From d239170c1ca3996703c59ea3a46cf6315b925a53 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rui=20Tom=C3=A9?=
 <108268980+r-tome@users.noreply.github.com>
Date: Fri, 31 Jan 2025 15:01:26 +0000
Subject: [PATCH] [PM-17697] Save Organization Name changes in Bitwarden Portal
 (#5337)

* Add Org_Name_Edit permission to the Permissions enum

* Add Org_Name_Edit permission to RolePermissionMapping

* Implement Org_Name_Edit permission check in UpdateOrganization method

* Add Org_Name_Edit permission check to Organization form input
---
 .../AdminConsole/Controllers/OrganizationsController.cs      | 5 +++++
 src/Admin/AdminConsole/Views/Shared/_OrganizationForm.cshtml | 3 ++-
 src/Admin/Enums/Permissions.cs                               | 1 +
 src/Admin/Utilities/RolePermissionMapping.cs                 | 5 +++++
 4 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/Admin/AdminConsole/Controllers/OrganizationsController.cs b/src/Admin/AdminConsole/Controllers/OrganizationsController.cs
index 3fdef169b4..60a5a39612 100644
--- a/src/Admin/AdminConsole/Controllers/OrganizationsController.cs
+++ b/src/Admin/AdminConsole/Controllers/OrganizationsController.cs
@@ -421,6 +421,11 @@ public class OrganizationsController : Controller
 
     private void UpdateOrganization(Organization organization, OrganizationEditModel model)
     {
+        if (_accessControlService.UserHasPermission(Permission.Org_Name_Edit))
+        {
+            organization.Name = WebUtility.HtmlEncode(model.Name);
+        }
+
         if (_accessControlService.UserHasPermission(Permission.Org_CheckEnabledBox))
         {
             organization.Enabled = model.Enabled;
diff --git a/src/Admin/AdminConsole/Views/Shared/_OrganizationForm.cshtml b/src/Admin/AdminConsole/Views/Shared/_OrganizationForm.cshtml
index cdc7608675..aeff65c900 100644
--- a/src/Admin/AdminConsole/Views/Shared/_OrganizationForm.cshtml
+++ b/src/Admin/AdminConsole/Views/Shared/_OrganizationForm.cshtml
@@ -12,6 +12,7 @@
     var canViewBilling = AccessControlService.UserHasPermission(Permission.Org_Billing_View);
     var canViewPlan = AccessControlService.UserHasPermission(Permission.Org_Plan_View);
     var canViewLicensing = AccessControlService.UserHasPermission(Permission.Org_Licensing_View);
+    var canEditName = AccessControlService.UserHasPermission(Permission.Org_Name_Edit);
     var canCheckEnabled = AccessControlService.UserHasPermission(Permission.Org_CheckEnabledBox);
     var canEditPlan = AccessControlService.UserHasPermission(Permission.Org_Plan_Edit);
     var canEditLicensing = AccessControlService.UserHasPermission(Permission.Org_Licensing_Edit);
@@ -28,7 +29,7 @@
             <div class="col-sm">
                 <div class="mb-3">
                     <label class="form-label" asp-for="Name"></label>
-                    <input type="text" class="form-control" asp-for="Name" value="@Model.Name" required>
+                    <input type="text" class="form-control" asp-for="Name" value="@Model.Name" required disabled="@(canEditName ? null : "disabled")">
                 </div>
             </div>
         </div>
diff --git a/src/Admin/Enums/Permissions.cs b/src/Admin/Enums/Permissions.cs
index 20c500c061..4edcd742b4 100644
--- a/src/Admin/Enums/Permissions.cs
+++ b/src/Admin/Enums/Permissions.cs
@@ -22,6 +22,7 @@ public enum Permission
     Org_List_View,
     Org_OrgInformation_View,
     Org_GeneralDetails_View,
+    Org_Name_Edit,
     Org_CheckEnabledBox,
     Org_BusinessInformation_View,
     Org_InitiateTrial,
diff --git a/src/Admin/Utilities/RolePermissionMapping.cs b/src/Admin/Utilities/RolePermissionMapping.cs
index 4b5a4e3802..3b510781be 100644
--- a/src/Admin/Utilities/RolePermissionMapping.cs
+++ b/src/Admin/Utilities/RolePermissionMapping.cs
@@ -24,6 +24,7 @@ public static class RolePermissionMapping
                 Permission.User_Billing_Edit,
                 Permission.User_Billing_LaunchGateway,
                 Permission.User_NewDeviceException_Edit,
+                Permission.Org_Name_Edit,
                 Permission.Org_CheckEnabledBox,
                 Permission.Org_List_View,
                 Permission.Org_OrgInformation_View,
@@ -71,6 +72,7 @@ public static class RolePermissionMapping
                 Permission.User_Billing_Edit,
                 Permission.User_Billing_LaunchGateway,
                 Permission.User_NewDeviceException_Edit,
+                Permission.Org_Name_Edit,
                 Permission.Org_CheckEnabledBox,
                 Permission.Org_List_View,
                 Permission.Org_OrgInformation_View,
@@ -116,6 +118,7 @@ public static class RolePermissionMapping
                 Permission.User_Billing_View,
                 Permission.User_Billing_LaunchGateway,
                 Permission.User_NewDeviceException_Edit,
+                Permission.Org_Name_Edit,
                 Permission.Org_CheckEnabledBox,
                 Permission.Org_List_View,
                 Permission.Org_OrgInformation_View,
@@ -148,6 +151,7 @@ public static class RolePermissionMapping
                 Permission.User_Billing_View,
                 Permission.User_Billing_Edit,
                 Permission.User_Billing_LaunchGateway,
+                Permission.Org_Name_Edit,
                 Permission.Org_CheckEnabledBox,
                 Permission.Org_List_View,
                 Permission.Org_OrgInformation_View,
@@ -185,6 +189,7 @@ public static class RolePermissionMapping
                 Permission.User_Premium_View,
                 Permission.User_Licensing_View,
                 Permission.User_Licensing_Edit,
+                Permission.Org_Name_Edit,
                 Permission.Org_CheckEnabledBox,
                 Permission.Org_List_View,
                 Permission.Org_OrgInformation_View,