp-controller="Organizations" asp-action="Index">Organizations</a>
</li>
}
@if (!GlobalSettings.SelfHosted)
{
@if (canViewProviders)
{
<li class="nav-item" active-controller="Providers">
<a class="nav-link" asp-controller="Providers" asp-action="Index">Providers</a>
</li>
}
@if (canViewTools)
{
<li class="nav-item dropdown" active-controller="tools">
<a class="nav-link dropdown-toggle" href="#" id="toolsDropdown" role="button"
data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
Tools
</a>
<div class="dropdown-menu" aria-labelledby="toolsDropdown">
@if (canChargeBraintree)
{
<a class="dropdown-item" asp-controller="Tools" asp-action="ChargeBraintree">
Charge Braintree Customer
</a>
}
@if (canCreateTransaction)
{
<a class="dropdown-item" asp-controller="Tools" asp-action="CreateTransaction">
Create Transaction
</a>
}
@if (canPromoteAdmin)
{
<a class="dropdown-item" asp-controller="Tools" asp-action="PromoteAdmin">
Promote Admin
</a>
}
@if (canGenerateLicense)
{
<a class="dropdown-item" asp-controller="Tools" asp-action="GenerateLicense">
Generate License
</a>
}
@if (canManageTaxRates)
{
<a class="dropdown-item" asp-controller="Tools" asp-action="TaxRate">
Manage Tax Rates
</a>
}
@if (canManageStripeSubscriptions)
{
<a class="dropdown-item" asp-controller="Tools" asp-action="StripeSubscriptions">
Manage Stripe Subscriptions
</a>
}
</div>
</li>
}
@if (canViewLogs)
{
<li class="nav-item" active-controller="Logs">
<a class="nav-link" asp-controller="Logs" asp-action="Index">Logs</a>
</li>
}
}
}
@if(GlobalSettings.SelfHosted)
@if (GlobalSettings.SelfHosted)
{
<li class="nav-item">
<a class="nav-link" href="https://help.bitwarden.com/hosting/" target="_blank">Docs</a>
</li>
}
</ul>
@if(SignInManager.IsSignedIn(User))
@if (SignInManager.IsSignedIn(User))
{
<form asp-controller="Login" asp-action="Logout" method="post">
<button type="submit" class="btn btn-sm btn-secondary">Log Out</button>

481
src/Admin/Views/Shared/_OrganizationForm.cshtml
View File

@ -1,247 +1,286 @@
@using Bit.SharedWeb.Utilities
@using Bit.Admin.Enums;
@inject Bit.Admin.Services.IAccessControlService AccessControlService;
@model OrganizationEditModel
@{
var canViewGeneralDetails = AccessControlService.UserHasPermission(Permission.Org_GeneralDetails_View);
var canViewBilling = AccessControlService.UserHasPermission(Permission.Org_Billing_View);
var canViewBusinessInformation = AccessControlService.UserHasPermission(Permission.Org_BusinessInformation_View);
var canViewPlan = AccessControlService.UserHasPermission(Permission.Org_Plan_View);
var canViewLicensing = AccessControlService.UserHasPermission(Permission.Org_Licensing_View);
var canCheckEnabled = AccessControlService.UserHasPermission(Permission.Org_CheckEnabledBox);
var canEditPlan = AccessControlService.UserHasPermission(Permission.Org_Plan_Edit);
var canEditLicensing = AccessControlService.UserHasPermission(Permission.Org_Licensing_Edit);
var canEditBilling = AccessControlService.UserHasPermission(Permission.Org_Billing_Edit);
var canLaunchGateway = AccessControlService.UserHasPermission(Permission.Org_Billing_LaunchGateway);
}
<form method="post" id="edit-form" asp-route-providerId="@Model.Provider?.Id">
<input asp-for="SalesAssistedTrialStarted" type="hidden">
<h2>General</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="Name"></label>
<input type="text" class="form-control" asp-for="Name" required>
</div>
</div>
</div>
@if (Model.Provider?.Type == ProviderType.Reseller)
@if (canViewGeneralDetails)
{
<h2>General</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label>Client Owner Email</label>
@if (!string.IsNullOrWhiteSpace(Model.Owners))
<label asp-for="Name"></label>
<input type="text" class="form-control" asp-for="Name" required>
</div>
</div>
</div>
@if (Model.Provider?.Type == ProviderType.Reseller)
{
<div class="row">
<div class="col-sm">
<div class="form-group">
<label>Client Owner Email</label>
@if (!string.IsNullOrWhiteSpace(Model.Owners))
{
<input type="text" class="form-control" asp-for="Owners" readonly="readonly">
}
else
{
<input type="text" class="form-control" asp-for="Owners" required>
}
<label class="form-check-label small text-muted align-top">This user should be independent of the Provider. If the Provider is disassociated with the organization, this user will maintain ownership of the organization.</label>
</div>
</div>
</div>
}
@if (Model.Organization != null)
{
<div class="form-check mb-3">
<input type="checkbox" class="form-check-input" asp-for="Enabled" disabled='@(canCheckEnabled ? null : "disabled")'>
<label class="form-check-label" asp-for="Enabled"></label>
</div>
}
}
@if (canViewBusinessInformation)
{
<h2>Business Information</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="BusinessName"></label>
<input type="text" class="form-control" asp-for="BusinessName">
</div>
</div>
</div>
}
@if (canViewPlan)
{
<h2>Plan</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="PlanType"></label>
@{
var planTypes = Enum.GetValues<PlanType>()
.Where(p => Model.Provider == null || p is >= PlanType.TeamsMonthly and <= PlanType.EnterpriseAnnually)
.Select(e => new SelectListItem
{
Value = ((int)e).ToString(),
Text = e.GetDisplayAttribute()?.GetName() ?? e.ToString()
})
.ToList();
}
<select class="form-control" asp-for="PlanType" asp-items="planTypes" disabled='@(canEditPlan ? null : "disabled")'></select>
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="Plan"></label>
<input type="text" class="form-control" asp-for="Plan" required readonly='@(!canEditPlan)'>
</div>
</div>
</div>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="Seats"></label>
<input type="number" class="form-control" asp-for="Seats" min="1" readonly='@(!canEditPlan)'>
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="MaxCollections"></label>
<input type="number" class="form-control" asp-for="MaxCollections" min="1" readonly='@(!canEditPlan)'>
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="MaxStorageGb"></label>
<input type="number" class="form-control" asp-for="MaxStorageGb" min="1" readonly='@(!canEditPlan)'>
</div>
</div>
</div>
<div class="row">
<div class="col-4">
<div class="form-group">
<label asp-for="MaxAutoscaleSeats"></label>
<input type="number" class="form-control" asp-for="MaxAutoscaleSeats" min="1" readonly='@(!canEditPlan)'>
</div>
</div>
</div>
<h2>Features</h2>
<div class="row mb-3">
<div class="col-4">
<h3>General</h3>
<div class="form-check mb-2">
<input type="checkbox" class="form-check-input" asp-for="SelfHost" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="SelfHost"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="Use2fa" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="Use2fa"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseApi" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UseApi"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseGroups" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UseGroups"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UsePolicies" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UsePolicies"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseSso" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UseSso"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseKeyConnector" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UseKeyConnector"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseScim" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UseScim"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseDirectory" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UseDirectory"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseEvents" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UseEvents"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseResetPassword" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UseResetPassword"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseCustomPermissions" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UseCustomPermissions"></label>
</div>
</div>
<div class="col-4">
<h3>Password Manager</h3>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseTotp" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UseTotp"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UsersGetPremium" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UsersGetPremium"></label>
</div>
</div>
<div class="col-4">
<h3>Secrets Manager</h3>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseSecretsManager" disabled='@(canEditPlan ? null : "disabled")'>
<label class="form-check-label" asp-for="UseSecretsManager"></label>
</div>
</div>
</div>
}
@if(canViewLicensing)
{
<h2>Licensing</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="LicenseKey"></label>
<input type="text" class="form-control" asp-for="LicenseKey" readonly='@(!canEditLicensing)'>
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="ExpirationDate"></label>
<input type="datetime-local" class="form-control" asp-for="ExpirationDate" readonly='@(!canEditLicensing)'>
</div>
</div>
</div>
}
@if (canViewBilling)
{
<h2>Billing</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="BillingEmail"></label>
@if (Model.Provider?.Type == ProviderType.Reseller)
{
<input type="text" class="form-control" asp-for="Owners" readonly="readonly">
<input type="email" class="form-control" asp-for="BillingEmail" readonly="readonly">
}
else
{
<input type="text" class="form-control" asp-for="Owners" required>
<input type="email" class="form-control" asp-for="BillingEmail" readonly='@(!canEditBilling)'>
}
<label class="form-check-label small text-muted align-top">This user should be independent of the Provider. If the Provider is disassociated with the organization, this user will maintain ownership of the organization.</label>
</div>
</div>
</div>
}
@if (Model.Organization != null)
{
<div class="form-check mb-3">
<input type="checkbox" class="form-check-input" asp-for="Enabled">
<label class="form-check-label" asp-for="Enabled"></label>
</div>
}
<h2>Business Information</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="BusinessName"></label>
<input type="text" class="form-control" asp-for="BusinessName">
</div>
</div>
</div>
<h2>Plan</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="PlanType"></label>
@{
var planTypes = Enum.GetValues<PlanType>()
.Where(p => Model.Provider == null || p is >= PlanType.TeamsMonthly and <= PlanType.EnterpriseAnnually)
.Select(e => new SelectListItem
{
Value = ((int)e).ToString(),
Text = e.GetDisplayAttribute()?.GetName() ?? e.ToString()
})
.ToList();
}
<select class="form-control" asp-for="PlanType" asp-items="planTypes"></select>
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="Plan"></label>
<input type="text" class="form-control" asp-for="Plan" required>
</div>
</div>
</div>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="Seats"></label>
<input type="number" class="form-control" asp-for="Seats" min="1">
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="MaxCollections"></label>
<input type="number" class="form-control" asp-for="MaxCollections" min="1">
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="MaxStorageGb"></label>
<input type="number" class="form-control" asp-for="MaxStorageGb" min="1">
</div>
</div>
</div>
<div class="row">
<div class="col-4">
<div class="form-group">
<label asp-for="MaxAutoscaleSeats"></label>
<input type="number" class="form-control" asp-for="MaxAutoscaleSeats" min="1">
</div>
</div>
</div>
<h2>Features</h2>
<div class="row mb-3">
<div class="col-4">
<h3>General</h3>
<div class="form-check mb-2">
<input type="checkbox" class="form-check-input" asp-for="SelfHost">
<label class="form-check-label" asp-for="SelfHost"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="Use2fa">
<label class="form-check-label" asp-for="Use2fa"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseApi">
<label class="form-check-label" asp-for="UseApi"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseGroups">
<label class="form-check-label" asp-for="UseGroups"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UsePolicies">
<label class="form-check-label" asp-for="UsePolicies"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseSso">
<label class="form-check-label" asp-for="UseSso"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseKeyConnector">
<label class="form-check-label" asp-for="UseKeyConnector"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseScim">
<label class="form-check-label" asp-for="UseScim"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseDirectory">
<label class="form-check-label" asp-for="UseDirectory"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseEvents">
<label class="form-check-label" asp-for="UseEvents"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseResetPassword">
<label class="form-check-label" asp-for="UseResetPassword"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseCustomPermissions">
<label class="form-check-label" asp-for="UseCustomPermissions"></label>
</div>
</div>
<div class="col-4">
<h3>Password Manager</h3>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseTotp">
<label class="form-check-label" asp-for="UseTotp"></label>
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UsersGetPremium">
<label class="form-check-label" asp-for="UsersGetPremium"></label>
</div>
</div>
<div class="col-4">
<h3>Secrets Manager</h3>
<div class="form-check">
<input type="checkbox" class="form-check-input" asp-for="UseSecretsManager">
<label class="form-check-label" asp-for="UseSecretsManager"></label>
</div>
</div>
</div>
<h2>Licensing</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="LicenseKey"></label>
<input type="text" class="form-control" asp-for="LicenseKey">
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="ExpirationDate"></label>
<input type="datetime-local" class="form-control" asp-for="ExpirationDate">
</div>
</div>
</div>
<h2>Billing</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="BillingEmail"></label>
@if (Model.Provider?.Type == ProviderType.Reseller)
{
<input type="email" class="form-control" asp-for="BillingEmail" readonly="readonly">
}
else
{
<input type="email" class="form-control" asp-for="BillingEmail">
}
</div>
</div>
<div class="col-sm">
<div class="form-group">
<div class="col-sm">
<div class="form-group">
<label asp-for="Gateway"></label>
<select class="form-control" asp-for="Gateway"
asp-items="Html.GetEnumSelectList<Bit.Core.Enums.GatewayType>()">
<option value="">--</option>
</select>
</div>
</div>
</div>
</div>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="GatewayCustomerId"></label>
<div class="input-group">
<input type="text" class="form-control" asp-for="GatewayCustomerId">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" id="gateway-customer-link">
<i class="fa fa-external-link"></i>
</button>
<div class="form-group">
<label asp-for="Gateway"></label>
<select class="form-control" asp-for="Gateway" disabled='@(canEditBilling ? null : "disabled")'
asp-items="Html.GetEnumSelectList<Bit.Core.Enums.GatewayType>()">
<option value="">--</option>
</select>
</div>
</div>
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="GatewaySubscriptionId"></label>
<div class="input-group">
<input type="text" class="form-control" asp-for="GatewaySubscriptionId">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" id="gateway-subscription-link">
<i class="fa fa-external-link"></i>
</button>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="GatewayCustomerId"></label>
<div class="input-group">
<input type="text" class="form-control" asp-for="GatewayCustomerId" readonly='@(!canEditBilling)'>
@if(canLaunchGateway)
{
<div class="input-group-append">
<button class="btn btn-secondary" type="button" id="gateway-customer-link">
<i class="fa fa-external-link"></i>
</button>
</div>
}
</div>
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="GatewaySubscriptionId"></label>
<div class="input-group">
<input type="text" class="form-control" asp-for="GatewaySubscriptionId" readonly='@(!canEditBilling)'>
@if (canLaunchGateway)
{
<div class="input-group-append">
<button class="btn btn-secondary" type="button" id="gateway-subscription-link">
<i class="fa fa-external-link"></i>
</button>
</div>
}
</div>
</div>
</div>
</div>
</div>
}
</form>

171
src/Admin/Views/Users/Edit.cshtml
View File

@ -1,6 +1,22 @@
@model UserEditModel
@using Bit.Admin.Enums;
@inject Bit.Admin.Services.IAccessControlService AccessControlService
@model UserEditModel
@{
ViewData["Title"] = "User: " + Model.User.Email;
var canViewUserInformation = AccessControlService.UserHasPermission(Permission.User_UserInformation_View);
var canViewBillingInformation = AccessControlService.UserHasPermission(Permission.User_BillingInformation_View);
var canViewGeneral = AccessControlService.UserHasPermission(Permission.User_GeneralDetails_View);
var canViewPremium = AccessControlService.UserHasPermission(Permission.User_Premium_View);
var canViewLicensing = AccessControlService.UserHasPermission(Permission.User_Licensing_View);
var canViewBilling = AccessControlService.UserHasPermission(Permission.User_Billing_View);
var canEditPremium = AccessControlService.UserHasPermission(Permission.User_Premium_Edit);
var canEditLicensing = AccessControlService.UserHasPermission(Permission.User_Licensing_Edit);
var canEditBilling = AccessControlService.UserHasPermission(Permission.User_Billing_Edit);
var canLaunchGateway = AccessControlService.UserHasPermission(Permission.User_Billing_LaunchGateway);
var canUpgradePremium = AccessControlService.UserHasPermission(Permission.User_UpgradePremium);
var canDeleteUser = AccessControlService.UserHasPermission(Permission.User_Delete);
}
@section Scripts {
@ -56,66 +72,76 @@
<h1>User <small>@Model.User.Email</small></h1>
<h2>User Information</h2>
@await Html.PartialAsync("_ViewInformation", Model)
<h2>Billing Information</h2>
@await Html.PartialAsync("_BillingInformation",
new BillingInformationModel { BillingInfo = Model.BillingInfo, UserId = Model.User.Id })
<form method="post" id="edit-form">
@if (canViewUserInformation)
{
<h2>User Information</h2>
@await Html.PartialAsync("_ViewInformation", Model)
}
@if (canViewBillingInformation)
{
<h2>Billing Information</h2>
@await Html.PartialAsync("_BillingInformation",
new BillingInformationModel { BillingInfo = Model.BillingInfo, UserId = Model.User.Id, Entity = "User" })
}
@if (canViewGeneral)
{
<h2>General</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="Name"></label>
<input type="text" class="form-control" asp-for="Name">
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="Email"></label>
<input type="email" class="form-control" asp-for="Email" required>
</div>
</div>
</div>
<dl class="row">
<dt class="col-sm-4 col-lg-3">Name</dt>
<dd class="col-sm-8 col-lg-9">@Model.Name</dd>
<dt class="col-sm-4 col-lg-3">Email</dt>
<dd class="col-sm-8 col-lg-9">@Model.Email</dd>
</dl>
<div class="form-check mb-3">
<input type="checkbox" class="form-check-input" asp-for="EmailVerified">
<input type="checkbox" class="form-check-input" asp-for="EmailVerified" disabled>
<label class="form-check-label" asp-for="EmailVerified"></label>
</div>
<h2>Premium</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="MaxStorageGb"></label>
<input type="number" class="form-control" asp-for="MaxStorageGb" min="1">
}
<form method="post" id="edit-form">
@if (canViewPremium)
{
<h2>Premium</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="MaxStorageGb"></label>
<input type="number" class="form-control" asp-for="MaxStorageGb" min="1" readonly='@(!canEditPremium)'>
</div>
</div>
</div>
</div>
<div class="form-check mb-3">
<input type="checkbox" class="form-check-input" asp-for="Premium">
<label class="form-check-label" asp-for="Premium"></label>
</div>
<h2>Licensing</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="LicenseKey"></label>
<input type="text" class="form-control" asp-for="LicenseKey">
<div class="form-check mb-3">
<input type="checkbox" class="form-check-input" asp-for="Premium" readonly='@(!canUpgradePremium)'>
<label class="form-check-label" asp-for="Premium"></label>
</div>
}
@if (canViewLicensing)
{
<h2>Licensing</h2>
<div class="row">
<div class="col-sm">
<div class="form-group">
<label asp-for="LicenseKey"></label>
<input type="text" class="form-control" asp-for="LicenseKey" readonly='@(!canEditLicensing)'>
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="PremiumExpirationDate"></label>
<input type="datetime-local" class="form-control" asp-for="PremiumExpirationDate" readonly='@(!canEditLicensing)'>
</div>
</div>
</div>
<div class="col-sm">
<div class="form-group">
<label asp-for="PremiumExpirationDate"></label>
<input type="datetime-local" class="form-control" asp-for="PremiumExpirationDate">
</div>
</div>
</div>
}
@if (canViewBilling)
{
<h2>Billing</h2>
<div class="row">
<div class="col-md">
<div class="form-group">
<div class="form-group">
<label asp-for="Gateway"></label>
<select class="form-control" asp-for="Gateway"
<select class="form-control" asp-for="Gateway" disabled='@(canEditBilling ? null : "disabled")'
asp-items="Html.GetEnumSelectList<Bit.Core.Enums.GatewayType>()">
<option value="">--</option>
</select>
@ -126,12 +152,15 @@
<div class="form-group">
<label asp-for="GatewayCustomerId"></label>
<div class="input-group">
<input type="text" class="form-control" asp-for="GatewayCustomerId">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" id="gateway-customer-link">
<i class="fa fa-external-link"></i>
</button>
</div>
<input type="text" class="form-control" asp-for="GatewayCustomerId" readonly='@(!canEditBilling)'>
@if (canLaunchGateway)
{
<div class="input-group-append">
<button class="btn btn-secondary" type="button" id="gateway-customer-link">
<i class="fa fa-external-link"></i>
</button>
</div>
}
</div>
</div>
</div>
@ -139,26 +168,36 @@
<div class="form-group">
<label asp-for="GatewaySubscriptionId"></label>
<div class="input-group">
<input type="text" class="form-control" asp-for="GatewaySubscriptionId">
<div class="input-group-append">
<button class="btn btn-secondary" type="button" id="gateway-subscription-link">
<i class="fa fa-external-link"></i>
</button>
</div>
<input type="text" class="form-control" asp-for="GatewaySubscriptionId" readonly='@(!canEditBilling)'>
@if (canLaunchGateway)
{
<div class="input-group-append">
<button class="btn btn-secondary" type="button" id="gateway-subscription-link">
<i class="fa fa-external-link"></i>
</button>
</div>
}
</div>
</div>
</div>
</div>
}
</form>
<div class="d-flex mt-4">
<button type="submit" class="btn btn-primary" form="edit-form">Save</button>
<div class="ml-auto d-flex">
<button class="btn btn-secondary mr-2" type="button" id="upgrade-premium">
Upgrade Premium
</button>
<form asp-action="Delete" asp-route-id="@Model.User.Id"
onsubmit="return confirm('Are you sure you want to delete this user?')">
<button class="btn btn-danger" type="submit">Delete</button>
</form>
@if (canUpgradePremium)
{
<button class="btn btn-secondary mr-2" type="button" id="upgrade-premium">
Upgrade Premium
</button>
}
@if (canDeleteUser)
{
<form asp-action="Delete" asp-route-id="@Model.User.Id"
onsubmit="return confirm('Are you sure you want to delete this user?')">
<button class="btn btn-danger" type="submit">Delete</button>
</form>
}
</div>
</div>