bitwarden · r-tome · Oct 17, 2024 · Oct 4, 2024 · Oct 4, 2024 · Oct 7, 2024
@@ -12,7 +12,13 @@ <h1 bitTypography="h1">{{ "changeEmail" | i18n }}</h1>
     <button type="button" bitButton buttonType="danger" (click)="deauthorizeSessions()">
       {{ "deauthorizeSessions" | i18n }}
     </button>
-    <button type="button" bitButton buttonType="danger" [bitAction]="purgeVault">
+    <button
+      *ngIf="showPurgeVault$ | async"
+      type="button"
+      bitButton
+      buttonType="danger"
+      [bitAction]="purgeVault"
+    >
       {{ "purgeVault" | i18n }}
     </button>
     <button type="button" bitButton buttonType="danger" [bitAction]="deleteAccount">

@@ -1,8 +1,11 @@
 import { Component, OnInit, ViewChild, ViewContainerRef } from "@angular/core";
-import { lastValueFrom } from "rxjs";
+import { lastValueFrom, map, Observable, of, switchMap } from "rxjs";
 
 import { ModalService } from "@bitwarden/angular/services/modal.service";
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { DialogService } from "@bitwarden/components";
 
 import { PurgeVaultComponent } from "../../../vault/settings/purge-vault.component";
@@ -19,15 +22,32 @@
   deauthModalRef: ViewContainerRef;
 
   showChangeEmail = true;
+  showPurgeVault$: Observable<boolean>;
 
   constructor(
     private modalService: ModalService,
     private dialogService: DialogService,
     private userVerificationService: UserVerificationService,
+    private configService: ConfigService,
+    private organizationService: OrganizationService,
   ) {}
 
   async ngOnInit() {
     this.showChangeEmail = await this.userVerificationService.hasMasterPassword();
+    this.showPurgeVault$ = this.configService
+      .getFeatureFlag$(FeatureFlag.AccountDeprovisioning)
+      .pipe(
+        switchMap((isAccountDeprovisioningEnabled) =>
+          isAccountDeprovisioningEnabled
+            ? this.organizationService.organizations$.pipe(
+                map(
+                  (organizations) =>
+                    !organizations.some((o) => o.userIsManagedByOrganization === true),
+                ),
+              )
+            : of(true),
+        ),
+      );
   }
 
   async deauthorizeSessions() {

@@ -54,6 +54,7 @@ export class OrganizationData {
   accessSecretsManager: boolean;
   limitCollectionCreationDeletion: boolean;
   allowAdminAccessToAllCollectionItems: boolean;
+  userIsManagedByOrganization?: boolean | null;
 
   constructor(
     response?: ProfileOrganizationResponse,
@@ -112,6 +113,7 @@ export class OrganizationData {
     this.accessSecretsManager = response.accessSecretsManager;
     this.limitCollectionCreationDeletion = response.limitCollectionCreationDeletion;
     this.allowAdminAccessToAllCollectionItems = response.allowAdminAccessToAllCollectionItems;
+    this.userIsManagedByOrganization = response.userIsManagedByOrganization;
 
     this.isMember = options.isMember;
     this.isProviderUser = options.isProviderUser;

@@ -73,6 +73,12 @@ export class Organization {
    * Refers to the ability for an owner/admin to access all collection items, regardless of assigned collections
    */
   allowAdminAccessToAllCollectionItems: boolean;
+  /**
+   * Indicates if this organization manages the user.
+   * A user is considered managed by an organization if their email domain
+   * matches one of the verified domains of that organization, and the user is a member of it.
+   */
+  userIsManagedByOrganization?: boolean | null;
 
   constructor(obj?: OrganizationData) {
     if (obj == null) {
@@ -127,6 +133,7 @@ export class Organization {
     this.accessSecretsManager = obj.accessSecretsManager;
     this.limitCollectionCreationDeletion = obj.limitCollectionCreationDeletion;
     this.allowAdminAccessToAllCollectionItems = obj.allowAdminAccessToAllCollectionItems;
+    this.userIsManagedByOrganization = obj.userIsManagedByOrganization;
   }
 
   get canAccess() {

@@ -51,6 +51,7 @@ export class ProfileOrganizationResponse extends BaseResponse {
   accessSecretsManager: boolean;
   limitCollectionCreationDeletion: boolean;
   allowAdminAccessToAllCollectionItems: boolean;
+  userIsManagedByOrganization?: boolean | null;
 
   constructor(response: any) {
     super(response);
@@ -115,5 +116,6 @@ export class ProfileOrganizationResponse extends BaseResponse {
     this.allowAdminAccessToAllCollectionItems = this.getResponseProperty(
       "AllowAdminAccessToAllCollectionItems",
     );
+    this.userIsManagedByOrganization = this.getResponseProperty("UserIsManagedByOrganization");
   }
 }
diff --git a/libs/common/src/models/response/profile.response.ts b/libs/common/src/models/response/profile.response.ts
@@ -21,7 +21,6 @@ export class ProfileResponse extends BaseResponse {
   securityStamp: string;
   forcePasswordReset: boolean;
   usesKeyConnector: boolean;
-  managedByOrganizationId?: string | null;
   organizations: ProfileOrganizationResponse[] = [];
   providers: ProfileProviderResponse[] = [];
   providerOrganizations: ProfileProviderOrganizationResponse[] = [];
@@ -43,7 +42,6 @@ export class ProfileResponse extends BaseResponse {
     this.securityStamp = this.getResponseProperty("SecurityStamp");
     this.forcePasswordReset = this.getResponseProperty("ForcePasswordReset") ?? false;
     this.usesKeyConnector = this.getResponseProperty("UsesKeyConnector") ?? false;
-    this.managedByOrganizationId = this.getResponseProperty("ManagedByOrganizationId");
 
     const organizations = this.getResponseProperty("Organizations");
     if (organizations != null) {