[AC-2195] Fixes for FC V1 for Custom Users (#8034)

* [AC-2195] Update canEditAnyCipher permission to make an exception for Custom users with editAnyCollection permission

* [AC-2195] Update V1 FC flag check to include check for an organization's FC status

* [AC-2195] Remove redundant collection management setting check that was hiding the restricted access message for custom users with deleteAnyCollection

* [AC-2195] Ensure users with canEditAnyCollections can edit all collections

apps/web/src/app/vault/org-vault/vault.component.ts

@@ -141,7 +141,11 @@ export class VaultComponent implements OnInit, OnDestroy {
     FeatureFlag.BulkCollectionAccess,
     false,
   );
-  protected flexibleCollectionsV1Enabled: boolean;
+  private _flexibleCollectionsV1FlagEnabled: boolean;
+
+  protected get flexibleCollectionsV1Enabled(): boolean {
+    return this._flexibleCollectionsV1FlagEnabled && this.organization?.flexibleCollections;
+  }
 
   private searchText$ = new Subject<string>();
   private refresh$ = new BehaviorSubject<void>(null);
@@ -184,7 +188,7 @@ export class VaultComponent implements OnInit, OnDestroy {
         : "trashCleanupWarning",
     );
 
-    this.flexibleCollectionsV1Enabled = await this.configService.getFeatureFlag(
+    this._flexibleCollectionsV1FlagEnabled = await this.configService.getFeatureFlag(
       FeatureFlag.FlexibleCollectionsV1,
       false,
     );
@@ -274,13 +278,8 @@ export class VaultComponent implements OnInit, OnDestroy {
 
     this.editableCollections$ = allCollectionsWithoutUnassigned$.pipe(
       map((collections) => {
-        if (
+        // Users that can edit all ciphers can implicitly edit all collections
-          this.organization.canEditAnyCollection &&
+        if (this.organization.canEditAllCiphers(this.flexibleCollectionsV1Enabled)) {
-          this.organization.allowAdminAccessToAllCollectionItems
-        ) {
-          return collections;
-        }
-        if (this.organization.isProviderUser) {
           return collections;
         }
         return collections.filter((c) => c.assigned && !c.readOnly);
@@ -404,8 +403,7 @@ export class VaultComponent implements OnInit, OnDestroy {
       map(([filter, collection, organization]) => {
         return (
           (filter.collectionId === Unassigned && !organization.canUseAdminCollections) ||
-          (!organization.allowAdminAccessToAllCollectionItems &&
+          (!organization.canEditAllCiphers(this.flexibleCollectionsV1Enabled) &&
-            !organization.canEditAllCiphers(this.flexibleCollectionsV1Enabled) &&
             collection != undefined &&
             !collection.node.assigned)
         );

libs/common/src/admin-console/models/domain/organization.ts

@@ -202,11 +202,11 @@ export class Organization {
       return this.canEditAnyCollection;
     }
     // Post Flexible Collections V1, the allowAdminAccessToAllCollectionItems flag can restrict admins
-    // Providers are not affected by allowAdminAccessToAllCollectionItems flag
+    // Providers and custom users with canEditAnyCollection are not affected by allowAdminAccessToAllCollectionItems flag
-    // note: canEditAnyCollection may change in the V1 to also ignore the allowAdminAccessToAllCollectionItems flag
     return (
       this.isProviderUser ||
-      (this.allowAdminAccessToAllCollectionItems && this.canEditAnyCollection)
+      (this.type === OrganizationUserType.Custom && this.permissions.editAnyCollection) ||
+      (this.allowAdminAccessToAllCollectionItems && this.isAdmin)
     );
   }