[PM-17154] Limit item deletion feature flag removal (#15094)

* Refactor components to remove limitItemDeletion feature flag usage This commit simplifies the logic in various components by removing the limitItemDeletion feature flag. The conditions for displaying restore and delete actions are now based solely on the cipher's permissions, enhancing code clarity and maintainability. * Refactor cipher deletion logic to remove the feature flag and collection ID dependency This commit updates the cipher deletion logic across multiple components and services by removing the unnecessary dependency on collection IDs. The `canDeleteCipher$` method now solely relies on the cipher's permissions, simplifying the code and improving maintainability. * Remove LimitItemDeletion feature flag from feature-flag enum and default values * Remove configService from ServiceContainer and MainBackground constructor parameters * Remove configService from RestoreCommand instantiation in OssServeConfigurator and VaultProgram classes
2025-12-12 22:33:35 +00:00 · 2025-06-10 09:57:34 +01:00
parent 159cca8cfa
commit b5bddd0b06
26 changed files with 55 additions and 339 deletions
--- a/apps/browser/src/background/main.background.ts
+++ b/apps/browser/src/background/main.background.ts
@@ -1325,7 +1325,6 @@ export default class MainBackground {
      this.collectionService,
      this.organizationService,
      this.accountService,
      this.configService,
    );
    this.inlineMenuFieldQualificationService = new InlineMenuFieldQualificationService();
--- a/apps/browser/src/vault/popup/components/vault-v2/view-v2/view-v2.component.html
+++ b/apps/browser/src/vault/popup/components/vault-v2/view-v2/view-v2.component.html
@@ -17,11 +17,7 @@
    </button>
    <button
-      *ngIf="
+      *ngIf="cipher.isDeleted && cipher.permissions.restore"
        (limitItemDeletion$ | async)
          ? cipher.isDeleted && cipher.permissions.restore
          : cipher.isDeleted && cipher.edit
      "
      buttonType="primary"
      type="button"
      bitButton
--- a/apps/browser/src/vault/popup/components/vault-v2/view-v2/view-v2.component.ts
+++ b/apps/browser/src/vault/popup/components/vault-v2/view-v2/view-v2.component.ts
@@ -5,7 +5,7 @@ import { Component } from "@angular/core";
 import { takeUntilDestroyed } from "@angular/core/rxjs-interop";
 import { FormsModule } from "@angular/forms";
 import { ActivatedRoute, Router } from "@angular/router";
-import { firstValueFrom, map, Observable, switchMap } from "rxjs";
+import { firstValueFrom, Observable, switchMap, of } from "rxjs";
 import { CollectionView } from "@bitwarden/admin-console/common";
 import { JslibModule } from "@bitwarden/angular/jslib.module";
@@ -22,8 +22,6 @@ import {
  UPDATE_PASSWORD,
 } from "@bitwarden/common/autofill/constants";
 import { EventType } from "@bitwarden/common/enums";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { UserId } from "@bitwarden/common/types/guid";
@@ -112,7 +110,6 @@ export class ViewV2Component {
  loadAction: LoadAction;
  senderTabId?: number;
  protected limitItemDeletion$ = this.configService.getFeatureFlag$(FeatureFlag.LimitItemDeletion);
  protected showFooter$: Observable<boolean>;
  constructor(
@@ -131,7 +128,6 @@ export class ViewV2Component {
    protected cipherAuthorizationService: CipherAuthorizationService,
    private copyCipherFieldService: CopyCipherFieldService,
    private popupScrollPositionService: VaultPopupScrollPositionService,
    private configService: ConfigService,
  ) {
    this.subscribeToParams();
  }
@@ -160,17 +156,10 @@ export class ViewV2Component {
          this.canDeleteCipher$ = this.cipherAuthorizationService.canDeleteCipher$(cipher);
-          this.showFooter$ = this.limitItemDeletion$.pipe(
+          this.showFooter$ = of(
-            map((enabled) => {
+            cipher &&
-              if (enabled) {
+              (!cipher.isDeleted ||
-                return (
+                (cipher.isDeleted && (cipher.permissions.restore || cipher.permissions.delete))),
                  cipher &&
                  (!cipher.isDeleted ||
                    (cipher.isDeleted && (cipher.permissions.restore || cipher.permissions.delete)))
                );
              }
              return this.showFooterLegacy();
            }),
          );
          await this.eventCollectionService.collect(
@@ -268,15 +257,6 @@ export class ViewV2Component {
      : this.cipherService.softDeleteWithServer(this.cipher.id, this.activeUserId);
  }
  //@TODO: remove this when the LimitItemDeletion feature flag is removed
  protected showFooterLegacy(): boolean {
    return (
      this.cipher &&
      (!this.cipher.isDeleted ||
        (this.cipher.isDeleted && this.cipher.edit && this.cipher.viewPassword))
    );
  }
  /**
   * Handles the load action for the view vault item popout. These actions are typically triggered
   * via the extension context menu. It is necessary to render the view for items that have password
--- a/apps/browser/src/vault/popup/settings/trash-list-items-container/trash-list-items-container.component.html
+++ b/apps/browser/src/vault/popup/settings/trash-list-items-container/trash-list-items-container.component.html
@@ -31,14 +31,7 @@
        ></i>
        <span slot="secondary">{{ cipher.subTitle }}</span>
      </button>
-      <ng-container
+      <ng-container slot="end" *ngIf="cipher.permissions.restore">
        slot="end"
        *ngIf="
          (limitItemDeletion$ | async)
            ? cipher.permissions.restore
            : cipher.edit && cipher.viewPassword
        "
      >
        <bit-item-action>
          <button
            type="button"
--- a/apps/browser/src/vault/popup/settings/trash-list-items-container/trash-list-items-container.component.ts
+++ b/apps/browser/src/vault/popup/settings/trash-list-items-container/trash-list-items-container.component.ts
@@ -8,8 +8,6 @@ import { firstValueFrom } from "rxjs";
 import { JslibModule } from "@bitwarden/angular/jslib.module";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { getUserId } from "@bitwarden/common/auth/services/account.service";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { CipherId } from "@bitwarden/common/types/guid";
@@ -70,11 +68,8 @@ export class TrashListItemsContainerComponent {
    private passwordRepromptService: PasswordRepromptService,
    private accountService: AccountService,
    private router: Router,
    private configService: ConfigService,
  ) {}
  protected limitItemDeletion$ = this.configService.getFeatureFlag$(FeatureFlag.LimitItemDeletion);
  /**
   * The tooltip text for the organization icon for ciphers that belong to an organization.
   */
--- a/apps/cli/src/commands/restore.command.ts
+++ b/apps/cli/src/commands/restore.command.ts
@@ -1,9 +1,7 @@
-import { combineLatest, firstValueFrom, map } from "rxjs";
+import { firstValueFrom } from "rxjs";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { getUserId } from "@bitwarden/common/auth/services/account.service";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { CipherAuthorizationService } from "@bitwarden/common/vault/services/cipher-authorization.service";
@@ -13,7 +11,6 @@ export class RestoreCommand {
  constructor(
    private cipherService: CipherService,
    private accountService: AccountService,
    private configService: ConfigService,
    private cipherAuthorizationService: CipherAuthorizationService,
  ) {}
@@ -42,17 +39,7 @@ export class RestoreCommand {
    }
    const canRestore = await firstValueFrom(
-      combineLatest([
+      this.cipherAuthorizationService.canRestoreCipher$(cipher),
        this.configService.getFeatureFlag$(FeatureFlag.LimitItemDeletion),
        this.cipherAuthorizationService.canRestoreCipher$(cipher),
      ]).pipe(
        map(([enabled, canRestore]) => {
          if (enabled && !canRestore) {
            return false;
          }
          return true;
        }),
      ),
    );
    if (!canRestore) {
--- a/apps/cli/src/oss-serve-configurator.ts
+++ b/apps/cli/src/oss-serve-configurator.ts
@@ -127,7 +127,6 @@ export class OssServeConfigurator {
    this.restoreCommand = new RestoreCommand(
      this.serviceContainer.cipherService,
      this.serviceContainer.accountService,
      this.serviceContainer.configService,
      this.serviceContainer.cipherAuthorizationService,
    );
    this.shareCommand = new ShareCommand(
--- a/apps/cli/src/service-container/service-container.ts
+++ b/apps/cli/src/service-container/service-container.ts
@@ -861,7 +861,6 @@ export class ServiceContainer {
      this.collectionService,
      this.organizationService,
      this.accountService,
      this.configService,
    );
    this.masterPasswordApiService = new MasterPasswordApiService(this.apiService, this.logService);
--- a/apps/cli/src/vault.program.ts
+++ b/apps/cli/src/vault.program.ts
@@ -350,7 +350,6 @@ export class VaultProgram extends BaseProgram {
        const command = new RestoreCommand(
          this.serviceContainer.cipherService,
          this.serviceContainer.accountService,
          this.serviceContainer.configService,
          this.serviceContainer.cipherAuthorizationService,
        );
        const response = await command.run(object, id);
--- a/apps/desktop/src/vault/app/vault/item-footer.component.ts
+++ b/apps/desktop/src/vault/app/vault/item-footer.component.ts
@@ -7,7 +7,7 @@ import { AccountService } from "@bitwarden/common/auth/abstractions/account.serv
 import { getUserId } from "@bitwarden/common/auth/services/account.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
-import { CollectionId, UserId } from "@bitwarden/common/types/guid";
+import { UserId } from "@bitwarden/common/types/guid";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { CipherRepromptType } from "@bitwarden/common/vault/enums";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
@@ -49,9 +49,7 @@ export class ItemFooterComponent implements OnInit {
  ) {}
  async ngOnInit() {
-    this.canDeleteCipher$ = this.cipherAuthorizationService.canDeleteCipher$(this.cipher, [
+    this.canDeleteCipher$ = this.cipherAuthorizationService.canDeleteCipher$(this.cipher);
      this.collectionId as CollectionId,
    ]);
    this.activeUserId = await firstValueFrom(this.accountService.activeAccount$.pipe(getUserId));
  }
--- a/apps/desktop/src/vault/app/vault/view.component.html
+++ b/apps/desktop/src/vault/app/vault/view.component.html
@@ -656,11 +656,7 @@
      class="primary"
      (click)="restore()"
      appA11yTitle="{{ 'restore' | i18n }}"
-      *ngIf="
+      *ngIf="(canRestoreCipher$ | async) && cipher.isDeleted"
        (limitItemDeletion$ | async)
          ? (canRestoreCipher$ | async) && cipher.isDeleted
          : cipher.isDeleted
      "
    >
      <i class="bwi bwi-undo bwi-fw bwi-lg" aria-hidden="true"></i>
    </button>
--- a/apps/desktop/src/vault/app/vault/view.component.ts
+++ b/apps/desktop/src/vault/app/vault/view.component.ts
@@ -19,7 +19,6 @@ import { EventCollectionService } from "@bitwarden/common/abstractions/event/eve
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { TokenService } from "@bitwarden/common/auth/abstractions/token.service";
 import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abstractions/account/billing-account-profile-state.service";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
 import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
@@ -108,8 +107,6 @@ export class ViewComponent extends BaseViewComponent implements OnInit, OnDestro
    );
  }
  protected limitItemDeletion$ = this.configService.getFeatureFlag$(FeatureFlag.LimitItemDeletion);
  ngOnInit() {
    super.ngOnInit();
--- a/apps/web/src/app/admin-console/organizations/settings/account.component.html
+++ b/apps/web/src/app/admin-console/organizations/settings/account.component.html
@@ -70,7 +70,7 @@
      <bit-label>{{ "limitCollectionDeletionDesc" | i18n }}</bit-label>
      <input type="checkbox" bitCheckbox formControlName="limitCollectionDeletion" />
    </bit-form-control>
-    <bit-form-control *ngIf="limitItemDeletionFeatureFlagIsEnabled">
+    <bit-form-control>
      <bit-label>{{ "limitItemDeletionDescription" | i18n }}</bit-label>
      <input type="checkbox" bitCheckbox formControlName="limitItemDeletion" />
    </bit-form-control>
--- a/apps/web/src/app/admin-console/organizations/settings/account.component.ts
+++ b/apps/web/src/app/admin-console/organizations/settings/account.component.ts
@@ -25,8 +25,6 @@ import { OrganizationUpdateRequest } from "@bitwarden/common/admin-console/model
 import { OrganizationResponse } from "@bitwarden/common/admin-console/models/response/organization.response";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { getUserId } from "@bitwarden/common/auth/services/account.service";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
@@ -51,8 +49,6 @@ export class AccountComponent implements OnInit, OnDestroy {
  org: OrganizationResponse;
  taxFormPromise: Promise<unknown>;
  limitItemDeletionFeatureFlagIsEnabled: boolean;
  // FormGroup validators taken from server Organization domain object
  protected formGroup = this.formBuilder.group({
    orgName: this.formBuilder.control(
@@ -95,17 +91,11 @@ export class AccountComponent implements OnInit, OnDestroy {
    private dialogService: DialogService,
    private formBuilder: FormBuilder,
    private toastService: ToastService,
    private configService: ConfigService,
  ) {}
  async ngOnInit() {
    this.selfHosted = this.platformUtilsService.isSelfHost();
    this.configService
      .getFeatureFlag$(FeatureFlag.LimitItemDeletion)
      .pipe(takeUntil(this.destroy$))
      .subscribe((isAble) => (this.limitItemDeletionFeatureFlagIsEnabled = isAble));
    const userId = await firstValueFrom(getUserId(this.accountService.activeAccount$));
    this.route.params
      .pipe(
--- a/apps/web/src/app/vault/components/vault-item-dialog/vault-item-dialog.component.ts
+++ b/apps/web/src/app/vault/components/vault-item-dialog/vault-item-dialog.component.ts
@@ -15,8 +15,6 @@ import { AccountService } from "@bitwarden/common/auth/abstractions/account.serv
 import { getUserId } from "@bitwarden/common/auth/services/account.service";
 import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abstractions";
 import { EventType } from "@bitwarden/common/enums";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
@@ -228,10 +226,7 @@ export class VaultItemDialogComponent implements OnInit, OnDestroy {
   * A user may restore items if they have delete permissions and the item is in the trash.
   */
  protected async canUserRestore() {
-    if (await firstValueFrom(this.limitItemDeletion$)) {
+    return this.isTrashFilter && this.cipher?.isDeleted && this.cipher?.permissions.restore;
      return this.isTrashFilter && this.cipher?.isDeleted && this.cipher?.permissions.restore;
    }
    return this.isTrashFilter && this.cipher?.isDeleted && this.canDelete;
  }
  protected showRestore: boolean;
@@ -277,8 +272,6 @@ export class VaultItemDialogComponent implements OnInit, OnDestroy {
  protected canDelete = false;
  protected limitItemDeletion$ = this.configService.getFeatureFlag$(FeatureFlag.LimitItemDeletion);
  constructor(
    @Inject(DIALOG_DATA) protected params: VaultItemDialogParams,
    private dialogRef: DialogRef<VaultItemDialogResult>,
@@ -296,7 +289,6 @@ export class VaultItemDialogComponent implements OnInit, OnDestroy {
    private apiService: ApiService,
    private eventCollectionService: EventCollectionService,
    private routedVaultFilterService: RoutedVaultFilterService,
    private configService: ConfigService,
  ) {
    this.updateTitle();
  }
@@ -323,7 +315,6 @@ export class VaultItemDialogComponent implements OnInit, OnDestroy {
      this.canDelete = await firstValueFrom(
        this.cipherAuthorizationService.canDeleteCipher$(
          this.cipher,
          [this.params.activeCollectionId],
          this.params.isAdminConsoleAction,
        ),
      );
--- a/apps/web/src/app/vault/components/vault-items/vault-cipher-row.component.html
+++ b/apps/web/src/app/vault/components/vault-items/vault-cipher-row.component.html
@@ -86,12 +86,7 @@
    appStopProp
  ></button>
  <bit-menu #corruptedCipherOptions>
-    <button
+    <button bitMenuItem *ngIf="canDeleteCipher" (click)="deleteCipher()" type="button">
      bitMenuItem
      *ngIf="(limitItemDeletion$ | async) ? canDeleteCipher : canManageCollection"
      (click)="deleteCipher()"
      type="button"
    >
      <span class="tw-text-danger">
        <i class="bwi bwi-fw bwi-trash" aria-hidden="true"></i>
        {{ (cipher.isDeleted ? "permanentlyDelete" : "delete") | i18n }}
@@ -160,17 +155,12 @@
      bitMenuItem
      (click)="restore()"
      type="button"
-      *ngIf="(limitItemDeletion$ | async) ? cipher.isDeleted && canRestoreCipher : cipher.isDeleted"
+      *ngIf="cipher.isDeleted && canRestoreCipher"
    >
      <i class="bwi bwi-fw bwi-undo" aria-hidden="true"></i>
      {{ "restore" | i18n }}
    </button>
-    <button
+    <button bitMenuItem *ngIf="canDeleteCipher" (click)="deleteCipher()" type="button">
      bitMenuItem
      *ngIf="(limitItemDeletion$ | async) ? canDeleteCipher : canManageCollection"
      (click)="deleteCipher()"
      type="button"
    >
      <span class="tw-text-danger">
        <i class="bwi bwi-fw bwi-trash" aria-hidden="true"></i>
        {{ (cipher.isDeleted ? "permanentlyDelete" : "delete") | i18n }}
--- a/apps/web/src/app/vault/components/vault-items/vault-cipher-row.component.ts
+++ b/apps/web/src/app/vault/components/vault-items/vault-cipher-row.component.ts
@@ -4,8 +4,6 @@ import { Component, EventEmitter, Input, OnInit, Output } from "@angular/core";
 import { CollectionView } from "@bitwarden/admin-console/common";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { CipherType } from "@bitwarden/common/vault/enums";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
@@ -53,7 +51,6 @@ export class VaultCipherRowComponent implements OnInit {
  @Input() checked: boolean;
  @Output() checkedToggled = new EventEmitter<void>();
  protected limitItemDeletion$ = this.configService.getFeatureFlag$(FeatureFlag.LimitItemDeletion);
  protected CipherType = CipherType;
  private permissionList = getPermissionList();
  private permissionPriority = [
@@ -65,10 +62,7 @@ export class VaultCipherRowComponent implements OnInit {
  ];
  protected organization?: Organization;
-  constructor(
+  constructor(private i18nService: I18nService) {}
    private i18nService: I18nService,
    private configService: ConfigService,
  ) {}
  /**
   * Lifecycle hook for component initialization.
--- a/apps/web/src/app/vault/components/vault-items/vault-items.component.html
+++ b/apps/web/src/app/vault/components/vault-items/vault-items.component.html
@@ -52,12 +52,11 @@
          {{ "permission" | i18n }}
        </th>
        <th bitCell class="tw-w-12 tw-text-right">
-          @let featureFlaggedDisable =
+          @let menuDisabled = disableMenu$ | async;
            (limitItemDeletion$ | async) ? (disableMenu$ | async) : disableMenu;
          <button
-            [disabled]="disabled || isEmpty || featureFlaggedDisable"
+            [disabled]="disabled || isEmpty || menuDisabled"
            [bitMenuTriggerFor]="headerMenu"
-            [attr.title]="featureFlaggedDisable ? ('missingPermissions' | i18n) : ''"
+            [attr.title]="menuDisabled ? ('missingPermissions' | i18n) : ''"
            bitIconButton="bwi-ellipsis-v"
            size="small"
            type="button"
@@ -89,9 +88,7 @@
              {{ "assignToCollections" | i18n }}
            </button>
            <button
-              *ngIf="
+              *ngIf="canRestoreSelected$ | async"
                (limitItemDeletion$ | async) ? (canRestoreSelected$ | async) : showBulkTrashOptions
              "
              type="button"
              bitMenuItem
              (click)="bulkRestore()"
@@ -100,7 +97,7 @@
              {{ "restoreSelected" | i18n }}
            </button>
            <button
-              *ngIf="(limitItemDeletion$ | async) ? (canDeleteSelected$ | async) : showDelete"
+              *ngIf="canDeleteSelected$ | async"
              type="button"
              bitMenuItem
              (click)="bulkDelete()"
@@ -161,11 +158,7 @@
          [canAssignCollections]="canAssignCollections(item.cipher)"
          [canManageCollection]="canManageCollection(item.cipher)"
          [canDeleteCipher]="
-            cipherAuthorizationService.canDeleteCipher$(
+            cipherAuthorizationService.canDeleteCipher$(item.cipher, showAdminActions) | async
              item.cipher,
              [item.cipher.collectionId],
              showAdminActions
            ) | async
          "
          [canRestoreCipher]="
            cipherAuthorizationService.canRestoreCipher$(item.cipher, showAdminActions) | async
--- a/apps/web/src/app/vault/components/vault-items/vault-items.component.ts
+++ b/apps/web/src/app/vault/components/vault-items/vault-items.component.ts
@@ -6,8 +6,6 @@ import { Observable, combineLatest, map, of, startWith, switchMap } from "rxjs";
 import { CollectionView, Unassigned, CollectionAdminView } from "@bitwarden/admin-console/common";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
 import { CipherAuthorizationService } from "@bitwarden/common/vault/services/cipher-authorization.service";
 import { SortDirection, TableDataSource } from "@bitwarden/components";
@@ -78,7 +76,6 @@ export class VaultItemsComponent {
  @Output() onEvent = new EventEmitter<VaultItemEvent>();
  protected limitItemDeletion$ = this.configService.getFeatureFlag$(FeatureFlag.LimitItemDeletion);
  protected editableItems: VaultItem[] = [];
  protected dataSource = new TableDataSource<VaultItem>();
  protected selection = new SelectionModel<VaultItem>(true, [], true);
@@ -86,10 +83,7 @@ export class VaultItemsComponent {
  protected canRestoreSelected$: Observable<boolean>;
  protected disableMenu$: Observable<boolean>;
-  constructor(
+  constructor(protected cipherAuthorizationService: CipherAuthorizationService) {
    protected cipherAuthorizationService: CipherAuthorizationService,
    private configService: ConfigService,
  ) {
    this.canDeleteSelected$ = this.selection.changed.pipe(
      startWith(null),
      switchMap(() => {
@@ -102,7 +96,7 @@ export class VaultItemsComponent {
        }
        const canDeleteCiphers$ = ciphers.map((c) =>
-          cipherAuthorizationService.canDeleteCipher$(c, [], this.showAdminActions),
+          cipherAuthorizationService.canDeleteCipher$(c, this.showAdminActions),
        );
        const canDeleteCollections = this.selection.selected
@@ -141,17 +135,14 @@ export class VaultItemsComponent {
      map((canRestore) => canRestore && this.showBulkTrashOptions),
    );
-    this.disableMenu$ = combineLatest([this.limitItemDeletion$, this.canDeleteSelected$]).pipe(
+    this.disableMenu$ = this.canDeleteSelected$.pipe(
-      map(([enabled, canDelete]) => {
+      map((canDelete) => {
-        if (enabled) {
+        return (
-          return (
+          !this.bulkMoveAllowed &&
-            !this.bulkMoveAllowed &&
+          !this.showAssignToCollections() &&
-            !this.showAssignToCollections() &&
+          !canDelete &&
-            !canDelete &&
+          !this.showBulkEditCollectionAccess
-            !this.showBulkEditCollectionAccess
+        );
          );
        }
        return false;
      }),
    );
  }
@@ -205,15 +196,6 @@ export class VaultItemsComponent {
    return false;
  }
  get disableMenu() {
    return (
      !this.bulkMoveAllowed &&
      !this.showAssignToCollections() &&
      !this.showDelete &&
      !this.showBulkEditCollectionAccess
    );
  }
  get bulkAssignToCollectionsAllowed() {
    return this.showBulkAddToCollections && this.ciphers.length > 0;
  }
--- a/apps/web/src/app/vault/individual-vault/view.component.ts
+++ b/apps/web/src/app/vault/individual-vault/view.component.ts
@@ -123,9 +123,7 @@ export class ViewComponent implements OnInit {
      );
    }
-    this.canDeleteCipher$ = this.cipherAuthorizationService.canDeleteCipher$(this.cipher, [
+    this.canDeleteCipher$ = this.cipherAuthorizationService.canDeleteCipher$(this.cipher);
      this.params.activeCollectionId,
    ]);
  }
  /**
--- a/libs/angular/src/services/jslib-services.module.ts
+++ b/libs/angular/src/services/jslib-services.module.ts
@@ -1462,12 +1462,7 @@ const safeProviders: SafeProvider[] = [
  safeProvider({
    provide: CipherAuthorizationService,
    useClass: DefaultCipherAuthorizationService,
-    deps: [
+    deps: [CollectionService, OrganizationServiceAbstraction, AccountServiceAbstraction],
      CollectionService,
      OrganizationServiceAbstraction,
      AccountServiceAbstraction,
      ConfigService,
    ],
  }),
  safeProvider({
    provide: AuthRequestApiService,
--- a/libs/angular/src/vault/components/add-edit.component.ts
+++ b/libs/angular/src/vault/components/add-edit.component.ts
@@ -25,7 +25,7 @@ import { MessagingService } from "@bitwarden/common/platform/abstractions/messag
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { SdkService } from "@bitwarden/common/platform/abstractions/sdk/sdk.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
-import { CollectionId, UserId } from "@bitwarden/common/types/guid";
+import { UserId } from "@bitwarden/common/types/guid";
 import {
  CipherService,
  EncryptionContext,
@@ -348,7 +348,6 @@ export class AddEditComponent implements OnInit, OnDestroy {
    this.canDeleteCipher$ = this.cipherAuthorizationService.canDeleteCipher$(
      this.cipher,
      [this.collectionId as CollectionId],
      this.isAdminConsoleAction,
    );
--- a/libs/angular/src/vault/components/view.component.ts
+++ b/libs/angular/src/vault/components/view.component.ts
@@ -40,7 +40,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
-import { CipherId, CollectionId, UserId } from "@bitwarden/common/types/guid";
+import { CipherId, UserId } from "@bitwarden/common/types/guid";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
 import { TotpService } from "@bitwarden/common/vault/abstractions/totp.service";
@@ -521,9 +521,7 @@ export class ViewComponent implements OnDestroy, OnInit {
    );
    this.showPremiumRequiredTotp =
      this.cipher.login.totp && !this.canAccessPremium && !this.cipher.organizationUseTotp;
-    this.canDeleteCipher$ = this.cipherAuthorizationService.canDeleteCipher$(this.cipher, [
+    this.canDeleteCipher$ = this.cipherAuthorizationService.canDeleteCipher$(this.cipher);
      this.collectionId as CollectionId,
    ]);
    this.canRestoreCipher$ = this.cipherAuthorizationService.canRestoreCipher$(this.cipher);
    if (this.cipher.folderId) {
--- a/libs/common/src/enums/feature-flag.enum.ts
+++ b/libs/common/src/enums/feature-flag.enum.ts
@@ -11,7 +11,6 @@ import { ServerConfig } from "../platform/abstractions/config/server-config";
 // eslint-disable-next-line @bitwarden/platform/no-enums
 export enum FeatureFlag {
  /* Admin Console Team */
  LimitItemDeletion = "pm-15493-restrict-item-deletion-to-can-manage-permission",
  SeparateCustomRolePermissions = "pm-19917-separate-custom-role-permissions",
  OptimizeNestedTraverseTypescript = "pm-21695-optimize-nested-traverse-typescript",
@@ -75,7 +74,6 @@ const FALSE = false as boolean;
 */
 export const DefaultFeatureFlagValue = {
  /* Admin Console Team */
  [FeatureFlag.LimitItemDeletion]: FALSE,
  [FeatureFlag.SeparateCustomRolePermissions]: FALSE,
  [FeatureFlag.OptimizeNestedTraverseTypescript]: FALSE,
--- a/libs/common/src/vault/services/cipher-authorization.service.spec.ts
+++ b/libs/common/src/vault/services/cipher-authorization.service.spec.ts
@@ -7,10 +7,9 @@ import { CollectionService, CollectionView } from "@bitwarden/admin-console/comm
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
-import { CollectionId, UserId } from "@bitwarden/common/types/guid";
+import { UserId } from "@bitwarden/common/types/guid";
 import { FakeAccountService, mockAccountServiceWith } from "../../../spec";
 import { ConfigService } from "../../platform/abstractions/config/config.service";
 import { CipherPermissionsApi } from "../models/api/cipher-permissions.api";
 import { CipherView } from "../models/view/cipher.view";
@@ -24,7 +23,6 @@ describe("CipherAuthorizationService", () => {
  const mockCollectionService = mock<CollectionService>();
  const mockOrganizationService = mock<OrganizationService>();
  const mockConfigService = mock<ConfigService>();
  const mockUserId = Utils.newGuid() as UserId;
  let mockAccountService: FakeAccountService;
@@ -70,10 +68,7 @@ describe("CipherAuthorizationService", () => {
      mockCollectionService,
      mockOrganizationService,
      mockAccountService,
      mockConfigService,
    );
    mockConfigService.getFeatureFlag$.mockReturnValue(of(false));
  });
  describe("canRestoreCipher$", () => {
@@ -90,7 +85,7 @@ describe("CipherAuthorizationService", () => {
      });
    });
-    it("should return true if isAdminConsleAction and user can edit all ciphers in the org", (done) => {
+    it("should return true if isAdminConsoleAction and user can edit all ciphers in the org", (done) => {
      const cipher = createMockCipher("org1", ["col1"]) as CipherView;
      const organization = createMockOrganization({ canEditAllCiphers: true });
      mockOrganizationService.organizations$.mockReturnValue(
@@ -145,15 +140,6 @@ describe("CipherAuthorizationService", () => {
  });
  describe("canDeleteCipher$", () => {
    it("should return true if cipher has no organizationId", (done) => {
      const cipher = createMockCipher(null, []) as CipherView;
      cipherAuthorizationService.canDeleteCipher$(cipher).subscribe((result) => {
        expect(result).toBe(true);
        done();
      });
    });
    it("should return true if isAdminConsoleAction is true and cipher is unassigned", (done) => {
      const cipher = createMockCipher("org1", []) as CipherView;
      const organization = createMockOrganization({ canEditUnassignedCiphers: true });
@@ -161,7 +147,7 @@ describe("CipherAuthorizationService", () => {
        of([organization]) as Observable<Organization[]>,
      );
-      cipherAuthorizationService.canDeleteCipher$(cipher, [], true).subscribe((result) => {
+      cipherAuthorizationService.canDeleteCipher$(cipher, true).subscribe((result) => {
        expect(result).toBe(true);
        done();
      });
@@ -174,7 +160,7 @@ describe("CipherAuthorizationService", () => {
        of([organization]) as Observable<Organization[]>,
      );
-      cipherAuthorizationService.canDeleteCipher$(cipher, [], true).subscribe((result) => {
+      cipherAuthorizationService.canDeleteCipher$(cipher, true).subscribe((result) => {
        expect(result).toBe(true);
        expect(mockOrganizationService.organizations$).toHaveBeenCalledWith(mockUserId);
        done();
@@ -186,136 +172,32 @@ describe("CipherAuthorizationService", () => {
      const organization = createMockOrganization({ canEditUnassignedCiphers: false });
      mockOrganizationService.organizations$.mockReturnValue(of([organization] as Organization[]));
-      cipherAuthorizationService.canDeleteCipher$(cipher, [], true).subscribe((result) => {
+      cipherAuthorizationService.canDeleteCipher$(cipher, true).subscribe((result) => {
        expect(result).toBe(false);
        done();
      });
    });
-    it("should return true if activeCollectionId is provided and has manage permission", (done) => {
+    it("should return true when cipher.permissions.delete is true", (done) => {
      const cipher = createMockCipher("org1", ["col1", "col2"]) as CipherView;
      const activeCollectionId = "col1" as CollectionId;
      const organization = createMockOrganization();
      mockOrganizationService.organizations$.mockReturnValue(of([organization] as Organization[]));
      const allCollections = [
        createMockCollection("col1", true),
        createMockCollection("col2", false),
      ];
      mockCollectionService.decryptedCollectionViews$.mockReturnValue(
        of(allCollections as CollectionView[]),
      );
      cipherAuthorizationService
        .canDeleteCipher$(cipher, [activeCollectionId])
        .subscribe((result) => {
          expect(result).toBe(true);
          expect(mockCollectionService.decryptedCollectionViews$).toHaveBeenCalledWith([
            "col1",
            "col2",
          ] as CollectionId[]);
          done();
        });
    });
    it("should return false if activeCollectionId is provided and manage permission is not present", (done) => {
      const cipher = createMockCipher("org1", ["col1", "col2"]) as CipherView;
      const activeCollectionId = "col1" as CollectionId;
      const organization = createMockOrganization();
      mockOrganizationService.organizations$.mockReturnValue(of([organization] as Organization[]));
      const allCollections = [
        createMockCollection("col1", false),
        createMockCollection("col2", true),
      ];
      mockCollectionService.decryptedCollectionViews$.mockReturnValue(
        of(allCollections as CollectionView[]),
      );
      cipherAuthorizationService
        .canDeleteCipher$(cipher, [activeCollectionId])
        .subscribe((result) => {
          expect(result).toBe(false);
          expect(mockCollectionService.decryptedCollectionViews$).toHaveBeenCalledWith([
            "col1",
            "col2",
          ] as CollectionId[]);
          done();
        });
    });
    it("should return true if any collection has manage permission", (done) => {
      const cipher = createMockCipher("org1", ["col1", "col2", "col3"]) as CipherView;
      const organization = createMockOrganization();
      mockOrganizationService.organizations$.mockReturnValue(of([organization] as Organization[]));
      const allCollections = [
        createMockCollection("col1", false),
        createMockCollection("col2", true),
        createMockCollection("col3", false),
      ];
      mockCollectionService.decryptedCollectionViews$.mockReturnValue(
        of(allCollections as CollectionView[]),
      );
      cipherAuthorizationService.canDeleteCipher$(cipher).subscribe((result) => {
        expect(result).toBe(true);
        expect(mockCollectionService.decryptedCollectionViews$).toHaveBeenCalledWith([
          "col1",
          "col2",
          "col3",
        ] as CollectionId[]);
        done();
      });
    });
    it("should return false if no collection has manage permission", (done) => {
      const cipher = createMockCipher("org1", ["col1", "col2"]) as CipherView;
      const organization = createMockOrganization();
      mockOrganizationService.organizations$.mockReturnValue(of([organization] as Organization[]));
      const allCollections = [
        createMockCollection("col1", false),
        createMockCollection("col2", false),
      ];
      mockCollectionService.decryptedCollectionViews$.mockReturnValue(
        of(allCollections as CollectionView[]),
      );
      cipherAuthorizationService.canDeleteCipher$(cipher).subscribe((result) => {
        expect(result).toBe(false);
        expect(mockCollectionService.decryptedCollectionViews$).toHaveBeenCalledWith([
          "col1",
          "col2",
        ] as CollectionId[]);
        done();
      });
    });
    it("should return true if feature flag enabled and cipher.permissions.delete is true", (done) => {
      const cipher = createMockCipher("org1", [], true, {
        delete: true,
      } as CipherPermissionsApi) as CipherView;
      const organization = createMockOrganization();
      mockOrganizationService.organizations$.mockReturnValue(of([organization] as Organization[]));
      mockConfigService.getFeatureFlag$.mockReturnValue(of(true));
-      cipherAuthorizationService.canDeleteCipher$(cipher, [], false).subscribe((result) => {
+      cipherAuthorizationService.canDeleteCipher$(cipher, false).subscribe((result) => {
        expect(result).toBe(true);
        expect(mockCollectionService.decryptedCollectionViews$).not.toHaveBeenCalled();
        done();
      });
    });
-    it("should return false if feature flag enabled and cipher.permissions.delete is false", (done) => {
+    it("should return false when cipher.permissions.delete is false", (done) => {
      const cipher = createMockCipher("org1", []) as CipherView;
      const organization = createMockOrganization();
      mockOrganizationService.organizations$.mockReturnValue(of([organization] as Organization[]));
      mockConfigService.getFeatureFlag$.mockReturnValue(of(true));
-      cipherAuthorizationService.canDeleteCipher$(cipher, [], false).subscribe((result) => {
+      cipherAuthorizationService.canDeleteCipher$(cipher, false).subscribe((result) => {
        expect(result).toBe(false);
        expect(mockCollectionService.decryptedCollectionViews$).not.toHaveBeenCalled();
        done();
      });
    });
--- a/libs/common/src/vault/services/cipher-authorization.service.ts
+++ b/libs/common/src/vault/services/cipher-authorization.service.ts
@@ -1,15 +1,13 @@
-import { combineLatest, map, Observable, of, shareReplay, switchMap } from "rxjs";
+import { map, Observable, of, shareReplay, switchMap } from "rxjs";
 // This import has been flagged as unallowed for this class. It may be involved in a circular dependency loop.
 // eslint-disable-next-line no-restricted-imports
 import { CollectionService } from "@bitwarden/admin-console/common";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CollectionId } from "@bitwarden/common/types/guid";
 import { getUserId } from "../../auth/services/account.service";
 import { FeatureFlag } from "../../enums/feature-flag.enum";
 import { Cipher } from "../models/domain/cipher";
 import { CipherView } from "../models/view/cipher.view";
@@ -26,14 +24,12 @@ export abstract class CipherAuthorizationService {
   * Determines if the user can delete the specified cipher.
   *
   * @param {CipherLike} cipher - The cipher object to evaluate for deletion permissions.
   * @param {CollectionId[]} [allowedCollections] - Optional. The selected collection id from the vault filter.
   * @param {boolean} isAdminConsoleAction - Optional. A flag indicating if the action is being performed from the admin console.
   *
   * @returns {Observable<boolean>} - An observable that emits a boolean value indicating if the user can delete the cipher.
   */
  abstract canDeleteCipher$: (
    cipher: CipherLike,
    allowedCollections?: CollectionId[],
    isAdminConsoleAction?: boolean,
  ) => Observable<boolean>;
@@ -72,7 +68,6 @@ export class DefaultCipherAuthorizationService implements CipherAuthorizationSer
    private collectionService: CollectionService,
    private organizationService: OrganizationService,
    private accountService: AccountService,
    private configService: ConfigService,
  ) {}
  private organization$ = (cipher: CipherLike) =>
@@ -86,48 +81,21 @@ export class DefaultCipherAuthorizationService implements CipherAuthorizationSer
   *
   * {@link CipherAuthorizationService.canDeleteCipher$}
   */
-  canDeleteCipher$(
+  canDeleteCipher$(cipher: CipherLike, isAdminConsoleAction?: boolean): Observable<boolean> {
-    cipher: CipherLike,
+    return this.organization$(cipher).pipe(
-    allowedCollections?: CollectionId[],
+      map((organization) => {
    isAdminConsoleAction?: boolean,
  ): Observable<boolean> {
    return combineLatest([
      this.organization$(cipher),
      this.configService.getFeatureFlag$(FeatureFlag.LimitItemDeletion),
    ]).pipe(
      switchMap(([organization, featureFlagEnabled]) => {
        if (isAdminConsoleAction) {
          // If the user is an admin, they can delete an unassigned cipher
          if (!cipher.collectionIds || cipher.collectionIds.length === 0) {
-            return of(organization?.canEditUnassignedCiphers === true);
+            return organization?.canEditUnassignedCiphers === true;
          }
          if (organization?.canEditAllCiphers) {
-            return of(true);
+            return true;
          }
        }
-        if (featureFlagEnabled) {
+        return cipher.permissions.delete;
          return of(cipher.permissions.delete);
        }
        if (cipher.organizationId == null) {
          return of(true);
        }
        return this.collectionService
          .decryptedCollectionViews$(cipher.collectionIds as CollectionId[])
          .pipe(
            map((allCollections) => {
              const shouldFilter = allowedCollections?.some(Boolean);
              const collections = shouldFilter
                ? allCollections.filter((c) => allowedCollections?.includes(c.id as CollectionId))
                : allCollections;
              return collections.some((collection) => collection.manage);
            }),
          );
      }),
    );
  }