diff --git a/apps/web/src/app/admin-console/organizations/settings/account.component.html b/apps/web/src/app/admin-console/organizations/settings/account.component.html index c2462acf9da..300d8003a13 100644 --- a/apps/web/src/app/admin-console/organizations/settings/account.component.html +++ b/apps/web/src/app/admin-console/organizations/settings/account.component.html @@ -53,12 +53,16 @@

{{ "apiKey" | i18n }}

{{ "collectionManagement" | i18n }}

{{ "collectionManagementDesc" | i18n }}

+ + {{ "allowAdminAccessToAllCollectionItemsDesc" | i18n }} + + {{ "limitCollectionCreationDeletionDesc" | i18n }} diff --git a/apps/web/src/app/admin-console/organizations/settings/account.component.ts b/apps/web/src/app/admin-console/organizations/settings/account.component.ts index 798895259ee..3bd76aa8128 100644 --- a/apps/web/src/app/admin-console/organizations/settings/account.component.ts +++ b/apps/web/src/app/admin-console/organizations/settings/account.component.ts @@ -1,7 +1,7 @@ import { Component, ViewChild, ViewContainerRef } from "@angular/core"; import { FormBuilder, Validators } from "@angular/forms"; import { ActivatedRoute, Router } from "@angular/router"; -import { combineLatest, lastValueFrom, Subject, switchMap, takeUntil, from, of } from "rxjs"; +import { combineLatest, from, lastValueFrom, of, Subject, switchMap, takeUntil } from "rxjs"; import { ModalService } from "@bitwarden/angular/services/modal.service"; import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction"; @@ -41,10 +41,14 @@ export class AccountComponent { canUseApi = false; org: OrganizationResponse; taxFormPromise: Promise; - showCollectionManagementSettings$ = this.configService.getFeatureFlag$( + flexibleCollectionsEnabled$ = this.configService.getFeatureFlag$( FeatureFlag.FlexibleCollections, false ); + flexibleCollectionsV1Enabled$ = this.configService.getFeatureFlag$( + FeatureFlag.FlexibleCollectionsV1, + false + ); // FormGroup validators taken from server Organization domain object protected formGroup = this.formBuilder.group({ @@ -67,6 +71,10 @@ export class AccountComponent { protected collectionManagementFormGroup = this.formBuilder.group({ limitCollectionCreationDeletion: this.formBuilder.control({ value: false, disabled: true }), + allowAdminAccessToAllCollectionItems: this.formBuilder.control({ + value: false, + disabled: true, + }), }); protected organizationId: string; @@ -115,6 +123,7 @@ export class AccountComponent { if (!this.selfHosted) { this.formGroup.get("orgName").enable(); this.collectionManagementFormGroup.get("limitCollectionCreationDeletion").enable(); + this.collectionManagementFormGroup.get("allowAdminAccessToAllCollectionItems").enable(); } if (!this.selfHosted || this.canEditSubscription) { @@ -136,6 +145,7 @@ export class AccountComponent { }); this.collectionManagementFormGroup.patchValue({ limitCollectionCreationDeletion: this.org.limitCollectionCreationDeletion, + allowAdminAccessToAllCollectionItems: this.org.allowAdminAccessToAllCollectionItems, }); this.loading = false; @@ -180,6 +190,8 @@ export class AccountComponent { const request = new OrganizationCollectionManagementUpdateRequest(); request.limitCreateDeleteOwnerAdmin = this.collectionManagementFormGroup.value.limitCollectionCreationDeletion; + request.allowAdminAccessToAllCollectionItems = + this.collectionManagementFormGroup.value.allowAdminAccessToAllCollectionItems; await this.organizationApiService.updateCollectionManagement(this.organizationId, request); diff --git a/apps/web/src/locales/en/messages.json b/apps/web/src/locales/en/messages.json index 604aedd38fa..5fd31e6cfa6 100644 --- a/apps/web/src/locales/en/messages.json +++ b/apps/web/src/locales/en/messages.json @@ -7322,6 +7322,9 @@ "limitCollectionCreationDeletionDesc": { "message": "Limit collection creation and deletion to owners and admins" }, + "allowAdminAccessToAllCollectionItemsDesc": { + "message": "Owners and admins can manage all collections and items" + }, "collectionManagementUpdated": { "message": "Collection management behavior saved" }, diff --git a/libs/common/src/admin-console/models/request/organization-collection-management-update.request.ts b/libs/common/src/admin-console/models/request/organization-collection-management-update.request.ts index 1c6ed27f19c..26275650b0c 100644 --- a/libs/common/src/admin-console/models/request/organization-collection-management-update.request.ts +++ b/libs/common/src/admin-console/models/request/organization-collection-management-update.request.ts @@ -1,3 +1,4 @@ export class OrganizationCollectionManagementUpdateRequest { limitCreateDeleteOwnerAdmin: boolean; + allowAdminAccessToAllCollectionItems: boolean; } diff --git a/libs/common/src/admin-console/models/response/organization.response.ts b/libs/common/src/admin-console/models/response/organization.response.ts index 74b29a79486..bdcaf79707b 100644 --- a/libs/common/src/admin-console/models/response/organization.response.ts +++ b/libs/common/src/admin-console/models/response/organization.response.ts @@ -33,6 +33,7 @@ export class OrganizationResponse extends BaseResponse { maxAutoscaleSmSeats?: number; maxAutoscaleSmServiceAccounts?: number; limitCollectionCreationDeletion: boolean; + allowAdminAccessToAllCollectionItems: boolean; constructor(response: any) { super(response); @@ -71,5 +72,8 @@ export class OrganizationResponse extends BaseResponse { this.limitCollectionCreationDeletion = this.getResponseProperty( "LimitCollectionCreationDeletion" ); + this.allowAdminAccessToAllCollectionItems = this.getResponseProperty( + "AllowAdminAccessToAllCollectionItems" + ); } } diff --git a/libs/common/src/admin-console/models/response/profile-organization.response.ts b/libs/common/src/admin-console/models/response/profile-organization.response.ts index a401662cd52..83187082e5a 100644 --- a/libs/common/src/admin-console/models/response/profile-organization.response.ts +++ b/libs/common/src/admin-console/models/response/profile-organization.response.ts @@ -49,6 +49,7 @@ export class ProfileOrganizationResponse extends BaseResponse { familySponsorshipToDelete?: boolean; accessSecretsManager: boolean; limitCollectionCreationDeletion: boolean; + allowAdminAccessToAllCollectionItems: boolean; constructor(response: any) { super(response); @@ -109,5 +110,8 @@ export class ProfileOrganizationResponse extends BaseResponse { this.limitCollectionCreationDeletion = this.getResponseProperty( "LimitCollectionCreationDeletion" ); + this.allowAdminAccessToAllCollectionItems = this.getResponseProperty( + "AllowAdminAccessToAllCollectionItems" + ); } } diff --git a/libs/common/src/enums/feature-flag.enum.ts b/libs/common/src/enums/feature-flag.enum.ts index d51b4561fd7..95dbf5d2db0 100644 --- a/libs/common/src/enums/feature-flag.enum.ts +++ b/libs/common/src/enums/feature-flag.enum.ts @@ -8,6 +8,7 @@ export enum FeatureFlag { BrowserFilelessImport = "browser-fileless-import", ItemShare = "item-share", FlexibleCollections = "flexible-collections", + FlexibleCollectionsV1 = "flexible-collections-v-1", // v-1 is intentional BulkCollectionAccess = "bulk-collection-access", }