[AC-2320] Update canEditAnyCollection logic for Flexible Collections v1 (#8394)

* also update calling locations to use canEditAllCiphers where applicable

libs/common/src/admin-console/models/domain/organization.ts

@@ -188,18 +188,29 @@ export class Organization {
     return this.isManager || this.permissions.createNewCollections;
   }
 
-  get canEditAnyCollection() {
-    return this.isAdmin || this.permissions.editAnyCollection;
+  canEditAnyCollection(flexibleCollectionsV1Enabled: boolean) {
+    if (!this.flexibleCollections || !flexibleCollectionsV1Enabled) {
+      // Pre-Flexible Collections v1 logic
+      return this.isAdmin || this.permissions.editAnyCollection;
+    }
+
+    // Post Flexible Collections V1, the allowAdminAccessToAllCollectionItems flag can restrict admins
+    // Providers and custom users with canEditAnyCollection are not affected by allowAdminAccessToAllCollectionItems flag
+    return (
+      this.isProviderUser ||
+      (this.type === OrganizationUserType.Custom && this.permissions.editAnyCollection) ||
+      (this.allowAdminAccessToAllCollectionItems && this.isAdmin)
+    );
   }
 
-  get canUseAdminCollections() {
-    return this.canEditAnyCollection;
+  canUseAdminCollections(flexibleCollectionsV1Enabled: boolean) {
+    return this.canEditAnyCollection(flexibleCollectionsV1Enabled);
   }
 
   canEditAllCiphers(flexibleCollectionsV1Enabled: boolean) {
-    // Before Flexible Collections, anyone with editAnyCollection permission could edit all ciphers
-    if (!flexibleCollectionsV1Enabled) {
-      return this.canEditAnyCollection;
+    // Before Flexible Collections, any admin or anyone with editAnyCollection permission could edit all ciphers
+    if (!this.flexibleCollections || !flexibleCollectionsV1Enabled) {
+      return this.isAdmin || this.permissions.editAnyCollection;
     }
     // Post Flexible Collections V1, the allowAdminAccessToAllCollectionItems flag can restrict admins
     // Providers and custom users with canEditAnyCollection are not affected by allowAdminAccessToAllCollectionItems flag
@@ -214,8 +225,13 @@ export class Organization {
     return this.isAdmin || this.permissions.deleteAnyCollection;
   }
 
+  /**
+   * Whether the user can view all collection information, such as collection name and access.
+   * This does not indicate that the user can view items inside any collection - for that, see {@link canEditAllCiphers}
+   */
   get canViewAllCollections() {
-    return this.canEditAnyCollection || this.canDeleteAnyCollection;
+    // Admins can always see all collections even if collection management settings prevent them from editing them or seeing items
+    return this.isAdmin || this.permissions.editAnyCollection || this.canDeleteAnyCollection;
   }
 
   /**

libs/common/src/vault/models/view/collection.view.ts

@@ -53,11 +53,11 @@ export class CollectionView implements View, ITreeNodeObject {
       );
     }
 
-    return org?.canEditAnyCollection || (org?.canEditAssignedCollections && this.assigned);
+    return org?.canEditAnyCollection(false) || (org?.canEditAssignedCollections && this.assigned);
   }
 
   // For editing collection details, not the items within it.
-  canEdit(org: Organization): boolean {
+  canEdit(org: Organization, flexibleCollectionsV1Enabled: boolean): boolean {
     if (org != null && org.id !== this.organizationId) {
       throw new Error(
         "Id of the organization provided does not match the org id of the collection.",
@@ -65,8 +65,8 @@ export class CollectionView implements View, ITreeNodeObject {
     }
 
     return org?.flexibleCollections
-      ? org?.canEditAnyCollection || this.manage
-      : org?.canEditAnyCollection || org?.canEditAssignedCollections;
+      ? org?.canEditAnyCollection(flexibleCollectionsV1Enabled) || this.manage
+      : org?.canEditAnyCollection(flexibleCollectionsV1Enabled) || org?.canEditAssignedCollections;
   }
 
   // For deleting a collection, not the items within it.