nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-01 08:02:49 -05:00
Code Activity

Add RBAC to Bitwarden Portal (#2853)

Browse Source 
* Auth/pm-48 (#2680)

* PM-48 - add user's role as a claim and establish access control service

* PM-48 - remove function unrelated to the role claim

* PM-48 - fix whitespace issues

* PM-48 - move registration of CustomClaimsPrincipalFactory, replace role claim type string with constant, streamline code that retrieves the user's role

* Auth/pm-47 (#2699)

* PM-48 - add user's role as a claim and establish access control service

* PM-48 - remove function unrelated to the role claim

* PM-48 - fix whitespace issues

* PM-47 - add list of permission enums, role:permissions mapping, and function that determines if the logged in user has the given permission

* PM-47 - remove unneeded service registration, set role to lowercase

* PM-47 - fix code style issues

* PM-46 - create permission filter attribute (#2753)

* Auth/pm-54 add rbac for users (#2758)

* PM-54 - add permission gates to User elements

* PM-54 - fix formatting

* PM-54 - remove unused function

* PM-54 - fix variable reference, add permission to billing role

* PM-54 - handle Upgrade Premium button functionality and fix spelling

* PM-54 - change permission name to be more accurate

* PM-49 - update role retrieval (#2779)

* Auth/[PM-50] add rbac for logs (#2782)

* PM-50 - add rbac for logs

* PM-50 - remove unnecessary action filter

* PM-51 - add RBAC for tools (#2799)

* Auth/[pm-52] add rbac providers (#2818)

* PM-52 add rbac for providers

* PM-52 - update redirect action

* PM-52 - add back edit functionality and permission

* PM-52 - reverse changes around removing edit functionality

* PM-52 - moved permission check to variable assignement

* PM-53 - add rbac for organizations (#2798)

* PM-52 - add missed permission to billing role (#2836)

* Fixed merge conflicts.

* [PM-1846] Updates to add RBAC back after merge conflicts (#2870)

* Updates to add RBAC to changes from reseller.

* Added back checks for delete and initiating a trial.

* Removed extraneous Razor tag.

---------

Co-authored-by: dgoodman-bw <109169446+dgoodman-bw@users.noreply.github.com>
Co-authored-by: Danielle Goodman <dgoodman@bitwarden.com>
Co-authored-by: Jacob Fink <jfink@bitwarden.com>
This commit is contained in:
Todd Martin
2023-05-04 15:18:49 -04:00
committed by GitHub
parent 2ac513e15a
commit 0bd0910c39
24 changed files with 1101 additions and 410 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
src/Admin/Views/Shared/_Layout.cshtml
View File

@ -1,5 +1,25 @@
@inject SignInManager<IdentityUser> SignInManager
@using Bit.Admin.Enums;
@inject SignInManager<IdentityUser> SignInManager
@inject Bit.Core.Settings.GlobalSettings GlobalSettings
@inject Bit.Admin.Services.IAccessControlService AccessControlService
@{
var canViewUsers = AccessControlService.UserHasPermission(Permission.User_List_View);
var canViewOrgs = AccessControlService.UserHasPermission(Permission.Org_List_View);
var canViewProviders = AccessControlService.UserHasPermission(Permission.Provider_List_View);
var canViewLogs = AccessControlService.UserHasPermission(Permission.Logs_View);
var canChargeBraintree = AccessControlService.UserHasPermission(Permission.Tools_ChargeBrainTreeCustomer);
var canCreateTransaction = AccessControlService.UserHasPermission(Permission.Tools_CreateEditTransaction);
var canPromoteAdmin = AccessControlService.UserHasPermission(Permission.Tools_PromoteAdmin);
var canGenerateLicense = AccessControlService.UserHasPermission(Permission.Tools_GenerateLicenseFile);
var canManageTaxRates = AccessControlService.UserHasPermission(Permission.Tools_ManageTaxRates);
var canManageStripeSubscriptions = AccessControlService.UserHasPermission(Permission.Tools_ManageStripeSubscriptions);
var canViewTools = canChargeBraintree || canCreateTransaction || canPromoteAdmin ||
canGenerateLicense || canManageTaxRates || canManageStripeSubscriptions;
}
<!DOCTYPE html>
<html>
<head>
@ -32,58 +52,91 @@
</button>
<div class="collapse navbar-collapse" id="navbarCollapse">
<ul class="navbar-nav mr-auto">
@if(SignInManager.IsSignedIn(User))
@if (SignInManager.IsSignedIn(User))
{
<li class="nav-item" active-controller="Users">
<a class="nav-link" asp-controller="Users" asp-action="Index">Users</a>
</li>
<li class="nav-item" active-controller="Organizations">
<a class="nav-link" asp-controller="Organizations" asp-action="Index">Organizations</a>
</li>
@if(!GlobalSettings.SelfHosted)
@if (canViewUsers)
{
<li class="nav-item" active-controller="Providers">
<a class="nav-link" asp-controller="Providers" asp-action="Index">Providers</a>
</li>
<li class="nav-item dropdown" active-controller="tools">
<a class="nav-link dropdown-toggle" href="#" id="toolsDropdown" role="button"
data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
Tools
</a>
<div class="dropdown-menu" aria-labelledby="toolsDropdown">
<a class="dropdown-item" asp-controller="Tools" asp-action="ChargeBraintree">
Charge Braintree Customer
</a>
<a class="dropdown-item" asp-controller="Tools" asp-action="CreateTransaction">
Create Transaction
</a>
<a class="dropdown-item" asp-controller="Tools" asp-action="PromoteAdmin">
Promote Admin
</a>
<a class="dropdown-item" asp-controller="Tools" asp-action="GenerateLicense">
Generate License
</a>
<a class="dropdown-item" asp-controller="Tools" asp-action="TaxRate">
Manage Tax Rates
</a>
<a class="dropdown-item" asp-controller="Tools" asp-action="StripeSubscriptions">
Manage Stripe Subscriptions
</a>
</div>
</li>
<li class="nav-item" active-controller="Logs">
<a class="nav-link" asp-controller="Logs" asp-action="Index">Logs</a>
<li class="nav-item" active-controller="Users">
<a class="nav-link" asp-controller="Users" asp-action="Index">Users</a>
</li>
}
@if (canViewOrgs)
{
<li class="nav-item" active-controller="Organizations">
<a class="nav-link" asp-controller="Organizations" asp-action="Index">Organizations</a>
</li>
}
@if (!GlobalSettings.SelfHosted)
{
@if (canViewProviders)
{
<li class="nav-item" active-controller="Providers">
<a class="nav-link" asp-controller="Providers" asp-action="Index">Providers</a>
</li>
}
@if (canViewTools)
{
<li class="nav-item dropdown" active-controller="tools">
<a class="nav-link dropdown-toggle" href="#" id="toolsDropdown" role="button"
data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
Tools
</a>
<div class="dropdown-menu" aria-labelledby="toolsDropdown">
@if (canChargeBraintree)
{
<a class="dropdown-item" asp-controller="Tools" asp-action="ChargeBraintree">
Charge Braintree Customer
</a>
}
@if (canCreateTransaction)
{
<a class="dropdown-item" asp-controller="Tools" asp-action="CreateTransaction">
Create Transaction
</a>
}
@if (canPromoteAdmin)
{
<a class="dropdown-item" asp-controller="Tools" asp-action="PromoteAdmin">
Promote Admin
</a>
}
@if (canGenerateLicense)
{
<a class="dropdown-item" asp-controller="Tools" asp-action="GenerateLicense">
Generate License
</a>
}
@if (canManageTaxRates)
{
<a class="dropdown-item" asp-controller="Tools" asp-action="TaxRate">
Manage Tax Rates
</a>
}
@if (canManageStripeSubscriptions)
{
<a class="dropdown-item" asp-controller="Tools" asp-action="StripeSubscriptions">
Manage Stripe Subscriptions
</a>
}
</div>
</li>
}
@if (canViewLogs)
{
<li class="nav-item" active-controller="Logs">
<a class="nav-link" asp-controller="Logs" asp-action="Index">Logs</a>
</li>
}
}
}
@if(GlobalSettings.SelfHosted)
@if (GlobalSettings.SelfHosted)
{
<li class="nav-item">
<a class="nav-link" href="https://help.bitwarden.com/hosting/" target="_blank">Docs</a>
</li>
}
</ul>
@if(SignInManager.IsSignedIn(User))
@if (SignInManager.IsSignedIn(User))
{
<form asp-controller="Login" asp-action="Logout" method="post">
<button type="submit" class="btn btn-sm btn-secondary">Log Out</button>