[PM-19306] - [Vault] In Admin Console Policies area add the remove card item type policy (#15065)

* WIP - add restricted item types policy

* admin console restricted item types

* add comment

* update feature flag

* fix comment

apps/web/src/app/admin-console/organizations/policies/index.ts

@@ -11,3 +11,4 @@ export { SingleOrgPolicy } from "./single-org.component";
 export { TwoFactorAuthenticationPolicy } from "./two-factor-authentication.component";
 export { PoliciesComponent } from "./policies.component";
 export { RemoveUnlockWithPinPolicy } from "./remove-unlock-with-pin.component";
+export { RestrictedItemTypesPolicy } from "./restricted-item-types.component";

apps/web/src/app/admin-console/organizations/policies/policies.component.ts

@@ -15,6 +15,8 @@ import { Organization } from "@bitwarden/common/admin-console/models/domain/orga
 import { PolicyResponse } from "@bitwarden/common/admin-console/models/response/policy.response";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { OrganizationBillingServiceAbstraction } from "@bitwarden/common/billing/abstractions";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { DialogService } from "@bitwarden/components";
 import {
   ChangePlanDialogResultType,
@@ -23,7 +25,7 @@ import {
 import { All } from "@bitwarden/web-vault/app/vault/individual-vault/vault-filter/shared/models/routed-vault-filter.model";
 
 import { PolicyListService } from "../../core/policy-list.service";
-import { BasePolicy } from "../policies";
+import { BasePolicy, RestrictedItemTypesPolicy } from "../policies";
 import { CollectionDialogTabType } from "../shared/components/collection-dialog";
 
 import { PolicyEditComponent, PolicyEditDialogResult } from "./policy-edit.component";
@@ -51,6 +53,7 @@ export class PoliciesComponent implements OnInit {
     private policyListService: PolicyListService,
     private organizationBillingService: OrganizationBillingServiceAbstraction,
     private dialogService: DialogService,
+    private configService: ConfigService,
   ) {}
 
   async ngOnInit() {
@@ -91,6 +94,12 @@ export class PoliciesComponent implements OnInit {
   }
 
   async load() {
+    if (
+      (await this.configService.getFeatureFlag(FeatureFlag.RemoveCardItemTypePolicy)) &&
+      this.policyListService.getPolicies().every((p) => !(p instanceof RestrictedItemTypesPolicy))
+    ) {
+      this.policyListService.addPolicies([new RestrictedItemTypesPolicy()]);
+    }
     const response = await this.policyApiService.getPolicies(this.organizationId);
     this.orgPolicies = response.data != null && response.data.length > 0 ? response.data : [];
     this.orgPolicies.forEach((op) => {

apps/web/src/app/admin-console/organizations/policies/policies.module.ts

@@ -11,6 +11,7 @@ import { PolicyEditComponent } from "./policy-edit.component";
 import { RemoveUnlockWithPinPolicyComponent } from "./remove-unlock-with-pin.component";
 import { RequireSsoPolicyComponent } from "./require-sso.component";
 import { ResetPasswordPolicyComponent } from "./reset-password.component";
+import { RestrictedItemTypesPolicyComponent } from "./restricted-item-types.component";
 import { SendOptionsPolicyComponent } from "./send-options.component";
 import { SingleOrgPolicyComponent } from "./single-org.component";
 import { TwoFactorAuthenticationPolicyComponent } from "./two-factor-authentication.component";
@@ -30,6 +31,7 @@ import { TwoFactorAuthenticationPolicyComponent } from "./two-factor-authenticat
     PoliciesComponent,
     PolicyEditComponent,
     RemoveUnlockWithPinPolicyComponent,
+    RestrictedItemTypesPolicyComponent,
   ],
   exports: [
     DisableSendPolicyComponent,

apps/web/src/app/admin-console/organizations/policies/restricted-item-types.component.html

@@ -0,0 +1,6 @@
+<bit-form-control>
+  <input type="checkbox" bitCheckbox [formControl]="enabled" id="enabled" />
+  <bit-label>{{ "turnOn" | i18n }}</bit-label>
+</bit-form-control>
+<!-- To allow for multiple item types we can add a data formGroup, iterate over the
+ cipher types as checkboxes/multi-select and use that as a means to track which types are restricted -->

apps/web/src/app/admin-console/organizations/policies/restricted-item-types.component.ts

@@ -0,0 +1,23 @@
+import { Component } from "@angular/core";
+
+import { PolicyType } from "@bitwarden/common/admin-console/enums";
+
+import { BasePolicy, BasePolicyComponent } from "./base-policy.component";
+
+export class RestrictedItemTypesPolicy extends BasePolicy {
+  name = "restrictedItemTypesPolicy";
+  description = "restrictedItemTypesPolicyDesc";
+  type = PolicyType.RestrictedItemTypesPolicy;
+  component = RestrictedItemTypesPolicyComponent;
+}
+
+@Component({
+  selector: "policy-restricted-item-types",
+  templateUrl: "restricted-item-types.component.html",
+  standalone: false,
+})
+export class RestrictedItemTypesPolicyComponent extends BasePolicyComponent {
+  constructor() {
+    super();
+  }
+}

apps/web/src/locales/en/messages.json

@@ -2154,6 +2154,12 @@
   "twoStepLoginRecoveryWarning": {
     "message": "Setting up two-step login can permanently lock you out of your Bitwarden account. A recovery code allows you to access your account in the event that you can no longer use your normal two-step login provider (example: you lose your device). Bitwarden support will not be able to assist you if you lose access to your account. We recommend you write down or print the recovery code and keep it in a safe place."
   },
+  "restrictedItemTypesPolicy": {
+    "message": "Remove card item type"
+  },
+  "restrictedItemTypesPolicyDesc": {
+    "message": "Do not allow members to create card item types."
+  },
   "yourSingleUseRecoveryCode": {
     "message": "Your single-use recovery code can be used to turn off two-step login in the event that you lose access to your two-step login provider. Bitwarden recommends you write down the recovery code and keep it in a safe place."
   },