Split Organization.LimitCollectionCreationDeletion into two separate business rules (#11223)

* Declare feature flag * Introduce new model properties * Reference feature toggle in template * Fix bugs caught during manual testing
2025-12-16 00:03:56 +00:00 · 2024-10-17 06:34:34 -04:00
parent 80e6b1afd1
commit 073ee4739b
12 changed files with 120 additions and 25 deletions
--- a/apps/web/src/app/admin-console/organizations/settings/account.component.html
+++ b/apps/web/src/app/admin-console/organizations/settings/account.component.html
@@ -52,7 +52,11 @@
  <form
    *ngIf="org && !loading"
    [bitSubmit]="submitCollectionManagement"
-    [formGroup]="collectionManagementFormGroup"
+    [formGroup]="
+      limitCollectionCreationDeletionSplitFeatureFlagIsEnabled
+        ? collectionManagementFormGroup_VNext
+        : collectionManagementFormGroup
+    "
  >
    <h1 bitTypography="h1" class="tw-mt-16 tw-pb-2.5">{{ "collectionManagement" | i18n }}</h1>
    <p bitTypography="body1">{{ "collectionManagementDesc" | i18n }}</p>
@@ -60,12 +64,24 @@
      <bit-label>{{ "allowAdminAccessToAllCollectionItemsDesc" | i18n }}</bit-label>
      <input type="checkbox" bitCheckbox formControlName="allowAdminAccessToAllCollectionItems" />
    </bit-form-control>
-    <bit-form-control>
-      <bit-label>{{ "limitCollectionCreationDeletionDesc" | i18n }}</bit-label>
-      <input type="checkbox" bitCheckbox formControlName="limitCollectionCreationDeletion" />
-    </bit-form-control>
+    <ng-container *ngIf="limitCollectionCreationDeletionSplitFeatureFlagIsEnabled">
+      <bit-form-control>
+        <bit-label>{{ "limitCollectionCreationDesc" | i18n }}</bit-label>
+        <input type="checkbox" bitCheckbox formControlName="limitCollectionCreation" />
+      </bit-form-control>
+      <bit-form-control>
+        <bit-label>{{ "limitCollectionDeletionDesc" | i18n }}</bit-label>
+        <input type="checkbox" bitCheckbox formControlName="limitCollectionDeletion" />
+      </bit-form-control>
+    </ng-container>
+    <ng-container *ngIf="!limitCollectionCreationDeletionSplitFeatureFlagIsEnabled">
+      <bit-form-control>
+        <bit-label>{{ "limitCollectionCreationDeletionDesc" | i18n }}</bit-label>
+        <input type="checkbox" bitCheckbox formControlName="limitCollectionCreationDeletion" />
+      </bit-form-control>
+    </ng-container>
    <button
-      *ngIf="!selfHosted"
+      *ngIf="!selfHosted || limitCollectionCreationDeletionSplitFeatureFlagIsEnabled"
      type="submit"
      bitButton
      bitFormButton
--- a/apps/web/src/app/admin-console/organizations/settings/account.component.ts
+++ b/apps/web/src/app/admin-console/organizations/settings/account.component.ts
@@ -10,6 +10,8 @@ import { OrganizationCollectionManagementUpdateRequest } from "@bitwarden/common
 import { OrganizationKeysRequest } from "@bitwarden/common/admin-console/models/request/organization-keys.request";
 import { OrganizationUpdateRequest } from "@bitwarden/common/admin-console/models/request/organization-update.request";
 import { OrganizationResponse } from "@bitwarden/common/admin-console/models/response/organization.response";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
@@ -38,6 +40,8 @@ export class AccountComponent implements OnInit, OnDestroy {
  org: OrganizationResponse;
  taxFormPromise: Promise<unknown>;

+  limitCollectionCreationDeletionSplitFeatureFlagIsEnabled: boolean;
+
  // FormGroup validators taken from server Organization domain object
  protected formGroup = this.formBuilder.group({
    orgName: this.formBuilder.control(
@@ -53,6 +57,7 @@ export class AccountComponent implements OnInit, OnDestroy {
    ),
  });

+  // Deprecated. Delete with https://bitwarden.atlassian.net/browse/PM-10863
  protected collectionManagementFormGroup = this.formBuilder.group({
    limitCollectionCreationDeletion: this.formBuilder.control({ value: false, disabled: true }),
    allowAdminAccessToAllCollectionItems: this.formBuilder.control({
@@ -61,6 +66,15 @@ export class AccountComponent implements OnInit, OnDestroy {
    }),
  });

+  protected collectionManagementFormGroup_VNext = this.formBuilder.group({
+    limitCollectionCreation: this.formBuilder.control({ value: false, disabled: false }),
+    limitCollectionDeletion: this.formBuilder.control({ value: false, disabled: false }),
+    allowAdminAccessToAllCollectionItems: this.formBuilder.control({
+      value: false,
+      disabled: false,
+    }),
+  });
+
  protected organizationId: string;
  protected publicKeyBuffer: Uint8Array;

@@ -78,11 +92,17 @@ export class AccountComponent implements OnInit, OnDestroy {
    private dialogService: DialogService,
    private formBuilder: FormBuilder,
    private toastService: ToastService,
+    private configService: ConfigService,
  ) {}

  async ngOnInit() {
    this.selfHosted = this.platformUtilsService.isSelfHost();

+    this.configService
+      .getFeatureFlag$(FeatureFlag.LimitCollectionCreationDeletionSplit)
+      .pipe(takeUntil(this.destroy$))
+      .subscribe((x) => (this.limitCollectionCreationDeletionSplitFeatureFlagIsEnabled = x));
+
    this.route.params
      .pipe(
        switchMap((params) => this.organizationService.get$(params.organizationId)),
@@ -104,10 +124,15 @@ export class AccountComponent implements OnInit, OnDestroy {
        this.canUseApi = organization.useApi;

        // Update disabled states - reactive forms prefers not using disabled attribute
-        if (!this.selfHosted) {
-          this.formGroup.get("orgName").enable();
-          this.collectionManagementFormGroup.get("limitCollectionCreationDeletion").enable();
-          this.collectionManagementFormGroup.get("allowAdminAccessToAllCollectionItems").enable();
+        // Disabling these fields for self hosted orgs is deprecated
+        // This block can be completely removed as part of
+        // https://bitwarden.atlassian.net/browse/PM-10863
+        if (!this.limitCollectionCreationDeletionSplitFeatureFlagIsEnabled) {
+          if (!this.selfHosted) {
+            this.formGroup.get("orgName").enable();
+            this.collectionManagementFormGroup.get("limitCollectionCreationDeletion").enable();
+            this.collectionManagementFormGroup.get("allowAdminAccessToAllCollectionItems").enable();
+          }
        }

        if (!this.selfHosted && this.canEditSubscription) {
@@ -125,10 +150,18 @@ export class AccountComponent implements OnInit, OnDestroy {
          orgName: this.org.name,
          billingEmail: this.org.billingEmail,
        });
-        this.collectionManagementFormGroup.patchValue({
-          limitCollectionCreationDeletion: this.org.limitCollectionCreationDeletion,
-          allowAdminAccessToAllCollectionItems: this.org.allowAdminAccessToAllCollectionItems,
-        });
+        if (this.limitCollectionCreationDeletionSplitFeatureFlagIsEnabled) {
+          this.collectionManagementFormGroup_VNext.patchValue({
+            limitCollectionCreation: this.org.limitCollectionCreation,
+            limitCollectionDeletion: this.org.limitCollectionDeletion,
+            allowAdminAccessToAllCollectionItems: this.org.allowAdminAccessToAllCollectionItems,
+          });
+        } else {
+          this.collectionManagementFormGroup.patchValue({
+            limitCollectionCreationDeletion: this.org.limitCollectionCreationDeletion,
+            allowAdminAccessToAllCollectionItems: this.org.allowAdminAccessToAllCollectionItems,
+          });
+        }

        this.loading = false;
      });
@@ -177,15 +210,23 @@ export class AccountComponent implements OnInit, OnDestroy {

  submitCollectionManagement = async () => {
    // Early exit if self-hosted
-    if (this.selfHosted) {
+    if (this.selfHosted && !this.limitCollectionCreationDeletionSplitFeatureFlagIsEnabled) {
      return;
    }
-
    const request = new OrganizationCollectionManagementUpdateRequest();
-    request.limitCreateDeleteOwnerAdmin =
-      this.collectionManagementFormGroup.value.limitCollectionCreationDeletion;
-    request.allowAdminAccessToAllCollectionItems =
-      this.collectionManagementFormGroup.value.allowAdminAccessToAllCollectionItems;
+    if (this.limitCollectionCreationDeletionSplitFeatureFlagIsEnabled) {
+      request.limitCollectionCreation =
+        this.collectionManagementFormGroup_VNext.value.limitCollectionCreation;
+      request.limitCollectionDeletion =
+        this.collectionManagementFormGroup_VNext.value.limitCollectionDeletion;
+      request.allowAdminAccessToAllCollectionItems =
+        this.collectionManagementFormGroup_VNext.value.allowAdminAccessToAllCollectionItems;
+    } else {
+      request.limitCreateDeleteOwnerAdmin =
+        this.collectionManagementFormGroup.value.limitCollectionCreationDeletion;
+      request.allowAdminAccessToAllCollectionItems =
+        this.collectionManagementFormGroup.value.allowAdminAccessToAllCollectionItems;
+    }

    await this.organizationApiService.updateCollectionManagement(this.organizationId, request);

--- a/apps/web/src/locales/en/messages.json
+++ b/apps/web/src/locales/en/messages.json
@@ -8201,6 +8201,12 @@
  "limitCollectionCreationDeletionDesc": {
    "message": "Limit collection creation and deletion to owners and admins"
  },
+  "limitCollectionCreationDesc": {
+    "message": "Limit collection creation to owners and admins"
+  },
+  "limitCollectionDeletionDesc": {
+    "message": "Limit collection deletion to owners and admins"
+  },
  "allowAdminAccessToAllCollectionItemsDesc": {
    "message": "Owners and admins can manage all collections and items"
  },