[AC-1374] Limit collection creation/deletion to Owner/Admin (#3145)

* feat: update org table with new column, write migration, refs AC-1374

* feat: update views with new column, refs AC-1374

* feat: Alter sprocs (org create/update) to include new column, refs AC-1374

* feat: update entity/data/request/response models to handle new column, refs AC-1374

* feat: update necessary Provider related views during migration, refs AC-1374

* fix: update org create to default new column to false, refs AC-1374

* feat: added new API/request model for collection management and removed property from update request model, refs AC-1374

* fix: renamed migration script to be after secrets manage beta column changes, refs AC-1374

* fix: dotnet format, refs AC-1374

* feat: add ef migrations to reflect mssql changes, refs AC-1374

* fix: dotnet format, refs AC-1374

* feat: update API signature to accept Guid and explain Cd verbiage, refs AC-1374

src/Api/Controllers/OrganizationsController.cs

@@ -789,4 +789,17 @@ public class OrganizationsController : Controller
             }
         }
     }
+
+    [HttpPut("{id}/collection-management")]
+    public async Task<OrganizationResponseModel> PutCollectionManagement(Guid id, [FromBody] OrganizationCollectionManagementUpdateRequestModel model)
+    {
+        var organization = await _organizationRepository.GetByIdAsync(id);
+        if (organization == null)
+        {
+            throw new NotFoundException();
+        }
+
+        await _organizationService.UpdateAsync(model.ToOrganization(organization));
+        return new OrganizationResponseModel(organization);
+    }
 }

src/Api/Models/Request/Organizations/OrganizationCollectionManagementUpdateRequestModel.cs

@@ -0,0 +1,14 @@
+using Bit.Core.Entities;
+
+namespace Bit.Api.Models.Request.Organizations;
+
+public class OrganizationCollectionManagementUpdateRequestModel
+{
+    public bool LimitCreateDeleteOwnerAdmin { get; set; }
+
+    public virtual Organization ToOrganization(Organization existingOrganization)
+    {
+        existingOrganization.LimitCollectionCdOwnerAdmin = LimitCreateDeleteOwnerAdmin;
+        return existingOrganization;
+    }
+}

src/Api/Models/Response/Organizations/OrganizationResponseModel.cs

@@ -58,6 +58,7 @@ public class OrganizationResponseModel : ResponseModel
         SmServiceAccounts = organization.SmServiceAccounts;
         MaxAutoscaleSmSeats = organization.MaxAutoscaleSmSeats;
         MaxAutoscaleSmServiceAccounts = organization.MaxAutoscaleSmServiceAccounts;
+        LimitCollectionCdOwnerAdmin = organization.LimitCollectionCdOwnerAdmin;
     }
 
     public Guid Id { get; set; }
@@ -97,6 +98,7 @@ public class OrganizationResponseModel : ResponseModel
     public int? SmServiceAccounts { get; set; }
     public int? MaxAutoscaleSmSeats { get; set; }
     public int? MaxAutoscaleSmServiceAccounts { get; set; }
+    public bool LimitCollectionCdOwnerAdmin { get; set; }
 }
 
 public class OrganizationSubscriptionResponseModel : OrganizationResponseModel

src/Api/Models/Response/ProfileOrganizationResponseModel.cs

@@ -60,6 +60,7 @@ public class ProfileOrganizationResponseModel : ResponseModel
         FamilySponsorshipToDelete = organization.FamilySponsorshipToDelete;
         FamilySponsorshipValidUntil = organization.FamilySponsorshipValidUntil;
         AccessSecretsManager = organization.AccessSecretsManager;
+        LimitCollectionCdOwnerAdmin = organization.LimitCollectionCdOwnerAdmin;
 
         if (organization.SsoConfig != null)
         {
@@ -113,4 +114,5 @@ public class ProfileOrganizationResponseModel : ResponseModel
     public DateTime? FamilySponsorshipValidUntil { get; set; }
     public bool? FamilySponsorshipToDelete { get; set; }
     public bool AccessSecretsManager { get; set; }
+    public bool LimitCollectionCdOwnerAdmin { get; set; }
 }