[PM-21451] [Vault] [CLI] Changes to Enforce "Remove card item type policy" (#15187)

* Created new service to get restricted types for the CLI * Created service for cli to get restricted types * Utilized restriction service in commands * Renamed function * Refactored service and made it simpler to check when a cipher type is restricted or not * Moved service to common so it can be utilized on the cli * Refactored service to use restricted type service * Removed userId passing from commands * Exclude restrict types from export * Added missing dependency * Added missing dependency * Added missing dependency * Added service utils commit from desktop PR * refactored to use reusable function * updated reference * updated reference * Fixed merge conflicts * Refactired services to use isCipherRestricted * Refactored restricted item types service * Updated services to use the reafctored item types service
2025-12-23 03:33:54 +00:00 · 2025-06-23 12:04:56 -04:00
parent 2e8c0de719
commit e291e2df0a
24 changed files with 444 additions and 113 deletions
--- a/apps/cli/src/vault/delete.command.ts
+++ b/apps/cli/src/vault/delete.command.ts
@@ -13,6 +13,8 @@ import { CipherAuthorizationService } from "@bitwarden/common/vault/services/cip
 import { Response } from "../models/response";
 import { CliUtils } from "../utils";

+import { CliRestrictedItemTypesService } from "./services/cli-restricted-item-types.service";
+
 export class DeleteCommand {
  constructor(
    private cipherService: CipherService,
@@ -22,6 +24,7 @@ export class DeleteCommand {
    private accountProfileService: BillingAccountProfileStateService,
    private cipherAuthorizationService: CipherAuthorizationService,
    private accountService: AccountService,
+    private cliRestrictedItemTypesService: CliRestrictedItemTypesService,
  ) {}

  async run(object: string, id: string, cmdOptions: Record<string, any>): Promise<Response> {
@@ -60,6 +63,12 @@ export class DeleteCommand {
      return Response.error("You do not have permission to delete this item.");
    }

+    const isCipherTypeRestricted =
+      await this.cliRestrictedItemTypesService.isCipherRestricted(cipher);
+    if (isCipherTypeRestricted) {
+      return Response.error("Deleting this item type is restricted by organizational policy.");
+    }
+
    try {
      if (options.permanent) {
        await this.cipherService.deleteWithServer(id, activeUserId);