1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-22 16:57:36 +01:00

[AC-2521] Remove FlexibleCollectionsSignUp feature flag (#4109)

* Remove FlexibleCollectionsSignUp feature flag

* Always set Organization.FlexibleCollections to true

* Remove explicit assignment of LimitCollectionCreationDeletion so it defaults to false
This commit is contained in:
Thomas Rittson 2024-05-23 09:15:12 +10:00 committed by GitHub
parent 4264fc0729
commit b2693913bf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 33 additions and 80 deletions

View File

@ -305,9 +305,8 @@ public class ProvidersController : Controller
return RedirectToAction("Index");
}
var flexibleCollectionsSignupEnabled = _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsSignup);
var flexibleCollectionsV1Enabled = _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1);
var organization = model.CreateOrganization(provider, flexibleCollectionsSignupEnabled, flexibleCollectionsV1Enabled);
var organization = model.CreateOrganization(provider, flexibleCollectionsV1Enabled);
await _organizationService.CreatePendingOrganization(organization, model.Owners, User, _userService, model.SalesAssistedTrialStarted);
await _providerService.AddOrganization(providerId, organization.Id, null);

View File

@ -162,19 +162,18 @@ public class OrganizationEditModel : OrganizationViewModel
{ "baseServiceAccount", p.SecretsManager.BaseServiceAccount }
});
public Organization CreateOrganization(Provider provider, bool flexibleCollectionsSignupEnabled, bool flexibleCollectionsV1Enabled)
public Organization CreateOrganization(Provider provider, bool flexibleCollectionsV1Enabled)
{
BillingEmail = provider.BillingEmail;
var newOrg = new Organization
{
// This feature flag indicates that new organizations should be automatically onboarded to
// Flexible Collections enhancements
FlexibleCollections = flexibleCollectionsSignupEnabled,
// These collection management settings smooth the migration for existing organizations by disabling some FC behavior.
// If the organization is onboarded to Flexible Collections on signup, we turn them OFF to enable all new behaviour.
// If the organization is NOT onboarded now, they will have to be migrated later, so they default to ON to limit FC changes on migration.
LimitCollectionCreationDeletion = !flexibleCollectionsSignupEnabled,
// Flexible Collections MVP is fully released and all organizations must always have this setting enabled.
// AC-1714 will remove this flag after all old code has been removed.
FlexibleCollections = true,
// This is a transitional setting that defaults to ON until Flexible Collections v1 is released
// (to preserve existing behavior) and defaults to OFF after release (enabling new behavior)
AllowAdminAccessToAllCollectionItems = !flexibleCollectionsV1Enabled
};
return ToOrganization(newOrg);

View File

@ -86,20 +86,20 @@ public class Organization : ITableObject<Guid>, IStorableSubscriber, IRevisable,
public int? MaxAutoscaleSmSeats { get; set; }
public int? MaxAutoscaleSmServiceAccounts { get; set; }
/// <summary>
/// Refers to the ability for an organization to limit collection creation and deletion to owners and admins only
/// If set to true, only owners, admins, and some custom users can create and delete collections.
/// If set to false, any organization member can create a collection, and any member can delete a collection that
/// they have Can Manage permissions for.
/// </summary>
public bool LimitCollectionCreationDeletion { get; set; }
/// <summary>
/// Refers to the ability for an organization to limit owner/admin access to all collection items
/// <remarks>
/// True: Owner/admins can access all items belonging to any collections
/// False: Owner/admins can only access items for collections they are assigned
/// </remarks>
/// If set to true, admins, owners, and some custom users can read/write all collections and items in the Admin Console.
/// If set to false, users generally need collection-level permissions to read/write a collection or its items.
/// </summary>
public bool AllowAdminAccessToAllCollectionItems { get; set; }
/// <summary>
/// True if the organization is using the Flexible Collections permission changes, false otherwise.
/// For existing organizations, this must only be set to true once data migrations have been run for this organization.
/// This is an organization-level feature flag (not controlled via LaunchDarkly) to onboard organizations to the
/// Flexible Collections MVP changes. This has been fully released and must always be set to TRUE for all organizations.
/// AC-1714 will remove this flag after all old code has been removed.
/// </summary>
public bool FlexibleCollections { get; set; }

View File

@ -438,9 +438,6 @@ public class OrganizationService : IOrganizationService
ValidatePlan(plan, signup.AdditionalSeats, "Password Manager");
var flexibleCollectionsSignupEnabled =
_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsSignup);
var flexibleCollectionsV1Enabled =
_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1);
@ -482,14 +479,12 @@ public class OrganizationService : IOrganizationService
// Secrets Manager not available for purchase with Consolidated Billing.
UseSecretsManager = false,
// This feature flag indicates that new organizations should be automatically onboarded to
// Flexible Collections enhancements
FlexibleCollections = flexibleCollectionsSignupEnabled,
// Flexible Collections MVP is fully released and all organizations must always have this setting enabled.
// AC-1714 will remove this flag after all old code has been removed.
FlexibleCollections = true,
// These collection management settings smooth the migration for existing organizations by disabling some FC behavior.
// If the organization is onboarded to Flexible Collections on signup, we turn them OFF to enable all new behaviour.
// If the organization is NOT onboarded now, they will have to be migrated later, so they default to ON to limit FC changes on migration.
LimitCollectionCreationDeletion = !flexibleCollectionsSignupEnabled,
// This is a transitional setting that defaults to ON until Flexible Collections v1 is released
// (to preserve existing behavior) and defaults to OFF after release (enabling new behavior)
AllowAdminAccessToAllCollectionItems = !flexibleCollectionsV1Enabled
};
@ -533,9 +528,6 @@ public class OrganizationService : IOrganizationService
await ValidateSignUpPoliciesAsync(signup.Owner.Id);
}
var flexibleCollectionsSignupEnabled =
_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsSignup);
var flexibleCollectionsV1IsEnabled =
_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1);
@ -577,14 +569,12 @@ public class OrganizationService : IOrganizationService
UsePasswordManager = true,
UseSecretsManager = signup.UseSecretsManager,
// This feature flag indicates that new organizations should be automatically onboarded to
// Flexible Collections enhancements
FlexibleCollections = flexibleCollectionsSignupEnabled,
// Flexible Collections MVP is fully released and all organizations must always have this setting enabled.
// AC-1714 will remove this flag after all old code has been removed.
FlexibleCollections = true,
// These collection management settings smooth the migration for existing organizations by disabling some FC behavior.
// If the organization is onboarded to Flexible Collections on signup, we turn them OFF to enable all new behaviour.
// If the organization is NOT onboarded now, they will have to be migrated later, so they default to ON to limit FC changes on migration.
LimitCollectionCreationDeletion = !flexibleCollectionsSignupEnabled,
// This is a transitional setting that defaults to ON until Flexible Collections v1 is released
// (to preserve existing behavior) and defaults to OFF after release (enabling new behavior)
AllowAdminAccessToAllCollectionItems = !flexibleCollectionsV1IsEnabled
};
@ -665,9 +655,6 @@ public class OrganizationService : IOrganizationService
await ValidateSignUpPoliciesAsync(owner.Id);
var flexibleCollectionsSignupEnabled =
_featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsSignup);
var organization = new Organization
{
Name = license.Name,
@ -713,7 +700,7 @@ public class OrganizationService : IOrganizationService
// This feature flag indicates that new organizations should be automatically onboarded to
// Flexible Collections enhancements
FlexibleCollections = flexibleCollectionsSignupEnabled,
FlexibleCollections = true,
};
var result = await SignUpAsync(organization, owner.Id, ownerKey, collectionName, false);

View File

@ -115,10 +115,6 @@ public static class FeatureFlagKeys
public const string KeyRotationImprovements = "key-rotation-improvements";
public const string DuoRedirect = "duo-redirect";
/// <summary>
/// Enables flexible collections improvements for new organizations on creation
/// </summary>
public const string FlexibleCollectionsSignup = "flexible-collections-signup";
/// <summary>
/// Exposes a migration button in the web vault which allows users to migrate an existing organization to
/// flexible collections
/// </summary>
@ -151,8 +147,7 @@ public static class FeatureFlagKeys
return new Dictionary<string, string>()
{
{ DuoRedirect, "true" },
{ UnassignedItemsBanner, "true"},
{ FlexibleCollectionsSignup, "true" }
{ UnassignedItemsBanner, "true"}
};
}
}

View File

@ -252,7 +252,7 @@ public class OrganizationServiceTests
[Theory]
[BitAutoData(PlanType.FamiliesAnnually)]
public async Task SignUp_WithFlexibleCollections_SetsAccessAllToFalse
public async Task SignUp_EnablesFlexibleCollectionsFeatures
(PlanType planType, OrganizationSignup signup, SutProvider<OrganizationService> sutProvider)
{
signup.Plan = planType;
@ -261,10 +261,6 @@ public class OrganizationServiceTests
signup.PremiumAccessAddon = false;
signup.UseSecretsManager = false;
sutProvider.GetDependency<IFeatureService>()
.IsEnabled(FeatureFlagKeys.FlexibleCollectionsSignup)
.Returns(true);
// Extract orgUserId when created
Guid? orgUserId = null;
await sutProvider.GetDependency<IOrganizationUserRepository>()
@ -272,6 +268,10 @@ public class OrganizationServiceTests
var result = await sutProvider.Sut.SignUpAsync(signup);
// Assert: Organization.FlexibleCollections is enabled
await sutProvider.GetDependency<IOrganizationRepository>().Received(1)
.CreateAsync(Arg.Is<Organization>(o => o.FlexibleCollections));
// Assert: AccessAll is not used
await sutProvider.GetDependency<IOrganizationUserRepository>().Received(1).CreateAsync(
Arg.Is<OrganizationUser>(o =>
@ -295,33 +295,6 @@ public class OrganizationServiceTests
Assert.NotNull(result.Item2);
}
[Theory]
[BitAutoData(PlanType.FamiliesAnnually)]
public async Task SignUp_WithoutFlexibleCollections_SetsAccessAllToTrue
(PlanType planType, OrganizationSignup signup, SutProvider<OrganizationService> sutProvider)
{
signup.Plan = planType;
var plan = StaticStore.GetPlan(signup.Plan);
signup.AdditionalSeats = 0;
signup.PaymentMethodType = PaymentMethodType.Card;
signup.PremiumAccessAddon = false;
signup.UseSecretsManager = false;
sutProvider.GetDependency<IFeatureService>()
.IsEnabled(FeatureFlagKeys.FlexibleCollectionsSignup)
.Returns(false);
var result = await sutProvider.Sut.SignUpAsync(signup);
await sutProvider.GetDependency<IOrganizationUserRepository>().Received(1).CreateAsync(
Arg.Is<OrganizationUser>(o =>
o.UserId == signup.Owner.Id &&
o.AccessAll == true));
Assert.NotNull(result.Item1);
Assert.NotNull(result.Item2);
}
[Theory]
[BitAutoData(PlanType.EnterpriseAnnually)]
[BitAutoData(PlanType.EnterpriseMonthly)]