[PM-12281] [PM-12301] [PM-12306] [PM-12334] Move delete item permission to Can Manage (#11289)

* Added inputs to the view and edit component to disable or remove the delete button when a user does not have manage rights

* Refactored editByCipherId to receive cipherview object

* Fixed issue where adding an item on the individual vault throws a null reference

* Fixed issue where adding an item on the AC vault throws a null reference

* Allow delete in unassigned collection

* created reusable service to check if a user has delete permission on an item

* Registered service

* Used authorizationservice on the browser and desktop

Only display the delete button when a user has delete permission

* Added comments to the service

* Passed active collectionId to add edit component

renamed constructor parameter

* restored input property used by the web

* Fixed dependency issue

* Fixed dependency issue

* Fixed dependency issue

* Modified service to cater for org vault

* Updated to include new dependency

* Updated components to use the observable

* Added check on the cli to know if user has rights to delete an item

* Renamed abstraction and renamed implementation to include Default

Fixed permission issues

* Fixed test to reflect changes in implementation

* Modified base classes to use new naming

Passed new parameters for the canDeleteCipher

* Modified base classes to use new naming

Made changes from base class

* Desktop changes

Updated reference naming

* cli changes

Updated reference naming

Passed new parameters for the canDeleteCipher$

* Updated references

* browser changes

Updated reference naming

Passed new parameters for the canDeleteCipher$

* Modified cipher form dialog to take in active collection id

used canDeleteCipher$ on the vault item dialog to disable the delete button when user does not have the required permissions

* Fix number of arguments issue

* Added active collection id

* Updated canDeleteCipher$ arguments

* Updated to pass the cipher object

* Fixed up refrences and comments

* Updated dependency

* updated check to canEditUnassignedCiphers

* Fixed unit tests

* Removed activeCollectionId from cipher form

* Fixed issue where bulk delete option shows for can edit users

* Fix null reference when checking if a cipher belongs to the unassigned collection

* Fixed bug where allowedCollection passed is undefined

* Modified cipher by adding a isAdminConsoleAction argument to tell when a reuqest comes from the admin console

* Passed isAdminConsoleAction as true when request is from the admin console

libs/angular/src/services/jslib-services.module.ts

@@ -242,6 +242,10 @@ import {
 } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
 import { TotpService as TotpServiceAbstraction } from "@bitwarden/common/vault/abstractions/totp.service";
 import { VaultSettingsService as VaultSettingsServiceAbstraction } from "@bitwarden/common/vault/abstractions/vault-settings/vault-settings.service";
+import {
+  CipherAuthorizationService,
+  DefaultCipherAuthorizationService,
+} from "@bitwarden/common/vault/services/cipher-authorization.service";
 import { CipherService } from "@bitwarden/common/vault/services/cipher.service";
 import { CipherFileUploadService } from "@bitwarden/common/vault/services/file-upload/cipher-file-upload.service";
 import { FolderApiService } from "@bitwarden/common/vault/services/folder/folder-api.service";
@@ -1340,6 +1344,11 @@ const safeProviders: SafeProvider[] = [
       ApiServiceAbstraction,
     ],
   }),
+  safeProvider({
+    provide: CipherAuthorizationService,
+    useClass: DefaultCipherAuthorizationService,
+    deps: [CollectionService, OrganizationServiceAbstraction],
+  }),
 ];
 
 @NgModule({

libs/angular/src/vault/components/add-edit.component.ts

@@ -23,7 +23,7 @@ import { MessagingService } from "@bitwarden/common/platform/abstractions/messag
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { SendApiService } from "@bitwarden/common/tools/send/services/send-api.service.abstraction";
-import { UserId } from "@bitwarden/common/types/guid";
+import { CollectionId, UserId } from "@bitwarden/common/types/guid";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
 import { CipherType, SecureNoteType } from "@bitwarden/common/vault/enums";
@@ -36,6 +36,7 @@ import { IdentityView } from "@bitwarden/common/vault/models/view/identity.view"
 import { LoginUriView } from "@bitwarden/common/vault/models/view/login-uri.view";
 import { LoginView } from "@bitwarden/common/vault/models/view/login.view";
 import { SecureNoteView } from "@bitwarden/common/vault/models/view/secure-note.view";
+import { CipherAuthorizationService } from "@bitwarden/common/vault/services/cipher-authorization.service";
 import { DialogService } from "@bitwarden/components";
 import { PasswordRepromptService } from "@bitwarden/vault";
 
@@ -47,6 +48,7 @@ export class AddEditComponent implements OnInit, OnDestroy {
   @Input() type: CipherType;
   @Input() collectionIds: string[];
   @Input() organizationId: string = null;
+  @Input() collectionId: string = null;
   @Output() onSavedCipher = new EventEmitter<CipherView>();
   @Output() onDeletedCipher = new EventEmitter<CipherView>();
   @Output() onRestoredCipher = new EventEmitter<CipherView>();
@@ -57,6 +59,8 @@ export class AddEditComponent implements OnInit, OnDestroy {
   @Output() onGeneratePassword = new EventEmitter();
   @Output() onGenerateUsername = new EventEmitter();
 
+  canDeleteCipher$: Observable<boolean>;
+
   editMode = false;
   cipher: CipherView;
   folders$: Observable<FolderView[]>;
@@ -83,6 +87,10 @@ export class AddEditComponent implements OnInit, OnDestroy {
   reprompt = false;
   canUseReprompt = true;
   organization: Organization;
+  /**
+   * Flag to determine if the action is being performed from the admin console.
+   */
+  isAdminConsoleAction: boolean = false;
 
   protected componentName = "";
   protected destroy$ = new Subject<void>();
@@ -118,6 +126,7 @@ export class AddEditComponent implements OnInit, OnDestroy {
     protected win: Window,
     protected datePipe: DatePipe,
     protected configService: ConfigService,
+    protected cipherAuthorizationService: CipherAuthorizationService,
   ) {
     this.typeOptions = [
       { name: i18nService.t("typeLogin"), value: CipherType.Login },
@@ -314,6 +323,12 @@ export class AddEditComponent implements OnInit, OnDestroy {
     if (this.reprompt) {
       this.cipher.login.autofillOnPageLoad = this.autofillOnPageLoadOptions[2].value;
     }
+
+    this.canDeleteCipher$ = this.cipherAuthorizationService.canDeleteCipher$(
+      this.cipher,
+      [this.collectionId as CollectionId],
+      this.isAdminConsoleAction,
+    );
   }
 
   async submit(): Promise<boolean> {

libs/angular/src/vault/components/view.component.ts

@@ -9,7 +9,7 @@ import {
   OnInit,
   Output,
 } from "@angular/core";
-import { firstValueFrom, map } from "rxjs";
+import { firstValueFrom, map, Observable } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { AuditService } from "@bitwarden/common/abstractions/audit.service";
@@ -28,6 +28,7 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { EncArrayBuffer } from "@bitwarden/common/platform/models/domain/enc-array-buffer";
+import { CollectionId } from "@bitwarden/common/types/guid";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
 import { TotpService } from "@bitwarden/common/vault/abstractions/totp.service";
@@ -37,6 +38,7 @@ import { Launchable } from "@bitwarden/common/vault/interfaces/launchable";
 import { AttachmentView } from "@bitwarden/common/vault/models/view/attachment.view";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
 import { FolderView } from "@bitwarden/common/vault/models/view/folder.view";
+import { CipherAuthorizationService } from "@bitwarden/common/vault/services/cipher-authorization.service";
 import { DialogService } from "@bitwarden/components";
 import { PasswordRepromptService } from "@bitwarden/vault";
 
@@ -45,12 +47,14 @@ const BroadcasterSubscriptionId = "ViewComponent";
 @Directive()
 export class ViewComponent implements OnDestroy, OnInit {
   @Input() cipherId: string;
+  @Input() collectionId: string;
   @Output() onEditCipher = new EventEmitter<CipherView>();
   @Output() onCloneCipher = new EventEmitter<CipherView>();
   @Output() onShareCipher = new EventEmitter<CipherView>();
   @Output() onDeletedCipher = new EventEmitter<CipherView>();
   @Output() onRestoredCipher = new EventEmitter<CipherView>();
 
+  canDeleteCipher$: Observable<boolean>;
   cipher: CipherView;
   showPassword: boolean;
   showPasswordCount: boolean;
@@ -105,6 +109,7 @@ export class ViewComponent implements OnDestroy, OnInit {
     protected datePipe: DatePipe,
     protected accountService: AccountService,
     private billingAccountProfileStateService: BillingAccountProfileStateService,
+    private cipherAuthorizationService: CipherAuthorizationService,
   ) {}
 
   ngOnInit() {
@@ -144,6 +149,9 @@ export class ViewComponent implements OnDestroy, OnInit {
     );
     this.showPremiumRequiredTotp =
       this.cipher.login.totp && !this.canAccessPremium && !this.cipher.organizationUseTotp;
+    this.canDeleteCipher$ = this.cipherAuthorizationService.canDeleteCipher$(this.cipher, [
+      this.collectionId as CollectionId,
+    ]);
 
     if (this.cipher.folderId) {
       this.folder = await (