From c2b5d45165ed1224460e1fae5808df8c924d7523 Mon Sep 17 00:00:00 2001
From: Rui Tome <rtome@bitwarden.com>
Date: Tue, 17 Oct 2023 15:35:41 +0100
Subject: [PATCH] [AC-1139] Disabled the ability to set the custom permissions
 'Delete/Edit Assigned Collections' if flexible collections feature flag is
 enabled

---
 .../Implementations/OrganizationService.cs    | 35 +++++++++++++++----
 1 file changed, 28 insertions(+), 7 deletions(-)

diff --git a/src/Core/Services/Implementations/OrganizationService.cs b/src/Core/Services/Implementations/OrganizationService.cs
index 99df056f8a..aa50403261 100644
--- a/src/Core/Services/Implementations/OrganizationService.cs
+++ b/src/Core/Services/Implementations/OrganizationService.cs
@@ -54,6 +54,9 @@ public class OrganizationService : IOrganizationService
     private readonly IProviderUserRepository _providerUserRepository;
     private readonly ICountNewSmSeatsRequiredQuery _countNewSmSeatsRequiredQuery;
     private readonly IUpdateSecretsManagerSubscriptionCommand _updateSecretsManagerSubscriptionCommand;
+    private readonly IFeatureService _featureService;
+
+    private bool FlexibleCollectionsIsEnabled => _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext);
 
     public OrganizationService(
         IOrganizationRepository organizationRepository,
@@ -82,7 +85,8 @@ public class OrganizationService : IOrganizationService
         IProviderOrganizationRepository providerOrganizationRepository,
         IProviderUserRepository providerUserRepository,
         ICountNewSmSeatsRequiredQuery countNewSmSeatsRequiredQuery,
-        IUpdateSecretsManagerSubscriptionCommand updateSecretsManagerSubscriptionCommand)
+        IUpdateSecretsManagerSubscriptionCommand updateSecretsManagerSubscriptionCommand,
+        IFeatureService featureService)
     {
         _organizationRepository = organizationRepository;
         _organizationUserRepository = organizationUserRepository;
@@ -111,6 +115,7 @@ public class OrganizationService : IOrganizationService
         _providerUserRepository = providerUserRepository;
         _countNewSmSeatsRequiredQuery = countNewSmSeatsRequiredQuery;
         _updateSecretsManagerSubscriptionCommand = updateSecretsManagerSubscriptionCommand;
+        _featureService = featureService;
     }
 
     public async Task ReplacePaymentMethodAsync(Guid organizationId, string paymentToken,
@@ -2061,7 +2066,7 @@ public class OrganizationService : IOrganizationService
             throw new BadRequestException("Custom users can not manage Admins or Owners.");
         }
 
-        if (newType == OrganizationUserType.Custom && !await ValidateCustomPermissionsGrant(organizationId, permissions))
+        if (newType == OrganizationUserType.Custom && !await ValidateCustomPermissionsGrantAsync(organizationId, permissions))
         {
             throw new BadRequestException("Custom users can only grant the same custom permissions that they have.");
         }
@@ -2086,7 +2091,7 @@ public class OrganizationService : IOrganizationService
         }
     }
 
-    private async Task<bool> ValidateCustomPermissionsGrant(Guid organizationId, Permissions permissions)
+    private async Task<bool> ValidateCustomPermissionsGrantAsync(Guid organizationId, Permissions permissions)
     {
         if (permissions == null || await _currentContext.OrganizationAdmin(organizationId))
         {
@@ -2133,9 +2138,17 @@ public class OrganizationService : IOrganizationService
             return false;
         }
 
-        if (permissions.DeleteAssignedCollections && !await _currentContext.DeleteAssignedCollections(organizationId))
+        if (permissions.DeleteAssignedCollections)
         {
-            return false;
+            if (FlexibleCollectionsIsEnabled)
+            {
+                throw new FeatureUnavailableException("Flexible Collections is ON when it should be OFF.");
+            }
+
+            if (!await _currentContext.DeleteAssignedCollections(organizationId))
+            {
+                return false;
+            }
         }
 
         if (permissions.EditAnyCollection && !await _currentContext.EditAnyCollection(organizationId))
@@ -2143,9 +2156,17 @@ public class OrganizationService : IOrganizationService
             return false;
         }
 
-        if (permissions.EditAssignedCollections && !await _currentContext.EditAssignedCollections(organizationId))
+        if (permissions.EditAssignedCollections)
         {
-            return false;
+            if (FlexibleCollectionsIsEnabled)
+            {
+                throw new FeatureUnavailableException("Flexible Collections is ON when it should be OFF.");
+            }
+
+            if (!await _currentContext.EditAssignedCollections(organizationId))
+            {
+                return false;
+            }
         }
 
         if (permissions.ManageResetPassword && !await _currentContext.ManageResetPassword(organizationId))