From 32a439276202b7a8d836a8081917c76cdfef2c67 Mon Sep 17 00:00:00 2001
From: Brad Deibert <bdeibert@bitwarden.com>
Date: Wed, 14 Jan 2026 17:03:37 -0800
Subject: [PATCH] update all org reports to get permission data from cached
 ciphers

---
 .../exposed-passwords-report.component.ts     | 19 +++++++++++++++++--
 .../inactive-two-factor-report.component.ts   | 17 ++++++++++++++++-
 .../reused-passwords-report.component.ts      | 19 +++++++++++++++++--
 .../unsecured-websites-report.component.ts    | 19 +++++++++++++++++--
 .../weak-passwords-report.component.ts        | 19 +++++++++++++++++--
 5 files changed, 84 insertions(+), 9 deletions(-)

diff --git a/apps/web/src/app/dirt/reports/pages/organizations/exposed-passwords-report.component.ts b/apps/web/src/app/dirt/reports/pages/organizations/exposed-passwords-report.component.ts
index f83614557bd..016be9f9684 100644
--- a/apps/web/src/app/dirt/reports/pages/organizations/exposed-passwords-report.component.ts
+++ b/apps/web/src/app/dirt/reports/pages/organizations/exposed-passwords-report.component.ts
@@ -91,8 +91,23 @@ export class ExposedPasswordsReportComponent
     });
   }
 
-  getAllCiphers(): Promise<CipherView[]> {
-    return this.cipherService.getAllFromApiForOrganization(this.organization.id, true);
+  async getAllCiphers(): Promise<CipherView[]> {
+    const orgCiphers = await this.cipherService.getAllFromApiForOrganization(
+      this.organization.id,
+      true,
+    );
+
+    // response from API above does not include permission levels for ciphers. look up ciphers in cache and use current user's permissions where possible
+    orgCiphers.map((cipher) => {
+      const editable = this.manageableCiphers.find((c) => c.id === cipher.id);
+      if (editable) {
+        cipher.edit = editable.edit;
+        cipher.viewPassword = editable.viewPassword;
+        cipher.permissions = editable.permissions;
+      }
+    });
+
+    return orgCiphers;
   }
 
   canManageCipher(c: CipherView): boolean {
diff --git a/apps/web/src/app/dirt/reports/pages/organizations/inactive-two-factor-report.component.ts b/apps/web/src/app/dirt/reports/pages/organizations/inactive-two-factor-report.component.ts
index b1adbd26eb3..448b43039ad 100644
--- a/apps/web/src/app/dirt/reports/pages/organizations/inactive-two-factor-report.component.ts
+++ b/apps/web/src/app/dirt/reports/pages/organizations/inactive-two-factor-report.component.ts
@@ -98,7 +98,22 @@ export class InactiveTwoFactorReportComponent
 
   async getAllCiphers(): Promise<CipherView[]> {
     if (this.organization) {
-      return await this.cipherService.getAllFromApiForOrganization(this.organization.id, true);
+      const orgCiphers = await this.cipherService.getAllFromApiForOrganization(
+        this.organization.id,
+        true,
+      );
+
+      // response from API above does not include permission levels for ciphers. look up ciphers in cache and use current user's permissions where possible
+      orgCiphers.map((cipher) => {
+        const editable = this.manageableCiphers.find((c) => c.id === cipher.id);
+        if (editable) {
+          cipher.edit = editable.edit;
+          cipher.viewPassword = editable.viewPassword;
+          cipher.permissions = editable.permissions;
+        }
+      });
+
+      return orgCiphers;
     }
     return [];
   }
diff --git a/apps/web/src/app/dirt/reports/pages/organizations/reused-passwords-report.component.ts b/apps/web/src/app/dirt/reports/pages/organizations/reused-passwords-report.component.ts
index 3944e2edfcb..fd00a543ce4 100644
--- a/apps/web/src/app/dirt/reports/pages/organizations/reused-passwords-report.component.ts
+++ b/apps/web/src/app/dirt/reports/pages/organizations/reused-passwords-report.component.ts
@@ -89,8 +89,23 @@ export class ReusedPasswordsReportComponent
     });
   }
 
-  getAllCiphers(): Promise<CipherView[]> {
-    return this.cipherService.getAllFromApiForOrganization(this.organization.id, true);
+  async getAllCiphers(): Promise<CipherView[]> {
+    const orgCiphers = await this.cipherService.getAllFromApiForOrganization(
+      this.organization.id,
+      true,
+    );
+
+    // response from API above does not include permission levels for ciphers. look up ciphers in cache and use current user's permissions where possible
+    orgCiphers.map((cipher) => {
+      const editable = this.manageableCiphers.find((c) => c.id === cipher.id);
+      if (editable) {
+        cipher.edit = editable.edit;
+        cipher.viewPassword = editable.viewPassword;
+        cipher.permissions = editable.permissions;
+      }
+    });
+
+    return orgCiphers;
   }
 
   canManageCipher(c: CipherView): boolean {
diff --git a/apps/web/src/app/dirt/reports/pages/organizations/unsecured-websites-report.component.ts b/apps/web/src/app/dirt/reports/pages/organizations/unsecured-websites-report.component.ts
index d49baa5d465..02dac5c6703 100644
--- a/apps/web/src/app/dirt/reports/pages/organizations/unsecured-websites-report.component.ts
+++ b/apps/web/src/app/dirt/reports/pages/organizations/unsecured-websites-report.component.ts
@@ -94,8 +94,23 @@ export class UnsecuredWebsitesReportComponent
     });
   }
 
-  getAllCiphers(): Promise<CipherView[]> {
-    return this.cipherService.getAllFromApiForOrganization(this.organization.id, true);
+  async getAllCiphers(): Promise<CipherView[]> {
+    const orgCiphers = await this.cipherService.getAllFromApiForOrganization(
+      this.organization.id,
+      true,
+    );
+
+    // response from API above does not include permission levels for ciphers. look up ciphers in cache and use current user's permissions where possible
+    orgCiphers.map((cipher) => {
+      const editable = this.manageableCiphers.find((c) => c.id === cipher.id);
+      if (editable) {
+        cipher.edit = editable.edit;
+        cipher.viewPassword = editable.viewPassword;
+        cipher.permissions = editable.permissions;
+      }
+    });
+
+    return orgCiphers;
   }
 
   protected canManageCipher(c: CipherView): boolean {
diff --git a/apps/web/src/app/dirt/reports/pages/organizations/weak-passwords-report.component.ts b/apps/web/src/app/dirt/reports/pages/organizations/weak-passwords-report.component.ts
index 5158416dd28..cff3f8f8455 100644
--- a/apps/web/src/app/dirt/reports/pages/organizations/weak-passwords-report.component.ts
+++ b/apps/web/src/app/dirt/reports/pages/organizations/weak-passwords-report.component.ts
@@ -93,8 +93,23 @@ export class WeakPasswordsReportComponent
     });
   }
 
-  getAllCiphers(): Promise<CipherView[]> {
-    return this.cipherService.getAllFromApiForOrganization(this.organization.id, true);
+  async getAllCiphers(): Promise<CipherView[]> {
+    const orgCiphers = await this.cipherService.getAllFromApiForOrganization(
+      this.organization.id,
+      true,
+    );
+
+    // response from API above does not include permission levels for ciphers. look up ciphers in cache and use current user's permissions where possible
+    orgCiphers.map((cipher) => {
+      const editable = this.manageableCiphers.find((c) => c.id === cipher.id);
+      if (editable) {
+        cipher.edit = editable.edit;
+        cipher.viewPassword = editable.viewPassword;
+        cipher.permissions = editable.permissions;
+      }
+    });
+
+    return orgCiphers;
   }
 
   canManageCipher(c: CipherView): boolean {