[AC-2771] [AC-2772] Provider Restriction Fixes (#9635)

* [AC-2771] Do not make API request when restricted provider is not a member of the org

* [AC-2771] Fix console errors when switching organizations

* [AC-2772] Fix org vault for providers who are members
- Show vault filters
- Hide header search bar
- Show create new item button

apps/web/src/app/vault/components/vault-items/vault-collection-row.component.ts

@@ -69,9 +69,9 @@ export class VaultCollectionRowComponent {
     if (this.collection instanceof CollectionAdminView) {
       // Only show AddAccess if unmanaged and allowAdminAccessToAllCollectionItems is disabled
       return (
-        !this.organization.allowAdminAccessToAllCollectionItems &&
+        !this.organization?.allowAdminAccessToAllCollectionItems &&
         this.collection.unmanaged &&
-        this.organization.canEditUnmanagedCollections()
+        this.organization?.canEditUnmanagedCollections()
       );
     }
 

apps/web/src/app/vault/org-vault/vault-header/vault-header.component.html

@@ -93,7 +93,7 @@
   </ng-container>
 
   <bit-search
-    *ngIf="organization?.isProviderUser"
+    *ngIf="restrictProviderAccessFlag && organization?.isProviderUser && !organization?.isMember"
     class="tw-grow"
     [ngModel]="searchText"
     (ngModelChange)="onSearchTextChanged($event)"

apps/web/src/app/vault/org-vault/vault-header/vault-header.component.ts

@@ -68,7 +68,7 @@ export class VaultHeaderComponent implements OnInit {
   protected organizations$ = this.organizationService.organizations$;
 
   protected flexibleCollectionsV1Enabled = false;
-  private restrictProviderAccessFlag = false;
+  protected restrictProviderAccessFlag = false;
 
   constructor(
     private organizationService: OrganizationService,
@@ -220,7 +220,11 @@ export class VaultHeaderComponent implements OnInit {
   }
 
   get canCreateCipher(): boolean {
-    if (this.organization?.isProviderUser && this.restrictProviderAccessFlag) {
+    if (
+      this.organization?.isProviderUser &&
+      this.restrictProviderAccessFlag &&
+      !this.organization?.isMember
+    ) {
       return false;
     }
     return true;

apps/web/src/app/vault/org-vault/vault.component.ts

@@ -166,7 +166,11 @@ export class VaultComponent implements OnInit, OnDestroy {
   }
 
   protected get hideVaultFilters(): boolean {
-    return this.restrictProviderAccessEnabled && this.organization?.isProviderUser;
+    return (
+      this.restrictProviderAccessEnabled &&
+      this.organization?.isProviderUser &&
+      !this.organization?.isMember
+    );
   }
 
   private searchText$ = new Subject<string>();
@@ -352,6 +356,16 @@ export class VaultComponent implements OnInit, OnDestroy {
         }
         let ciphers;
 
+        // Restricted providers (who are not members) do not have access org cipher endpoint below
+        // Return early to avoid 404 response
+        if (
+          this.restrictProviderAccessEnabled &&
+          !organization.isMember &&
+          organization.isProviderUser
+        ) {
+          return [];
+        }
+
         if (this.flexibleCollectionsV1Enabled) {
           // Flexible collections V1 logic.
           // If the user can edit all ciphers for the organization then fetch them ALL.