[AC-1124] Restrict admins from accessing items in the Collections tab (#7537)

* [AC-1124] Add getManyFromApiForOrganization to cipher.service.ts

* [AC-1124] Use getManyFromApiForOrganization when a user does not have access to all ciphers

* [AC-1124] Vault changes
- Show new collection access restricted view
- Include unassigned ciphers for restricted admins
- Restrict collections when creating/cloning/editing ciphers

* [AC-1124] Update edit cipher on page navigation to check if user can access the cipher

* [AC-1124] Hide ciphers from restricted collections

* [AC-1124] Ensure providers are not shown collection access restricted view

* [AC-1124] Modify add-edit component to call the correct endpoint when a restricted admin attempts to add-edit a cipher

* [AC-1124] Fix bug after merge with main

* [AC-1124] Use private this._organization

* [AC-1124] Fix broken builds

libs/common/src/admin-console/models/domain/organization.ts

@@ -196,6 +196,20 @@ export class Organization {
     return this.canEditAnyCollection;
   }
 
+  canEditAllCiphers(flexibleCollectionsV1Enabled: boolean) {
+    // Before Flexible Collections, anyone with editAnyCollection permission could edit all ciphers
+    if (!flexibleCollectionsV1Enabled) {
+      return this.canEditAnyCollection;
+    }
+    // Post Flexible Collections V1, the allowAdminAccessToAllCollectionItems flag can restrict admins
+    // Providers are not affected by allowAdminAccessToAllCollectionItems flag
+    // note: canEditAnyCollection may change in the V1 to also ignore the allowAdminAccessToAllCollectionItems flag
+    return (
+      this.isProviderUser ||
+      (this.allowAdminAccessToAllCollectionItems && this.canEditAnyCollection)
+    );
+  }
+
   get canDeleteAnyCollection() {
     return this.isAdmin || this.permissions.deleteAnyCollection;
   }