[PM-10314] Update Warnings for Verifying Domains and Single Org Policy Auto Enable (#11688)

* Updated description and warning for single org policy. * Added check for verified domains in disabling single org.
2025-12-14 07:13:32 +00:00 · 2024-10-28 11:00:39 -05:00
parent f86bc9bf28
commit 53f13f4ea5
7 changed files with 93 additions and 9 deletions
--- a/apps/web/src/app/admin-console/organizations/policies/policy-edit.component.html
+++ b/apps/web/src/app/admin-console/organizations/policies/policy-edit.component.html
@@ -15,7 +15,7 @@
      </div>
    </ng-container>
    <ng-container bitDialogFooter>
-      <button bitButton buttonType="primary" bitFormButton type="submit">
+      <button bitButton buttonType="primary" [disabled]="saveDisabled" bitFormButton type="submit">
        {{ "save" | i18n }}
      </button>
      <button bitButton buttonType="secondary" bitDialogClose type="button">
--- a/apps/web/src/app/admin-console/organizations/policies/policy-edit.component.ts
+++ b/apps/web/src/app/admin-console/organizations/policies/policy-edit.component.ts
@@ -42,6 +42,7 @@ export class PolicyEditComponent implements AfterViewInit {
  policyType = PolicyType;
  loading = true;
  enabled = false;
+  saveDisabled = false;
  defaultTypes: any[];
  policyComponent: BasePolicyComponent;

@@ -72,6 +73,8 @@ export class PolicyEditComponent implements AfterViewInit {
    this.policyComponent.policy = this.data.policy;
    this.policyComponent.policyResponse = this.policyResponse;

+    this.saveDisabled = !this.policyResponse.canToggleState;
+
    this.cdr.detectChanges();
  }

--- a/apps/web/src/app/admin-console/organizations/policies/single-org.component.html
+++ b/apps/web/src/app/admin-console/organizations/policies/single-org.component.html
@@ -1,6 +1,11 @@
-<bit-callout type="warning">
-  {{ "singleOrgPolicyWarning" | i18n }}
+<bit-callout *ngIf="accountDeprovisioningEnabled$ | async; else disabledBlock" type="warning">
+  {{ "singleOrgPolicyMemberWarning" | i18n }}
 </bit-callout>
+<ng-template #disabledBlock>
+  <bit-callout type="warning">
+    {{ "singleOrgPolicyWarning" | i18n }}
+  </bit-callout>
+</ng-template>

 <bit-form-control>
  <input type="checkbox" bitCheckbox [formControl]="enabled" id="enabled" />
--- a/apps/web/src/app/admin-console/organizations/policies/single-org.component.ts
+++ b/apps/web/src/app/admin-console/organizations/policies/single-org.component.ts
@@ -1,4 +1,5 @@
-import { Component } from "@angular/core";
+import { Component, OnInit } from "@angular/core";
+import { firstValueFrom, Observable } from "rxjs";

 import { PolicyType } from "@bitwarden/common/admin-console/enums";
 import { PolicyRequest } from "@bitwarden/common/admin-console/models/request/policy.request";
@@ -19,7 +20,7 @@ export class SingleOrgPolicy extends BasePolicy {
  selector: "policy-single-org",
  templateUrl: "single-org.component.html",
 })
-export class SingleOrgPolicyComponent extends BasePolicyComponent {
+export class SingleOrgPolicyComponent extends BasePolicyComponent implements OnInit {
  constructor(
    private i18nService: I18nService,
    private configService: ConfigService,
@@ -27,6 +28,23 @@ export class SingleOrgPolicyComponent extends BasePolicyComponent {
    super();
  }

+  protected accountDeprovisioningEnabled$: Observable<boolean> = this.configService.getFeatureFlag$(
+    FeatureFlag.AccountDeprovisioning,
+  );
+
+  async ngOnInit() {
+    super.ngOnInit();
+
+    const isAccountDeprovisioningEnabled = await firstValueFrom(this.accountDeprovisioningEnabled$);
+    this.policy.description = isAccountDeprovisioningEnabled
+      ? "singleOrgPolicyDesc"
+      : "singleOrgDesc";
+
+    if (!this.policyResponse.canToggleState) {
+      this.enabled.disable();
+    }
+  }
+
  async buildRequest(policiesEnabledMap: Map<PolicyType, boolean>): Promise<PolicyRequest> {
    if (await this.configService.getFeatureFlag(FeatureFlag.Pm13322AddPolicyDefinitions)) {
      // We are now relying on server-side validation only
@@ -48,6 +66,15 @@ export class SingleOrgPolicyComponent extends BasePolicyComponent {
          ),
        );
      }
+
+      if (
+        (await firstValueFrom(this.accountDeprovisioningEnabled$)) &&
+        !this.policyResponse.canToggleState
+      ) {
+        throw new Error(
+          this.i18nService.t("disableRequiredError", this.i18nService.t("singleOrg")),
+        );
+      }
    }

    return super.buildRequest(policiesEnabledMap);
--- a/apps/web/src/locales/en/messages.json
+++ b/apps/web/src/locales/en/messages.json
@@ -4684,12 +4684,18 @@
  "singleOrgDesc": {
    "message": "Restrict members from joining other organizations."
  },
+  "singleOrgPolicyDesc": {
+    "message": "Restrict members from joining other organizations. This policy is required for organizations that have enabled domain verification."
+  },
  "singleOrgBlockCreateMessage": {
    "message": "Your current organization has a policy that does not allow you to join more than one organization. Please contact your organization admins or sign up from a different Bitwarden account."
  },
  "singleOrgPolicyWarning": {
    "message": "Organization members who are not owners or admins and are already a member of another organization will be removed from your organization."
  },
+  "singleOrgPolicyMemberWarning": {
+    "message": "Non-compliant members will be placed in revoked status until they leave all other organizations. Administrators are exempt and can restore members once compliance is met."
+  },
  "requireSso": {
    "message": "Require single sign-on authentication"
  },
@@ -9531,5 +9537,11 @@
  },
  "selfHostingTitleProper": {
    "message": "Self-Hosting"
+  },
+  "verified-domain-single-org-warning" : {
+    "message": "Verifying a domain will turn on the single organization policy."
+  },
+  "single-org-revoked-user-warning": {
+    "message": "Non-compliant members will be revoked. Administrators can restore members once they leave all other organizations."
  }
 }