[AC-1747] deprecate access control indicator (#6796)

---------

Co-authored-by: Thomas Rittson <[email protected]>

apps/web/src/app/admin-console/organizations/core/services/group/group.service.ts

@@ -2,7 +2,9 @@ import { Injectable } from "@angular/core";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { SelectionReadOnlyRequest } from "@bitwarden/common/admin-console/models/request/selection-read-only.request";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ListResponse } from "@bitwarden/common/models/response/list.response";
+import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
 
 import { CoreOrganizationModule } from "../../core-organization.module";
 import { GroupView } from "../../views/group.view";
@@ -15,7 +17,27 @@ import { GroupDetailsResponse, GroupResponse } from "./responses/group.response"
   providedIn: "root",
 })
 export class GroupService {
-  constructor(protected apiService: ApiService) {}
+  constructor(
+    protected apiService: ApiService,
+    protected configService: ConfigServiceAbstraction,
+  ) {}
+
+  /**
+   * TODO: This should be replaced with `GroupView.fromResponse` when `FeatureFlag.FlexibleCollections` is removed.
+   **/
+  protected async groupViewFromResponse(response: GroupResponse): Promise<GroupView> {
+    const view = GroupView.fromResponse(response);
+
+    const hasFlexibleCollections = await this.configService.getFeatureFlag(
+      FeatureFlag.FlexibleCollections,
+      false,
+    );
+    if (hasFlexibleCollections) {
+      view.accessAll = false;
+    }
+
+    return view;
+  }
 
   async get(orgId: string, groupId: string): Promise<GroupView> {
     const r = await this.apiService.send(
@@ -26,7 +48,7 @@ export class GroupService {
       true,
     );
 
-    return GroupView.fromResponse(new GroupDetailsResponse(r));
+    return this.groupViewFromResponse(new GroupDetailsResponse(r));
   }
 
   async getAll(orgId: string): Promise<GroupView[]> {
@@ -40,14 +62,17 @@ export class GroupService {
 
     const listResponse = new ListResponse(r, GroupDetailsResponse);
 
-    return listResponse.data?.map((gr) => GroupView.fromResponse(gr)) ?? [];
+    return Promise.all(listResponse.data?.map((gr) => this.groupViewFromResponse(gr))) ?? [];
   }
 }
 
 @Injectable({ providedIn: CoreOrganizationModule })
 export class InternalGroupService extends GroupService {
-  constructor(protected apiService: ApiService) {
-    super(apiService);
+  constructor(
+    protected apiService: ApiService,
+    protected configService: ConfigServiceAbstraction,
+  ) {
+    super(apiService, configService);
   }
 
   async delete(orgId: string, groupId: string): Promise<void> {
@@ -94,7 +119,7 @@ export class InternalGroupService extends GroupService {
       true,
       true,
     );
-    return GroupView.fromResponse(new GroupResponse(r));
+    return this.groupViewFromResponse(new GroupResponse(r));
   }
 
   private async putGroup(
@@ -109,6 +134,6 @@ export class InternalGroupService extends GroupService {
       true,
       true,
     );
-    return GroupView.fromResponse(new GroupResponse(r));
+    return this.groupViewFromResponse(new GroupResponse(r));
   }
 }

apps/web/src/app/admin-console/organizations/core/services/group/responses/group.response.ts

@@ -5,6 +5,10 @@ export class GroupResponse extends BaseResponse {
   id: string;
   organizationId: string;
   name: string;
+  /**
+   * @deprecated
+   * To be removed alongside `FeatureFlag.FlexibleCollections`.
+   **/
   accessAll: boolean;
   externalId: string;
 

apps/web/src/app/admin-console/organizations/core/services/user-admin.service.ts

@@ -6,13 +6,18 @@ import {
   OrganizationUserUpdateRequest,
 } from "@bitwarden/common/admin-console/abstractions/organization-user/requests";
 import { OrganizationUserDetailsResponse } from "@bitwarden/common/admin-console/abstractions/organization-user/responses";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
+import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
 
 import { CoreOrganizationModule } from "../core-organization.module";
 import { OrganizationUserAdminView } from "../views/organization-user-admin-view";
 
 @Injectable({ providedIn: CoreOrganizationModule })
 export class UserAdminService {
-  constructor(private organizationUserService: OrganizationUserService) {}
+  constructor(
+    private configService: ConfigServiceAbstraction,
+    private organizationUserService: OrganizationUserService,
+  ) {}
 
   async get(
     organizationId: string,
@@ -73,7 +78,12 @@ export class UserAdminService {
       view.type = u.type;
       view.status = u.status;
       view.externalId = u.externalId;
-      view.accessAll = u.accessAll;
+      view.accessAll = (await this.configService.getFeatureFlag(
+        FeatureFlag.FlexibleCollections,
+        false,
+      ))
+        ? false
+        : u.accessAll;
       view.permissions = u.permissions;
       view.resetPasswordEnrolled = u.resetPasswordEnrolled;
       view.collections = u.collections.map((c) => ({

apps/web/src/app/admin-console/organizations/core/views/group.view.ts

@@ -8,6 +8,11 @@ export class GroupView implements View {
   id: string;
   organizationId: string;
   name: string;
+  /**
+   * @deprecated
+   * To be removed alongside `FeatureFlag.FlexibleCollections`.
+   * This will always return `false` if Flexible Collections is enabled.
+   **/
   accessAll: boolean;
   externalId: string;
   collections: CollectionAccessSelectionView[] = [];

apps/web/src/app/admin-console/organizations/core/views/organization-user-admin-view.ts

@@ -13,6 +13,11 @@ export class OrganizationUserAdminView {
   type: OrganizationUserType;
   status: OrganizationUserStatusType;
   externalId: string;
+  /**
+   * @deprecated
+   * To be removed alongside `FeatureFlag.FlexibleCollections`.
+   * This will always return `false` if Flexible Collections is enabled.
+   **/
   accessAll: boolean;
   permissions: PermissionsApi;
   resetPasswordEnrolled: boolean;

apps/web/src/app/admin-console/organizations/core/views/organization-user.view.ts

@@ -12,6 +12,12 @@ export class OrganizationUserView {
   userId: string;
   type: OrganizationUserType;
   status: OrganizationUserStatusType;
+  /**
+   * @deprecated
+   * To be removed alongside `FeatureFlag.FlexibleCollections`.
+   *
+   * This will always return `false` if Flexible Collections is enabled.
+   **/
   accessAll: boolean;
   permissions: PermissionsApi;
   resetPasswordEnrolled: boolean;

apps/web/src/app/admin-console/organizations/manage/group-add-edit.component.html

@@ -46,7 +46,7 @@
 
         <bit-tab label="{{ 'collections' | i18n }}">
           <p>{{ "editGroupCollectionsDesc" | i18n }}</p>
-          <div class="tw-my-3">
+          <div *ngIf="!(flexibleCollectionsEnabled$ | async)" class="tw-my-3">
             <input type="checkbox" formControlName="accessAll" id="accessAll" />
             <label class="tw-mb-0 tw-text-lg" for="accessAll">{{
               "accessAllCollectionsDesc" | i18n

apps/web/src/app/admin-console/organizations/members/components/member-dialog/member-dialog.component.html

@@ -408,7 +408,7 @@ <h3 class="mt-4">
           <div *ngIf="organization.useGroups" class="tw-mb-6">
             {{ "userPermissionOverrideHelper" | i18n }}
           </div>
-          <div class="tw-mb-6">
+          <div *ngIf="!(flexibleCollectionsEnabled$ | async)" class="tw-mb-6">
             <bit-form-control>
               <input type="checkbox" bitCheckbox formControlName="accessAllCollections" />
               <bit-label>

apps/web/src/app/admin-console/organizations/members/people.component.ts

@@ -37,7 +37,9 @@ import {
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { OrganizationKeysRequest } from "@bitwarden/common/admin-console/models/request/organization-keys.request";
 import { ProductType } from "@bitwarden/common/enums";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ListResponse } from "@bitwarden/common/models/response/list.response";
+import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
@@ -124,6 +126,7 @@ export class PeopleComponent
     private router: Router,
     private groupService: GroupService,
     private collectionService: CollectionService,
+    private configService: ConfigServiceAbstraction,
   ) {
     super(
       apiService,
@@ -241,9 +244,18 @@ export class PeopleComponent
       collectionsPromise,
     ]);
 
+    const flexibleCollectionsEnabled = await this.configService.getFeatureFlag(
+      FeatureFlag.FlexibleCollections,
+      false,
+    );
+
     return usersResponse.data?.map<OrganizationUserView>((r) => {
       const userView = OrganizationUserView.fromResponse(r);
 
+      if (flexibleCollectionsEnabled) {
+        userView.accessAll = false;
+      }
+
       userView.groupNames = userView.groups
         .map((g) => groupNamesMap.get(g))
         .sort(this.i18nService.collator?.compare);

libs/common/src/admin-console/abstractions/organization-user/responses/organization-user.response.ts

@@ -10,6 +10,10 @@ export class OrganizationUserResponse extends BaseResponse {
   type: OrganizationUserType;
   status: OrganizationUserStatusType;
   externalId: string;
+  /**
+   * @deprecated
+   * To be removed alongside `FeatureFlag.FlexibleCollections`.
+   **/
   accessAll: boolean;
   accessSecretsManager: boolean;
   permissions: PermissionsApi;