[PM-11404] Account Management: Prevent a verified user from purging their vault (#11411)

* Update AccountService to include a method for setting the managedByOrganizationId * Update AccountComponent to conditionally show the purgeVault button based on a feature flag and if the user is managed by an organization * Add missing method to FakeAccountService * Remove the setAccountManagedByOrganizationId method from the AccountService abstract class. * Refactor AccountComponent to use OrganizationService to check for managing organization * Rename managesActiveUser to userIsManagedByOrganization * Refactor userIsManagedByOrganization property to be non-nullable in organization data and response models * Refactor organization.data.spec.ts to include non-nullable userIsManagedByOrganization property
2025-12-14 23:33:31 +00:00 · 2024-10-17 16:06:33 +01:00
parent a5f856da2a
commit 97e195cd7b
7 changed files with 40 additions and 4 deletions
--- a/apps/web/src/app/auth/settings/account/account.component.html
+++ b/apps/web/src/app/auth/settings/account/account.component.html
@@ -12,7 +12,13 @@
    <button type="button" bitButton buttonType="danger" (click)="deauthorizeSessions()">
      {{ "deauthorizeSessions" | i18n }}
    </button>
-    <button type="button" bitButton buttonType="danger" [bitAction]="purgeVault">
+    <button
+      *ngIf="showPurgeVault$ | async"
+      type="button"
+      bitButton
+      buttonType="danger"
+      [bitAction]="purgeVault"
+    >
      {{ "purgeVault" | i18n }}
    </button>
    <button type="button" bitButton buttonType="danger" [bitAction]="deleteAccount">
--- a/apps/web/src/app/auth/settings/account/account.component.ts
+++ b/apps/web/src/app/auth/settings/account/account.component.ts
@@ -1,8 +1,11 @@
 import { Component, OnInit, ViewChild, ViewContainerRef } from "@angular/core";
-import { lastValueFrom } from "rxjs";
+import { lastValueFrom, map, Observable, of, switchMap } from "rxjs";

 import { ModalService } from "@bitwarden/angular/services/modal.service";
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { DialogService } from "@bitwarden/components";

 import { PurgeVaultComponent } from "../../../vault/settings/purge-vault.component";
@@ -19,15 +22,32 @@ export class AccountComponent implements OnInit {
  deauthModalRef: ViewContainerRef;

  showChangeEmail = true;
+  showPurgeVault$: Observable<boolean>;

  constructor(
    private modalService: ModalService,
    private dialogService: DialogService,
    private userVerificationService: UserVerificationService,
+    private configService: ConfigService,
+    private organizationService: OrganizationService,
  ) {}

  async ngOnInit() {
    this.showChangeEmail = await this.userVerificationService.hasMasterPassword();
+    this.showPurgeVault$ = this.configService
+      .getFeatureFlag$(FeatureFlag.AccountDeprovisioning)
+      .pipe(
+        switchMap((isAccountDeprovisioningEnabled) =>
+          isAccountDeprovisioningEnabled
+            ? this.organizationService.organizations$.pipe(
+                map(
+                  (organizations) =>
+                    !organizations.some((o) => o.userIsManagedByOrganization === true),
+                ),
+              )
+            : of(true),
+        ),
+      );
  }

  async deauthorizeSessions() {