From 31be6a7c8898feaaba3b70787046d69a7c3d1fab Mon Sep 17 00:00:00 2001
From: Brandon Treston <btreston@bitwarden.com>
Date: Sun, 15 Dec 2024 17:33:46 -0500
Subject: [PATCH] [PM-12273] use organization properties for access permissions
 (#12358)

* use organization properties for access permissions

* clean up refactor

* simplify logic

* refactor canAccessIntegrationEditor to have all the permission checks
---
 .../integrations/integrations.component.html  | 15 ++++++++------
 .../integrations/integrations.component.ts    | 20 ++++++++++++++++---
 .../layouts/organization-layout.component.ts  | 10 +---------
 .../organization-routing.module.ts            |  5 +++++
 .../models/domain/organization.ts             | 11 ++++++++++
 5 files changed, 43 insertions(+), 18 deletions(-)

diff --git a/apps/web/src/app/admin-console/organizations/integrations/integrations.component.html b/apps/web/src/app/admin-console/organizations/integrations/integrations.component.html
index 61e7996becd..58c52e4f40a 100644
--- a/apps/web/src/app/admin-console/organizations/integrations/integrations.component.html
+++ b/apps/web/src/app/admin-console/organizations/integrations/integrations.component.html
@@ -1,7 +1,7 @@
 <app-header> </app-header>
 
-<bit-tab-group [(selectedIndex)]="tabIndex">
-  <bit-tab [label]="'singleSignOn' | i18n">
+<bit-tab-group [(selectedIndex)]="tabIndex" *ngIf="organization$ | async as organization">
+  <bit-tab [label]="'singleSignOn' | i18n" *ngIf="organization.useSso">
     <section class="tw-mb-9">
       <h2 bitTypography="h2">{{ "singleSignOn" | i18n }}</h2>
       <p bitTypography="body1">
@@ -15,8 +15,11 @@ <h2 bitTypography="h2">{{ "singleSignOn" | i18n }}</h2>
     </section>
   </bit-tab>
 
-  <bit-tab [label]="'userProvisioning' | i18n">
-    <section class="tw-mb-9">
+  <bit-tab
+    [label]="'userProvisioning' | i18n"
+    *ngIf="organization.useScim || organization.useDirectory"
+  >
+    <section class="tw-mb-9" *ngIf="organization.useScim">
       <h2 bitTypography="h2">
         {{ "scimIntegration" | i18n }}
       </h2>
@@ -29,7 +32,7 @@ <h2 bitTypography="h2">
         [integrations]="integrationsList | filterIntegrations: IntegrationType.SCIM"
       ></app-integration-grid>
     </section>
-    <section class="tw-mb-9">
+    <section class="tw-mb-9" *ngIf="organization.useDirectory">
       <h2 bitTypography="h2">
         {{ "bwdc" | i18n }}
       </h2>
@@ -40,7 +43,7 @@ <h2 bitTypography="h2">
     </section>
   </bit-tab>
 
-  <bit-tab [label]="'eventManagement' | i18n">
+  <bit-tab [label]="'eventManagement' | i18n" *ngIf="organization.useEvents">
     <section class="tw-mb-9">
       <h2 bitTypography="h2">
         {{ "eventManagement" | i18n }}
diff --git a/apps/web/src/app/admin-console/organizations/integrations/integrations.component.ts b/apps/web/src/app/admin-console/organizations/integrations/integrations.component.ts
index 4711ab610e3..d7ab6a6f617 100644
--- a/apps/web/src/app/admin-console/organizations/integrations/integrations.component.ts
+++ b/apps/web/src/app/admin-console/organizations/integrations/integrations.component.ts
@@ -1,7 +1,11 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
-import { Component } from "@angular/core";
+import { Component, OnInit } from "@angular/core";
+import { ActivatedRoute } from "@angular/router";
+import { Observable, switchMap } from "rxjs";
 
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
+import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { IntegrationType } from "@bitwarden/common/enums";
 
 import { HeaderModule } from "../../../layouts/header/header.module";
@@ -21,11 +25,21 @@ import { SharedOrganizationModule } from "../shared";
     FilterIntegrationsPipe,
   ],
 })
-export class AdminConsoleIntegrationsComponent {
+export class AdminConsoleIntegrationsComponent implements OnInit {
   integrationsList: Integration[] = [];
   tabIndex: number;
+  organization$: Observable<Organization>;
 
-  constructor() {
+  ngOnInit(): void {
+    this.organization$ = this.route.params.pipe(
+      switchMap((params) => this.organizationService.get$(params.organizationId)),
+    );
+  }
+
+  constructor(
+    private route: ActivatedRoute,
+    private organizationService: OrganizationService,
+  ) {
     this.integrationsList = [
       {
         name: "AD FS",
diff --git a/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.ts b/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.ts
index 6ead83b01d8..8c4f5ce8c46 100644
--- a/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.ts
+++ b/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.ts
@@ -20,10 +20,8 @@ import { PolicyService } from "@bitwarden/common/admin-console/abstractions/poli
 import { ProviderService } from "@bitwarden/common/admin-console/abstractions/provider.service";
 import { PolicyType, ProviderStatusType } from "@bitwarden/common/admin-console/enums";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
-import { ProductTierType } from "@bitwarden/common/billing/enums";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
-import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { getById } from "@bitwarden/common/platform/misc";
 import { BannerModule, IconModule } from "@bitwarden/components";
@@ -69,7 +67,6 @@ export class OrganizationLayoutComponent implements OnInit {
     private configService: ConfigService,
     private policyService: PolicyService,
     private providerService: ProviderService,
-    private i18nService: I18nService,
   ) {}
 
   async ngOnInit() {
@@ -113,12 +110,7 @@ export class OrganizationLayoutComponent implements OnInit {
     this.integrationPageEnabled$ = combineLatest(
       this.organization$,
       this.configService.getFeatureFlag$(FeatureFlag.PM14505AdminConsoleIntegrationPage),
-    ).pipe(
-      map(
-        ([org, featureFlagEnabled]) =>
-          org.productTierType === ProductTierType.Enterprise && featureFlagEnabled,
-      ),
-    );
+    ).pipe(map(([org, featureFlagEnabled]) => featureFlagEnabled && org.canAccessIntegrations));
 
     this.domainVerificationNavigationTextKey = (await this.configService.getFeatureFlag(
       FeatureFlag.AccountDeprovisioning,
diff --git a/apps/web/src/app/admin-console/organizations/organization-routing.module.ts b/apps/web/src/app/admin-console/organizations/organization-routing.module.ts
index b83d636ea1e..f7720598284 100644
--- a/apps/web/src/app/admin-console/organizations/organization-routing.module.ts
+++ b/apps/web/src/app/admin-console/organizations/organization-routing.module.ts
@@ -47,6 +47,7 @@ const routes: Routes = [
         canActivate: [
           canAccessFeature(FeatureFlag.PM14505AdminConsoleIntegrationPage),
           isEnterpriseOrgGuard(false),
+          organizationPermissionsGuard(canAccessIntegrations),
         ],
         component: AdminConsoleIntegrationsComponent,
         data: {
@@ -109,6 +110,10 @@ function getOrganizationRoute(organization: Organization): string {
   return undefined;
 }
 
+function canAccessIntegrations(organization: Organization) {
+  return organization.canAccessIntegrations;
+}
+
 @NgModule({
   imports: [RouterModule.forChild(routes)],
   exports: [RouterModule],
diff --git a/libs/common/src/admin-console/models/domain/organization.ts b/libs/common/src/admin-console/models/domain/organization.ts
index eeadcb4421d..8441298bbff 100644
--- a/libs/common/src/admin-console/models/domain/organization.ts
+++ b/libs/common/src/admin-console/models/domain/organization.ts
@@ -360,4 +360,15 @@ export class Organization {
       familySponsorshipValidUntil: new Date(json.familySponsorshipValidUntil),
     });
   }
+
+  get canAccessIntegrations() {
+    return (
+      (this.productTierType === ProductTierType.Teams ||
+        this.productTierType === ProductTierType.Enterprise) &&
+      (this.isAdmin ||
+        this.permissions.manageUsers ||
+        this.permissions.manageGroups ||
+        this.permissions.accessEventLogs)
+    );
+  }
 }