[SM-673] redirect from SM root to overview page (#5202)

* remove deprecated CanActivate; use CanActivateFn; redirect to available org from SM root

* fix route

* not working: redirect after login

* add sync service workaround

bitwarden_license/bit-web/src/app/secrets-manager/secrets-manager.module.ts

@@ -5,10 +5,8 @@ import { SharedModule } from "@bitwarden/web-vault/app/shared";
 import { LayoutModule } from "./layout/layout.module";
 import { SecretsManagerSharedModule } from "./shared/sm-shared.module";
 import { SecretsManagerRoutingModule } from "./sm-routing.module";
-import { SMGuard } from "./sm.guard";
 
 @NgModule({
   imports: [SharedModule, SecretsManagerSharedModule, SecretsManagerRoutingModule, LayoutModule],
-  providers: [SMGuard],
 })
 export class SecretsManagerModule {}

bitwarden_license/bit-web/src/app/secrets-manager/sm-routing.module.ts

@@ -13,14 +13,23 @@ import { ProjectsModule } from "./projects/projects.module";
 import { SecretsModule } from "./secrets/secrets.module";
 import { ServiceAccountsModule } from "./service-accounts/service-accounts.module";
 import { SettingsModule } from "./settings/settings.module";
-import { SMGuard } from "./sm.guard";
+import { canActivateSM } from "./sm.guard";
 import { TrashModule } from "./trash/trash.module";
 
 const routes: Routes = [
   buildFlaggedRoute("secretsManager", {
+    path: "",
+    children: [
+      {
+        path: "",
+        canActivate: [canActivateSM],
+        pathMatch: "full",
+        children: [],
+      },
+      {
         path: ":organizationId",
         component: LayoutComponent,
-    canActivate: [AuthGuard, OrganizationPermissionsGuard, SMGuard],
+        canActivate: [AuthGuard, OrganizationPermissionsGuard],
         data: {
           organizationPermissions: (org: Organization) => org.canAccessSecretsManager,
         },
@@ -68,6 +77,8 @@ const routes: Routes = [
             pathMatch: "full",
           },
         ],
+      },
+    ],
   }),
 ];
 

bitwarden_license/bit-web/src/app/secrets-manager/sm.guard.ts

@@ -1,10 +1,42 @@
-import { Injectable } from "@angular/core";
+import { inject } from "@angular/core";
-import { ActivatedRouteSnapshot, CanActivate } from "@angular/router";
+import {
+  ActivatedRouteSnapshot,
+  CanActivateFn,
+  createUrlTreeFromSnapshot,
+  RouterStateSnapshot,
+} from "@angular/router";
 
-@Injectable()
+import { AuthGuard } from "@bitwarden/angular/auth/guards/auth.guard";
-export class SMGuard implements CanActivate {
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
-  async canActivate(route: ActivatedRouteSnapshot) {
+import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
-    // TODO: Verify org
+import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
-    return true;
+import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
+
+/**
+ * Redirects from root `/sm` to first organization with access to SM
+ */
+export const canActivateSM: CanActivateFn = async (
+  route: ActivatedRouteSnapshot,
+  state: RouterStateSnapshot
+) => {
+  const syncService = inject(SyncService);
+  const authService = inject(AuthService);
+  const orgService = inject(OrganizationService);
+  const authGuard = inject(AuthGuard);
+
+  /** Workaround to avoid service initialization race condition. */
+  if ((await syncService.getLastSync()) == null) {
+    await syncService.fullSync(false);
   }
-}
+
+  if ((await authService.getAuthStatus()) !== AuthenticationStatus.Unlocked) {
+    return authGuard.canActivate(route, state);
+  }
+
+  const orgs = await orgService.getAll();
+  const smOrg = orgs.find((o) => o.canAccessSecretsManager);
+  if (smOrg) {
+    return createUrlTreeFromSnapshot(route, ["/sm", smOrg.id]);
+  }
+  return createUrlTreeFromSnapshot(route, ["/vault"]);
+};