From 8d3cbd3da617e718a4664f4b5973fca6bc261658 Mon Sep 17 00:00:00 2001
From: Brad <44413459+lastbestdev@users.noreply.github.com>
Date: Thu, 12 Feb 2026 13:59:27 -0800
Subject: [PATCH] [PM-31801] Fix: Allow admins/owners to edit all ciphers in
 reports when Org setting is enabled#18856

This PR fixes an issue where admins couldn't edit ciphers in organization reports when the "Allow Admin Access to All Collection Items" setting was enabled.

The fix adds a check for organization.allowAdminAccessToAllCollectionItems in the canManage() method across all organization report components. When this setting is enabled, admins/owners can now properly edit all ciphers regardless of collection membership.
---
 .../pages/organizations/exposed-passwords-report.component.ts  | 3 +++
 .../organizations/inactive-two-factor-report.component.ts      | 3 +++
 .../pages/organizations/reused-passwords-report.component.ts   | 3 +++
 .../pages/organizations/unsecured-websites-report.component.ts | 3 +++
 .../pages/organizations/weak-passwords-report.component.ts     | 3 +++
 5 files changed, 15 insertions(+)

diff --git a/apps/web/src/app/dirt/reports/pages/organizations/exposed-passwords-report.component.ts b/apps/web/src/app/dirt/reports/pages/organizations/exposed-passwords-report.component.ts
index 603c01bd2ab..ea1e6137d71 100644
--- a/apps/web/src/app/dirt/reports/pages/organizations/exposed-passwords-report.component.ts
+++ b/apps/web/src/app/dirt/reports/pages/organizations/exposed-passwords-report.component.ts
@@ -103,6 +103,9 @@ export class ExposedPasswordsReportComponent
     if (c.collectionIds.length === 0) {
       return true;
     }
+    if (this.organization?.allowAdminAccessToAllCollectionItems) {
+      return true;
+    }
     return this.manageableCiphers.some((x) => x.id === c.id);
   }
 }
diff --git a/apps/web/src/app/dirt/reports/pages/organizations/inactive-two-factor-report.component.ts b/apps/web/src/app/dirt/reports/pages/organizations/inactive-two-factor-report.component.ts
index 4104e16b3b5..ce81bef5f4b 100644
--- a/apps/web/src/app/dirt/reports/pages/organizations/inactive-two-factor-report.component.ts
+++ b/apps/web/src/app/dirt/reports/pages/organizations/inactive-two-factor-report.component.ts
@@ -108,6 +108,9 @@ export class InactiveTwoFactorReportComponent
     if (c.collectionIds.length === 0) {
       return true;
     }
+    if (this.organization?.allowAdminAccessToAllCollectionItems) {
+      return true;
+    }
     return this.manageableCiphers.some((x) => x.id === c.id);
   }
 }
diff --git a/apps/web/src/app/dirt/reports/pages/organizations/reused-passwords-report.component.ts b/apps/web/src/app/dirt/reports/pages/organizations/reused-passwords-report.component.ts
index 683b195b271..edb9001488f 100644
--- a/apps/web/src/app/dirt/reports/pages/organizations/reused-passwords-report.component.ts
+++ b/apps/web/src/app/dirt/reports/pages/organizations/reused-passwords-report.component.ts
@@ -102,6 +102,9 @@ export class ReusedPasswordsReportComponent
     if (c.collectionIds.length === 0) {
       return true;
     }
+    if (this.organization?.allowAdminAccessToAllCollectionItems) {
+      return true;
+    }
     return this.manageableCiphers.some((x) => x.id === c.id);
   }
 }
diff --git a/apps/web/src/app/dirt/reports/pages/organizations/unsecured-websites-report.component.ts b/apps/web/src/app/dirt/reports/pages/organizations/unsecured-websites-report.component.ts
index 893a5058bd2..7edcb003e4f 100644
--- a/apps/web/src/app/dirt/reports/pages/organizations/unsecured-websites-report.component.ts
+++ b/apps/web/src/app/dirt/reports/pages/organizations/unsecured-websites-report.component.ts
@@ -105,6 +105,9 @@ export class UnsecuredWebsitesReportComponent
     if (c.collectionIds.length === 0) {
       return true;
     }
+    if (this.organization?.allowAdminAccessToAllCollectionItems) {
+      return true;
+    }
     return this.manageableCiphers.some((x) => x.id === c.id);
   }
 }
diff --git a/apps/web/src/app/dirt/reports/pages/organizations/weak-passwords-report.component.ts b/apps/web/src/app/dirt/reports/pages/organizations/weak-passwords-report.component.ts
index aadd015e29d..62f91ff06b2 100644
--- a/apps/web/src/app/dirt/reports/pages/organizations/weak-passwords-report.component.ts
+++ b/apps/web/src/app/dirt/reports/pages/organizations/weak-passwords-report.component.ts
@@ -104,6 +104,9 @@ export class WeakPasswordsReportComponent
     if (c.collectionIds.length === 0) {
       return true;
     }
+    if (this.organization?.allowAdminAccessToAllCollectionItems) {
+      return true;
+    }
     return this.manageableCiphers.some((x) => x.id === c.id);
   }
 }