From cbf48decec39c84b8b0a8dd30f898386cae361df Mon Sep 17 00:00:00 2001
From: Shane Melton <smelton@bitwarden.com>
Date: Fri, 5 Apr 2024 08:23:50 -0700
Subject: [PATCH] [PM-7292] Fix viewing/editing unassigned ciphers for admins
 (#8627)

* [PM-7292] Introduce canEditUnassignedCiphers helper

* [PM-7292] Use new canEditUnassignedCiphers helper

* [PM-7292] Remove duplicate canUseAdminCollections helper
---
 apps/web/src/app/vault/org-vault/vault.component.ts  | 12 +++++-------
 .../src/vault/components/add-edit.component.ts       |  2 +-
 .../src/admin-console/models/domain/organization.ts  |  5 +++--
 3 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/apps/web/src/app/vault/org-vault/vault.component.ts b/apps/web/src/app/vault/org-vault/vault.component.ts
index e4860f2dbc..d7cc70c583 100644
--- a/apps/web/src/app/vault/org-vault/vault.component.ts
+++ b/apps/web/src/app/vault/org-vault/vault.component.ts
@@ -213,7 +213,7 @@ export class VaultComponent implements OnInit, OnDestroy {
       switchMap(async ([organization]) => {
         this.organization = organization;
 
-        if (!organization.canUseAdminCollections(this.flexibleCollectionsV1Enabled)) {
+        if (!organization.canEditAnyCollection(this.flexibleCollectionsV1Enabled)) {
           await this.syncService.fullSync(false);
         }
 
@@ -407,8 +407,7 @@ export class VaultComponent implements OnInit, OnDestroy {
     ]).pipe(
       map(([filter, collection, organization]) => {
         return (
-          (filter.collectionId === Unassigned &&
-            !organization.canUseAdminCollections(this.flexibleCollectionsV1Enabled)) ||
+          (filter.collectionId === Unassigned && !organization.canEditUnassignedCiphers()) ||
           (!organization.canEditAllCiphers(this.flexibleCollectionsV1Enabled) &&
             collection != undefined &&
             !collection.node.assigned)
@@ -454,12 +453,11 @@ export class VaultComponent implements OnInit, OnDestroy {
       map(([filter, collection, organization]) => {
         return (
           // Filtering by unassigned, show message if not admin
-          (filter.collectionId === Unassigned &&
-            !organization.canUseAdminCollections(this.flexibleCollectionsV1Enabled)) ||
+          (filter.collectionId === Unassigned && !organization.canEditUnassignedCiphers()) ||
           // Filtering by a collection, so show message if user is not assigned
           (collection != undefined &&
             !collection.node.assigned &&
-            !organization.canUseAdminCollections(this.flexibleCollectionsV1Enabled))
+            !organization.canEditAnyCollection(this.flexibleCollectionsV1Enabled))
         );
       }),
       shareReplay({ refCount: true, bufferSize: 1 }),
@@ -482,7 +480,7 @@ export class VaultComponent implements OnInit, OnDestroy {
               (await firstValueFrom(allCipherMap$))[cipherId] != undefined;
           } else {
             canEditCipher =
-              organization.canUseAdminCollections(this.flexibleCollectionsV1Enabled) ||
+              organization.canEditAnyCollection(this.flexibleCollectionsV1Enabled) ||
               (await this.cipherService.get(cipherId)) != null;
           }
 
diff --git a/libs/angular/src/vault/components/add-edit.component.ts b/libs/angular/src/vault/components/add-edit.component.ts
index 36182ed9cf..6a0cfde350 100644
--- a/libs/angular/src/vault/components/add-edit.component.ts
+++ b/libs/angular/src/vault/components/add-edit.component.ts
@@ -662,7 +662,7 @@ export class AddEditComponent implements OnInit, OnDestroy {
 
     // if a cipher is unassigned we want to check if they are an admin or have permission to edit any collection
     if (!cipher.collectionIds) {
-      orgAdmin = this.organization?.canEditAllCiphers(this.flexibleCollectionsV1Enabled);
+      orgAdmin = this.organization?.canEditUnassignedCiphers();
     }
 
     return this.cipher.id == null
diff --git a/libs/common/src/admin-console/models/domain/organization.ts b/libs/common/src/admin-console/models/domain/organization.ts
index 5850f4582e..bdf0b8fbbf 100644
--- a/libs/common/src/admin-console/models/domain/organization.ts
+++ b/libs/common/src/admin-console/models/domain/organization.ts
@@ -203,8 +203,9 @@ export class Organization {
     );
   }
 
-  canUseAdminCollections(flexibleCollectionsV1Enabled: boolean) {
-    return this.canEditAnyCollection(flexibleCollectionsV1Enabled);
+  canEditUnassignedCiphers() {
+    // TODO: Update this to exclude Providers if provider access is restricted in AC-1707
+    return this.isAdmin || this.permissions.editAnyCollection;
   }
 
   canEditAllCiphers(flexibleCollectionsV1Enabled: boolean) {