[AC-1623] Introduce Clone option to individual vault for organization items (#8608)

* [AC-1623] Remove cloneableOrganizationCiphers property
and update canClone to reflect new clone permission logic

* [AC-1623] Remove allowOwnershipAssignment override in orgVault as the same restrictions apply to both vaults

* [AC-1623] Ensure ownershipOptions are restricted for non-admins when cloning an org cipher item

apps/web/src/app/vault/components/vault-items/vault-items.component.ts

@@ -32,7 +32,6 @@ export class VaultItemsComponent {
   @Input() showCollections: boolean;
   @Input() showGroups: boolean;
   @Input() useEvents: boolean;
-  @Input() cloneableOrganizationCiphers: boolean;
   @Input() showPremiumFeatures: boolean;
   @Input() showBulkMove: boolean;
   @Input() showBulkTrashOptions: boolean;
@@ -160,10 +159,27 @@ export class VaultItemsComponent {
   }
 
   protected canClone(vaultItem: VaultItem) {
-    return (
-      (vaultItem.cipher.organizationId && this.cloneableOrganizationCiphers) ||
-      vaultItem.cipher.organizationId == null
-    );
+    if (vaultItem.cipher.organizationId == null) {
+      return true;
+    }
+
+    const org = this.allOrganizations.find((o) => o.id === vaultItem.cipher.organizationId);
+
+    // Admins and custom users can always clone in the Org Vault
+    if (this.viewingOrgVault && (org.isAdmin || org.permissions.editAnyCollection)) {
+      return true;
+    }
+
+    // Check if the cipher belongs to a collection with canManage permission
+    const orgCollections = this.allCollections.filter((c) => c.organizationId === org.id);
+
+    for (const collection of orgCollections) {
+      if (vaultItem.cipher.collectionIds.includes(collection.id) && collection.manage) {
+        return true;
+      }
+    }
+
+    return false;
   }
 
   private refreshItems() {