Add partial role support for manager only using web-vault v2024.12.0 #5219
Conversation
|
This PR needs a web-vault built from this PR dani-garcia/bw_web_builds#186 But it would be nice if some people are able to test this PR using a web-vault built from the PR linked above. |
BlackDex
force-pushed
the
mngr-custom-role
branch
from
78ab1c1 to
4b283b2
Compare
May I suggest to add more comments to the code, where your changes from this PR have to be reverted when full role support is implemented. Unless you you'll keep the compat layer even then. It is quite possible to forget to remove/change current code/behavior when the "future" changes are not close to this PR. Please ignore, if I am way off. |
BlackDex
force-pushed
the
mngr-custom-role
branch
2 times, most recently
from
ae62f5b to
6e337c6
Compare
|
@tessus done :) @stefan0xC I have fixed the icon in the collapsed menu. |
BlackDex
force-pushed
the
mngr-custom-role
branch
2 times, most recently
from
de0b54c to
0a4ffc7
Compare
|
As mentioned before, this PR needs a new web-vault version for which a PR can be found here: CI builds of this web-vault can be downloaded here:
|
BlackDex
force-pushed
the
mngr-custom-role
branch
from
71d90ed to
31957cc
Compare
BlackDex
force-pushed
the
mngr-custom-role
branch
from
31957cc to
1e71195
Compare
|
If this is the only PR required for the new web vault, is it possible to merge this and then release the new web vault - maybe this weekend? |
|
I'd rather first fix a native client issue and release a version and after that merge this. I also think it is better to first release the web-vault and then add that release to this PR. |
|
Not sure if this belongs here or in the web vault PR, but I seem to be offered the option to log in with a passkey (which obviously doesn't work): |
Thanks! I fixed it just now. |
|
Now that I think about it, shouldn't the create account line also be hidden? I have signups disabled. |
Also fixed now :) |
BlackDex
force-pushed
the
mngr-custom-role
branch
from
0c4fede to
d17dc0d
Compare
|
I'm checking to see if we can update to v2024.12.0. There seem to be some minor changes and some endpoints added. |
BlackDex
changed the title
|
Code is adjusted to support v2024.12.0 now. Not too much changed. |
BlackDex
force-pushed
the
mngr-custom-role
branch
4 times, most recently
from
a16668a to
748a242
Compare
The native client issue has been fixed and a new version has been released. Is it possible to merge this now and release the new web-vault 2024.12.0 (or the other way around as you suggested)? |
What's the matter with you and the new web vault version? Isn't the current one working for you? If not then just try to build and run it yourself |
This comment was marked as resolved.
This comment was marked as resolved.
|
@stefan0xC What happens then exactly? |
The exception happened when I tried to open the Custom user member (which used to be a Manager role without edit: I'm unable to reproduce the issue. It might have been caused by using an in-between version of the web-vault... |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
BlackDex
force-pushed
the
mngr-custom-role
branch
3 times, most recently
from
edc4013 to
9c74e2c
Compare
|
@stefan0xC & @dfunkt, i have been testing a bit more, but i can't find anything strange my self. |
There was a problem hiding this comment.
I don't think I can find anything else. I mean that a Manager that does not have access to all collection will not have access to the admin console is probably expected. One question I would have left is if we should not make this a permanent change and save the manage permission in the CollectionUser / GroupUser relations accordingly? Since that seems a bit weird to just keep deriving it. But I wonder if that's possible without implementing custom permissions as well.
|
I'd rather do that while implementing the other rights too. |
- Add the custom role which replaces the manager role - Added mini-details endpoint used by v2024.11.1 These changes try to add the custom role in such a way that it stays compatible with the older manager role. It will convert a manager role into a custom role, and if a manager has `access-all` rights, it will enable the correct custom roles. Upon saving it will convert these back to the old format. What this does is making sure you are able to revert back to an older version of Vaultwarden without issues. This way we can support newer web-vault's and still be compatible with a previous Vaultwarden version if needed. In the future this needs to be changed to full role support though. Fixed the 2FA hide CSS since the order of options has changed Signed-off-by: BlackDex <[email protected]>
Signed-off-by: BlackDex <[email protected]>
Signed-off-by: BlackDex <[email protected]>
Signed-off-by: BlackDex <[email protected]>
Signed-off-by: BlackDex <[email protected]>
Signed-off-by: BlackDex <[email protected]>
BlackDex
force-pushed
the
mngr-custom-role
branch
from
94aec7c to
f0836bb
Compare
This comment was marked as duplicate.
This comment was marked as duplicate.
Sorry, something went wrong.
BlackDex
force-pushed
the
mngr-custom-role
branch
from
f0836bb to
ac70451
Compare
Signed-off-by: BlackDex <[email protected]>
BlackDex
force-pushed
the
mngr-custom-role
branch
from
ac70451 to
48116b0
Compare
These changes try to add the custom role in such a way that it stays compatible with the older manager role. It will convert a manager role into a custom role, and if a manager has
access-allrights, it will enable the correct custom roles. Upon saving it will convert these back to the old format.What this does is making sure you are able to revert back to an older version of Vaultwarden without issues. This way we can support newer web-vault's and still be compatible with a previous Vaultwarden version if needed.
In the future this needs to be changed to full role support though.