From 3a02b677a803e68947c4b96a8ec5f2c71f571d65 Mon Sep 17 00:00:00 2001
From: Rui Tome <rtome@bitwarden.com>
Date: Tue, 8 Oct 2024 18:45:24 +0100
Subject: [PATCH] Refactor AccountComponent to use OrganizationService to check
 for managing organization

---
 .../src/app/auth/settings/account/account.component.ts    | 8 ++++----
 .../src/admin-console/models/data/organization.data.ts    | 2 ++
 .../src/admin-console/models/domain/organization.ts       | 7 +++++++
 .../models/response/profile-organization.response.ts      | 2 ++
 4 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/apps/web/src/app/auth/settings/account/account.component.ts b/apps/web/src/app/auth/settings/account/account.component.ts
index 03150398e9d..c231a0fe022 100644
--- a/apps/web/src/app/auth/settings/account/account.component.ts
+++ b/apps/web/src/app/auth/settings/account/account.component.ts
@@ -2,7 +2,7 @@ import { Component, OnInit, ViewChild, ViewContainerRef } from "@angular/core";
 import { lastValueFrom, map, Observable, of, switchMap } from "rxjs";
 
 import { ModalService } from "@bitwarden/angular/services/modal.service";
-import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
@@ -28,8 +28,8 @@ export class AccountComponent implements OnInit {
     private modalService: ModalService,
     private dialogService: DialogService,
     private userVerificationService: UserVerificationService,
-    private accountService: AccountService,
     private configService: ConfigService,
+    private organizationService: OrganizationService,
   ) {}
 
   async ngOnInit() {
@@ -39,8 +39,8 @@ export class AccountComponent implements OnInit {
       .pipe(
         switchMap((isAccountDeprovisioningEnabled) =>
           isAccountDeprovisioningEnabled
-            ? this.accountService.activeAccount$.pipe(
-                map((account) => account?.managedByOrganizationId === null),
+            ? this.organizationService.organizations$.pipe(
+                map((organizations) => !organizations.some((o) => o.managesActiveUser === true)),
               )
             : of(true),
         ),
diff --git a/libs/common/src/admin-console/models/data/organization.data.ts b/libs/common/src/admin-console/models/data/organization.data.ts
index 77f7908caf5..2eec322b336 100644
--- a/libs/common/src/admin-console/models/data/organization.data.ts
+++ b/libs/common/src/admin-console/models/data/organization.data.ts
@@ -54,6 +54,7 @@ export class OrganizationData {
   accessSecretsManager: boolean;
   limitCollectionCreationDeletion: boolean;
   allowAdminAccessToAllCollectionItems: boolean;
+  managesActiveUser?: boolean | null;
 
   constructor(
     response?: ProfileOrganizationResponse,
@@ -112,6 +113,7 @@ export class OrganizationData {
     this.accessSecretsManager = response.accessSecretsManager;
     this.limitCollectionCreationDeletion = response.limitCollectionCreationDeletion;
     this.allowAdminAccessToAllCollectionItems = response.allowAdminAccessToAllCollectionItems;
+    this.managesActiveUser = response.managesActiveUser;
 
     this.isMember = options.isMember;
     this.isProviderUser = options.isProviderUser;
diff --git a/libs/common/src/admin-console/models/domain/organization.ts b/libs/common/src/admin-console/models/domain/organization.ts
index 8c28bcb4935..f8df58ea8e0 100644
--- a/libs/common/src/admin-console/models/domain/organization.ts
+++ b/libs/common/src/admin-console/models/domain/organization.ts
@@ -73,6 +73,12 @@ export class Organization {
    * Refers to the ability for an owner/admin to access all collection items, regardless of assigned collections
    */
   allowAdminAccessToAllCollectionItems: boolean;
+  /**
+   * Indicates if this organization manages the active user.
+   * A user is considered managed by an organization if their email domain
+   * matches one of the verified domains of that organization, and the user is a member of it.
+   */
+  managesActiveUser?: boolean | null;
 
   constructor(obj?: OrganizationData) {
     if (obj == null) {
@@ -127,6 +133,7 @@ export class Organization {
     this.accessSecretsManager = obj.accessSecretsManager;
     this.limitCollectionCreationDeletion = obj.limitCollectionCreationDeletion;
     this.allowAdminAccessToAllCollectionItems = obj.allowAdminAccessToAllCollectionItems;
+    this.managesActiveUser = obj.managesActiveUser;
   }
 
   get canAccess() {
diff --git a/libs/common/src/admin-console/models/response/profile-organization.response.ts b/libs/common/src/admin-console/models/response/profile-organization.response.ts
index 693a7db4eb3..9a1a00491b2 100644
--- a/libs/common/src/admin-console/models/response/profile-organization.response.ts
+++ b/libs/common/src/admin-console/models/response/profile-organization.response.ts
@@ -51,6 +51,7 @@ export class ProfileOrganizationResponse extends BaseResponse {
   accessSecretsManager: boolean;
   limitCollectionCreationDeletion: boolean;
   allowAdminAccessToAllCollectionItems: boolean;
+  managesActiveUser?: boolean | null;
 
   constructor(response: any) {
     super(response);
@@ -115,5 +116,6 @@ export class ProfileOrganizationResponse extends BaseResponse {
     this.allowAdminAccessToAllCollectionItems = this.getResponseProperty(
       "AllowAdminAccessToAllCollectionItems",
     );
+    this.managesActiveUser = this.getResponseProperty("ManagesActiveUser") ?? null;
   }
 }