[PM-11405] Account Management: Prevent a verified user from changing …

…their email address (#11486)

* Update AccountService to include a method for setting the managedByOrganizationId

* Update AccountComponent to conditionally show the purgeVault button based on a feature flag and if the user is managed by an organization

* Add missing method to FakeAccountService

* Remove the setAccountManagedByOrganizationId method from the AccountService abstract class.

* Refactor AccountComponent to use OrganizationService to check for managing organization

* Rename managesActiveUser to userIsManagedByOrganization

* Hide the change email section if the user is managed by an organization

* Refactor userIsManagedByOrganization property to be non-nullable in organization data and response models

* Refactor organization.data.spec.ts to include non-nullable userIsManagedByOrganization property

* Refactor account component initialization logic

* Remove opening modal that was added by mistake

apps/web/src/app/auth/settings/account/account.component.html

@@ -3,7 +3,7 @@
 <bit-container>
   <app-profile></app-profile>
 
-  <div *ngIf="showChangeEmail" class="tw-mt-16">
+  <div *ngIf="showChangeEmail$ | async" class="tw-mt-16">
     <h1 bitTypography="h1">{{ "changeEmail" | i18n }}</h1>
     <app-change-email></app-change-email>
   </div>

apps/web/src/app/auth/settings/account/account.component.ts

@@ -1,5 +1,5 @@
 import { Component, OnInit, ViewChild, ViewContainerRef } from "@angular/core";
-import { lastValueFrom, map, Observable, of, switchMap } from "rxjs";
+import { combineLatest, from, lastValueFrom, map, Observable } from "rxjs";
 
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
@@ -21,7 +21,7 @@ export class AccountComponent implements OnInit {
   @ViewChild("deauthorizeSessionsTemplate", { read: ViewContainerRef, static: true })
   deauthModalRef: ViewContainerRef;
 
-  showChangeEmail = true;
+  showChangeEmail$: Observable<boolean>;
   showPurgeVault$: Observable<boolean>;
 
   constructor(
@@ -33,21 +33,36 @@ export class AccountComponent implements OnInit {
   ) {}
 
   async ngOnInit() {
-    this.showChangeEmail = await this.userVerificationService.hasMasterPassword();
-    this.showPurgeVault$ = this.configService
-      .getFeatureFlag$(FeatureFlag.AccountDeprovisioning)
-      .pipe(
-        switchMap((isAccountDeprovisioningEnabled) =>
-          isAccountDeprovisioningEnabled
-            ? this.organizationService.organizations$.pipe(
-                map(
-                  (organizations) =>
-                    !organizations.some((o) => o.userIsManagedByOrganization === true),
-                ),
-              )
-            : of(true),
-        ),
-      );
+    const isAccountDeprovisioningEnabled$ = this.configService.getFeatureFlag$(
+      FeatureFlag.AccountDeprovisioning,
+    );
+
+    const userIsManagedByOrganization$ = this.organizationService.organizations$.pipe(
+      map((organizations) => organizations.some((o) => o.userIsManagedByOrganization === true)),
+    );
+
+    const hasMasterPassword$ = from(this.userVerificationService.hasMasterPassword());
+
+    this.showChangeEmail$ = combineLatest([
+      hasMasterPassword$,
+      isAccountDeprovisioningEnabled$,
+      userIsManagedByOrganization$,
+    ]).pipe(
+      map(
+        ([hasMasterPassword, isAccountDeprovisioningEnabled, userIsManagedByOrganization]) =>
+          hasMasterPassword && (!isAccountDeprovisioningEnabled || !userIsManagedByOrganization),
+      ),
+    );
+
+    this.showPurgeVault$ = combineLatest([
+      isAccountDeprovisioningEnabled$,
+      userIsManagedByOrganization$,
+    ]).pipe(
+      map(
+        ([isAccountDeprovisioningEnabled, userIsManagedByOrganization]) =>
+          !isAccountDeprovisioningEnabled || !userIsManagedByOrganization,
+      ),
+    );
   }
 
   async deauthorizeSessions() {