[PM-7292] Fix viewing/editing unassigned ciphers for admins (#8627)

* [PM-7292] Introduce canEditUnassignedCiphers helper

* [PM-7292] Use new canEditUnassignedCiphers helper

* [PM-7292] Remove duplicate canUseAdminCollections helper

apps/web/src/app/vault/org-vault/vault.component.ts

@@ -213,7 +213,7 @@ export class VaultComponent implements OnInit, OnDestroy {
       switchMap(async ([organization]) => {
         this.organization = organization;
 
-        if (!organization.canUseAdminCollections(this.flexibleCollectionsV1Enabled)) {
+        if (!organization.canEditAnyCollection(this.flexibleCollectionsV1Enabled)) {
           await this.syncService.fullSync(false);
         }
 
@@ -407,8 +407,7 @@ export class VaultComponent implements OnInit, OnDestroy {
     ]).pipe(
       map(([filter, collection, organization]) => {
         return (
-          (filter.collectionId === Unassigned &&
-            !organization.canUseAdminCollections(this.flexibleCollectionsV1Enabled)) ||
+          (filter.collectionId === Unassigned && !organization.canEditUnassignedCiphers()) ||
           (!organization.canEditAllCiphers(this.flexibleCollectionsV1Enabled) &&
             collection != undefined &&
             !collection.node.assigned)
@@ -454,12 +453,11 @@ export class VaultComponent implements OnInit, OnDestroy {
       map(([filter, collection, organization]) => {
         return (
           // Filtering by unassigned, show message if not admin
-          (filter.collectionId === Unassigned &&
-            !organization.canUseAdminCollections(this.flexibleCollectionsV1Enabled)) ||
+          (filter.collectionId === Unassigned && !organization.canEditUnassignedCiphers()) ||
           // Filtering by a collection, so show message if user is not assigned
           (collection != undefined &&
             !collection.node.assigned &&
-            !organization.canUseAdminCollections(this.flexibleCollectionsV1Enabled))
+            !organization.canEditAnyCollection(this.flexibleCollectionsV1Enabled))
         );
       }),
       shareReplay({ refCount: true, bufferSize: 1 }),
@@ -482,7 +480,7 @@ export class VaultComponent implements OnInit, OnDestroy {
               (await firstValueFrom(allCipherMap$))[cipherId] != undefined;
           } else {
             canEditCipher =
-              organization.canUseAdminCollections(this.flexibleCollectionsV1Enabled) ||
+              organization.canEditAnyCollection(this.flexibleCollectionsV1Enabled) ||
               (await this.cipherService.get(cipherId)) != null;
           }
 

libs/angular/src/vault/components/add-edit.component.ts

@@ -662,7 +662,7 @@ export class AddEditComponent implements OnInit, OnDestroy {
 
     // if a cipher is unassigned we want to check if they are an admin or have permission to edit any collection
     if (!cipher.collectionIds) {
-      orgAdmin = this.organization?.canEditAllCiphers(this.flexibleCollectionsV1Enabled);
+      orgAdmin = this.organization?.canEditUnassignedCiphers();
     }
 
     return this.cipher.id == null

libs/common/src/admin-console/models/domain/organization.ts

@@ -203,8 +203,9 @@ export class Organization {
     );
   }
 
-  canUseAdminCollections(flexibleCollectionsV1Enabled: boolean) {
-    return this.canEditAnyCollection(flexibleCollectionsV1Enabled);
+  canEditUnassignedCiphers() {
+    // TODO: Update this to exclude Providers if provider access is restricted in AC-1707
+    return this.isAdmin || this.permissions.editAnyCollection;
   }
 
   canEditAllCiphers(flexibleCollectionsV1Enabled: boolean) {