[PM-28216] Add org ability check for one time dialog (#17372)

* add org ability check for one time dialog * exclude providers (cautionary step) and add tests
2025-12-06 00:13:28 +00:00 · 2025-11-14 11:43:10 -05:00
parent 0925f4fa78
commit 099a4a0f03
3 changed files with 124 additions and 1 deletions
--- a/libs/common/src/admin-console/models/domain/organization.spec.ts
+++ b/libs/common/src/admin-console/models/domain/organization.spec.ts
@@ -32,6 +32,7 @@ describe("Organization", () => {
      useSecretsManager: true,
      usePasswordManager: true,
      useActivateAutofillPolicy: false,
+      useAutomaticUserConfirmation: false,
      selfHost: false,
      usersGetPremium: false,
      seats: 10,
@@ -179,4 +180,118 @@ describe("Organization", () => {
      expect(organization.canManageDeviceApprovals).toBe(true);
    });
  });
+
+  describe("canEnableAutoConfirmPolicy", () => {
+    it("should return false when user cannot manage users or policies", () => {
+      data.type = OrganizationUserType.User;
+      data.permissions.manageUsers = false;
+      data.permissions.managePolicies = false;
+      data.useAutomaticUserConfirmation = true;
+
+      const organization = new Organization(data);
+
+      expect(organization.canEnableAutoConfirmPolicy).toBe(false);
+    });
+
+    it("should return false when user can manage users but useAutomaticUserConfirmation is false", () => {
+      data.type = OrganizationUserType.Admin;
+      data.useAutomaticUserConfirmation = false;
+
+      const organization = new Organization(data);
+
+      expect(organization.canEnableAutoConfirmPolicy).toBe(false);
+    });
+
+    it("should return false when user has manageUsers permission but useAutomaticUserConfirmation is false", () => {
+      data.type = OrganizationUserType.User;
+      data.permissions.manageUsers = true;
+      data.useAutomaticUserConfirmation = false;
+
+      const organization = new Organization(data);
+
+      expect(organization.canEnableAutoConfirmPolicy).toBe(false);
+    });
+
+    it("should return false when user can manage policies but useAutomaticUserConfirmation is false", () => {
+      data.type = OrganizationUserType.Admin;
+      data.usePolicies = true;
+      data.useAutomaticUserConfirmation = false;
+
+      const organization = new Organization(data);
+
+      expect(organization.canEnableAutoConfirmPolicy).toBe(false);
+    });
+
+    it("should return false when user has managePolicies permission but usePolicies is false", () => {
+      data.type = OrganizationUserType.User;
+      data.permissions.managePolicies = true;
+      data.usePolicies = false;
+      data.useAutomaticUserConfirmation = true;
+
+      const organization = new Organization(data);
+
+      expect(organization.canEnableAutoConfirmPolicy).toBe(false);
+    });
+
+    it("should return true when admin has useAutomaticUserConfirmation enabled", () => {
+      data.type = OrganizationUserType.Admin;
+      data.useAutomaticUserConfirmation = true;
+
+      const organization = new Organization(data);
+
+      expect(organization.canEnableAutoConfirmPolicy).toBe(true);
+    });
+
+    it("should return true when owner has useAutomaticUserConfirmation enabled", () => {
+      data.type = OrganizationUserType.Owner;
+      data.useAutomaticUserConfirmation = true;
+
+      const organization = new Organization(data);
+
+      expect(organization.canEnableAutoConfirmPolicy).toBe(true);
+    });
+
+    it("should return true when user has manageUsers permission and useAutomaticUserConfirmation is enabled", () => {
+      data.type = OrganizationUserType.User;
+      data.permissions.manageUsers = true;
+      data.useAutomaticUserConfirmation = true;
+
+      const organization = new Organization(data);
+
+      expect(organization.canEnableAutoConfirmPolicy).toBe(true);
+    });
+
+    it("should return true when user has managePolicies permission, usePolicies is true, and useAutomaticUserConfirmation is enabled", () => {
+      data.type = OrganizationUserType.User;
+      data.permissions.managePolicies = true;
+      data.usePolicies = true;
+      data.useAutomaticUserConfirmation = true;
+
+      const organization = new Organization(data);
+
+      expect(organization.canEnableAutoConfirmPolicy).toBe(true);
+    });
+
+    it("should return true when user has both manageUsers and managePolicies permissions with useAutomaticUserConfirmation enabled", () => {
+      data.type = OrganizationUserType.User;
+      data.permissions.manageUsers = true;
+      data.permissions.managePolicies = true;
+      data.usePolicies = true;
+      data.useAutomaticUserConfirmation = true;
+
+      const organization = new Organization(data);
+
+      expect(organization.canEnableAutoConfirmPolicy).toBe(true);
+    });
+
+    it("should return false when provider user has useAutomaticUserConfirmation enabled", () => {
+      data.type = OrganizationUserType.Owner;
+      data.isProviderUser = true;
+      data.useAutomaticUserConfirmation = true;
+
+      const organization = new Organization(data);
+
+      expect(organization.canEnableAutoConfirmPolicy).toBe(false);
+    });
+  });
 });
--- a/libs/common/src/admin-console/models/domain/organization.ts
+++ b/libs/common/src/admin-console/models/domain/organization.ts
@@ -310,6 +310,14 @@ export class Organization {
    return this.isAdmin || this.permissions.manageResetPassword;
  }

+  get canEnableAutoConfirmPolicy() {
+    return (
+      (this.canManageUsers || this.canManagePolicies) &&
+      this.useAutomaticUserConfirmation &&
+      !this.isProviderUser
+    );
+  }
+
  get canManageDeviceApprovals() {
    return (
      (this.isAdmin || this.permissions.manageResetPassword) &&