* Add ssoEnabled and ssoMemberDecryptionType properties to ProfileOrganizationResponse
* Add SSO support to Organization model with ssoEnabled and ssoMemberDecryptionType properties, and implement related tests
* Upsert organization SSO settings in memory after save
Updates organization data in memory with new SSO configuration values
to ensure immediate UI updates for Device Approvals page visibility.
* Refactor SSO component to simplify upsertOrganizationWithSsoChanges method
- Updated the method signature to accept a single OrganizationSsoRequest object instead of separate parameters.
- Adjusted the internal logic to directly use properties from the OrganizationSsoRequest for updating the organization state.
* Specify OrganizationData type for updatedOrganization in SSO component
* Added nav item for f4e in org admin console
* shotgun surgery for adding "useAdminSponsoredFamilies" feature from the org table
* Resolved issue with members nav item also being selected when f4e is selected
* Separated out billing's logic from the org layout component
* Removed unused observable
* Moved logic to existing f4e policy service and added unit tests
* Resolved script typescript error
* Resolved goofy switchMap
---------
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
* Add setupBusinessUnit to OrganizationBillingApiService
* Add setup-business-unit.component
* Updated designs and cleanup work
* Update existing logos for Provider Portal and Admin Console
* Fix broken test
* use organization properties for access permissions
* clean up refactor
* simplify logic
* refactor canAccessIntegrationEditor to have all the permission checks
* Use typescript-strict-plugin to iteratively turn on strict
* Add strict testing to pipeline
Can be executed locally through either `npm run test:types` for full type checking including spec files, or `npx tsc-strict` for only tsconfig.json included files.
* turn on strict for scripts directory
* Use plugin for all tsconfigs in monorepo
vscode is capable of executing tsc with plugins, but uses the most relevant tsconfig to do so. If the plugin is not a part of that config, it is skipped and developers get no feedback of strict compile time issues. These updates remedy that at the cost of slightly more complex removal of the plugin when the time comes.
* remove plugin from configs that extend one that already has it
* Update workspace settings to honor strict plugin
* Apply strict-plugin to native message test runner
* Update vscode workspace to use root tsc version
* `./node_modules/.bin/update-strict-comments` 🤖
This is a one-time operation. All future files should adhere to strict type checking.
* Add fixme to `ts-strict-ignore` comments
* `update-strict-comments` 🤖
repeated for new merge files
* Update AccountService to include a method for setting the managedByOrganizationId
* Update AccountComponent to conditionally show the purgeVault button based on a feature flag and if the user is managed by an organization
* Add missing method to FakeAccountService
* Remove the setAccountManagedByOrganizationId method from the AccountService abstract class.
* Refactor AccountComponent to use OrganizationService to check for managing organization
* Rename managesActiveUser to userIsManagedByOrganization
* Refactor userIsManagedByOrganization property to be non-nullable in organization data and response models
* Refactor organization.data.spec.ts to include non-nullable userIsManagedByOrganization property
* [AC-2763] Do not restrict providers if they are also a member of the organization
* [AC-2763] Reduce branching complexity
* [AC-2763] Remove explicit restrict provider access checks in Vault
We can safely fall back organization helpers for cipher access as it already accounts for provider users who are members.
* Send current Org user Id on collection creation through CLI
* Run npm prettier
* Add organization services to CreateCommand creation on ServeCommand
* Refactor organization data models to include organizationUserId property
* Refactor create command to utilize the OrganizationUserId on the Organization object
* Add users to collection request in edit command
* fix: organization.data test update to correct deserialization, refs AC-2286
---------
Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com>
* [AC-2603] Add unmanaged property to CollectionAdminView and response models
* [AC-2603] Cleanup CollectionViews
- Remove getters that have been replaced with Unmanaged property
- Remove AddAccess that is also being replaced
- Add canEditUnmanagedCollections() helper to organization
* [AC-2603] Replace old AddAccess logic with Unmanaged flag
* [AC-2603] Fix failing test
* [AC-2603] Ensure Add Access badge/toggle only shows when V1 flag is enabled
* [AC-2603] Undo change to canEditUserAccess and canEditGroupAccess
Custom users should not get access to an unmanaged collection with only Manage Groups and Manage User permissions. That is still reserved for admin/owners and EditAnyCollection custom users.
* [AC-1707] Add feature flag
* [AC-1707] Prevent loading ciphers for provider users in the org vault when the feature flag is enabled
* [AC-1707] Ensure new canEditAllCiphers logic only applies to organizations that have FC enabled
* [AC-1707] Update editAllCiphers helper to check for restrictProviderAccess feature flag
* [AC-1707] Remove un-used vaultFilterComponent reference
* [AC-1707] Hide vault filter for providers
* [AC-1707] Add search to vault header for provider users
* [AC-1707] Hide New Item button for Providers when restrict provider access feature flag is enabled
* [AC-1707] Remove leftover debug statement
* [AC-1707] Update canEditAllCiphers references to consider the restrictProviderAccessFlag
* [AC-1707] Fix collections component changes from main
* [AC-1707] Fix some feature flag issues from merge with main
* [AC-1707] Avoid 'readonly' collection dialog for providers
* [AC-1707] Fix broken Browser component
* [AC-1707] Fix broken Desktop component
* [AC-1707] Add restrict provider flag to add access badge logic
* [AC-2195] Update canEditAnyCipher permission to make an exception for Custom users with editAnyCollection permission
* [AC-2195] Update V1 FC flag check to include check for an organization's FC status
* [AC-2195] Remove redundant collection management setting check that was hiding the restricted access message for custom users with deleteAnyCollection
* [AC-2195] Ensure users with canEditAnyCollections can edit all collections
* [AC-1124] Add getManyFromApiForOrganization to cipher.service.ts
* [AC-1124] Use getManyFromApiForOrganization when a user does not have access to all ciphers
* [AC-1124] Vault changes
- Show new collection access restricted view
- Include unassigned ciphers for restricted admins
- Restrict collections when creating/cloning/editing ciphers
* [AC-1124] Update edit cipher on page navigation to check if user can access the cipher
* [AC-1124] Hide ciphers from restricted collections
* [AC-1124] Ensure providers are not shown collection access restricted view
* [AC-1124] Modify add-edit component to call the correct endpoint when a restricted admin attempts to add-edit a cipher
* [AC-1124] Fix bug after merge with main
* [AC-1124] Use private this._organization
* [AC-1124] Fix broken builds
* Remove unused feature flag
* Replace feature flag ref with org flag
* Remove deprecated feature flag to discourage use
* Add check to org.canCreateNewCollections
* Adjust init logic of components to avoid race conditions
* Make canCreateNewCollections logic more explicit
* Resolve merge conflicts with vault changes
* Update comments
* Remove uses of old feature flag
* Remove last of old feature flag
* Clean up feature flag
* Fix linting
* Fix linting
* [AC-1139] Add new layout for MemberDialogComponent when FC feature flag is enabled
* [AC-1139] Deprecated Organization canEditAssignedCollections, canDeleteAssignedCollections, canViewAssignedCollections
* [AC-1139] Checking if FC feature flag is enabled when using canDeleteAssignedCollections or canViewAssignedCollections
* [AC-1139] Added missing parameter to customRedirect
* [AC-1139] Fixed canEdit permission
* [AC-1139] Fixed CanDelete logic
* [AC-1139] Changed canAccessVaultTab function to receive configService
* Override deprecated values on sync
* [AC-1139] Reverted change that introduced ConfigService as a parameter to canAccessVaultTab
* [AC-1139] Fixed circular dependency
* [AC-1139] Moved overriding of deprecated values to syncService
* Revert "[AC-1139] Fixed circular dependency"
This reverts commit 6484420976.
* Revert "Override deprecated values on sync"
This reverts commit f0c25a6996.
* [AC-1139] Added back the deprecation of methods canEditAssignedCollections, canDeleteAssignedCollections, canViewAssignedCollections
* [AC-1139] Reverted change on syncService
* [AC-1139] Override deprecated values on sync
* [AC-1139] Fix canDelete logic in
collection-dialog.component.ts and
bulk-delete-dialog.component.ts
* [AC-1139] Moved override logic from syncService to organizationService
* [AC-1139] Add ability to have titlecase titles on nested-checkbox.component checkboxes; use on member-dialog.component
* Revert "[AC-1139] Add ability to have titlecase titles on nested-checkbox.component checkboxes; use on member-dialog.component"
This reverts commit 9ede0fc5ac.
* [AC-1139] Fix bulk delete functionality
* [AC-1139] Refactor canEdit and canDelete to use ternary operator
* [AC-1139] Fix canDelete condition in VaultComponent
---------
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Assign ownership to many of the remaining libs/common files.
Criteria for ownership:
* Files used by a single team, is now owned by that team.
* Files related to a domain owned by a team is now owned by that team.
* Where ownership is unclear the "lowest level" service takes ownership.
* [AC-1612] Disabled access to the Organization Vault tab if the user only has access to assigned collections
* [AC-1612] Fixed issue that prevented Manager users to access the Organizations tab
* [AC-431] Add new organization invite process (#4841)
* [AC-431] Added properties 'key' and 'keys' to OrganizationUserAcceptRequest
* [AC-431] On organization accept added check for 'initOrganization' flag and send encrypt keys if true
* [AC-431] Reverted changes on AcceptOrganizationComponent and OrganizationUserAcceptRequest
* [AC-431] Created OrganizationUserAcceptInitRequest
* [AC-431] Added method postOrganizationUserAcceptInit to OrganizationUserService
* [AC-431] Created AcceptInitOrganizationComponent and added routing config. Added 'inviteInitAcceptedDesc' to messages
* [AC-431] Remove blank line
* [AC-431] Remove requirement for logging in again
* [AC-431] Removed accept-init-organization.component.html
* Update libs/common/src/abstractions/organization-user/organization-user.service.ts
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* [AC-431] Sending collection name when initializing an org
* [AC-431] Deleted component accept-init-organization and incorporated logic into accept-organization
* Update libs/common/src/abstractions/organization-user/organization-user.service.ts
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* [AC-431] Returning promise chains
* [AC-431] Moved ReAuth check to org accept only
* [AC-431] Fixed import issues
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* [AC-434] Hide billing screen for reseller clients (#4955)
* [AC-434] Retrieving ProviderType for each Org
* [AC-434] Hide subscription details if user cannot manage billing
* [AC-434] Renamed providerType to provider-type
* [AC-434] Reverted change that showed Billing History and Payment Methods tabs
* [AC-434] Hiding Secrets Manager enroll
* [AC-434] Renamed Billing access variables to be more readable
* Apply suggestions from code review
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* [AC-434] Reduce duplication in permission code
* [AC-434] npm prettier
* [AC-434] Changed selfhost subscription permission
* [AC-434] Added canEditSubscription check for change plan buttons
* [AC-434] Removed message displaying provider name in subscription
* [AC-434] canEditSubscription logic depends on canViewSubscription
* [AC-434] Hiding next charge value for users without billing edit permission
* [AC-434] Changed canViewSubscription and canEditSubscription to be clearer
* [AC-434] Altered BillingSubscriptionItemResponse.amount and BillingSubscriptionUpcomingInvoiceResponse.amount to nullable
* [AC-434] Reverted change on BillingSubscriptionItemResponse.amount
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* Updated IsPaidOrgGuard reference from org.CanManageBilling to canEditSubscription
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* Prevent rerouting to dispaly modal message, and refactored components where thsi was used
* Added upgrade badge to organization reports view
* created guard to prevent free organization users from accessing reports
* Added isUpgradeRequired getter to organization class
* Modifiewd reports home to pass upgrade badge and add new guard to organization reports module
* Fixed routing bug when routing to billing subscription page
* Refactored to use async pipe and observables
* Renamed getter name to be more descriptive
* Removed checkAccess from reports
* Renamed guard
* Removed unused variables
* Lint fix
* Lint fix
* prettier fix
* Corrected organiztion service reference
* Moved homepage to ngonInit
* [PM-1629] Update the upgrade dialog for users without billing rights (#5102)
* Show dialog with description when user does not have access to the billing page
* switched conditions to nested if to make the logic clearer
