PM-15091 Add Feature Flag to DB called UseRiskInsights (#5088)

Add a new column called UseRiskInsights to `dbo.Organization`
2025-06-30 15:42:48 -05:00 · 2024-12-05 10:46:01 -06:00
parent f471fffe42
commit 1f1510f4d4
32 changed files with 9467 additions and 12 deletions
--- a/src/Admin/AdminConsole/Controllers/OrganizationsController.cs
+++ b/src/Admin/AdminConsole/Controllers/OrganizationsController.cs
@ -448,6 +448,7 @@ public class OrganizationsController : Controller
            organization.UseTotp = model.UseTotp;
            organization.UsersGetPremium = model.UsersGetPremium;
            organization.UseSecretsManager = model.UseSecretsManager;
+            organization.UseRiskInsights = model.UseRiskInsights;

            //secrets
            organization.SmSeats = model.SmSeats;
--- a/src/Admin/AdminConsole/Models/OrganizationEditModel.cs
+++ b/src/Admin/AdminConsole/Models/OrganizationEditModel.cs
@ -80,6 +80,7 @@ public class OrganizationEditModel : OrganizationViewModel
        Use2fa = org.Use2fa;
        UseApi = org.UseApi;
        UseSecretsManager = org.UseSecretsManager;
+        UseRiskInsights = org.UseRiskInsights;
        UseResetPassword = org.UseResetPassword;
        SelfHost = org.SelfHost;
        UsersGetPremium = org.UsersGetPremium;
@ -144,6 +145,8 @@ public class OrganizationEditModel : OrganizationViewModel
    public bool UseScim { get; set; }
    [Display(Name = "Secrets Manager")]
    public new bool UseSecretsManager { get; set; }
+    [Display(Name = "Risk Insights")]
+    public new bool UseRiskInsights { get; set; }
    [Display(Name = "Self Host")]
    public bool SelfHost { get; set; }
    [Display(Name = "Users Get Premium")]
@ -284,6 +287,7 @@ public class OrganizationEditModel : OrganizationViewModel
        existingOrganization.Use2fa = Use2fa;
        existingOrganization.UseApi = UseApi;
        existingOrganization.UseSecretsManager = UseSecretsManager;
+        existingOrganization.UseRiskInsights = UseRiskInsights;
        existingOrganization.UseResetPassword = UseResetPassword;
        existingOrganization.SelfHost = SelfHost;
        existingOrganization.UsersGetPremium = UsersGetPremium;
--- a/src/Admin/AdminConsole/Models/OrganizationViewModel.cs
+++ b/src/Admin/AdminConsole/Models/OrganizationViewModel.cs
@ -69,4 +69,5 @@ public class OrganizationViewModel
    public int ServiceAccountsCount { get; set; }
    public int OccupiedSmSeatsCount { get; set; }
    public bool UseSecretsManager => Organization.UseSecretsManager;
+    public bool UseRiskInsights => Organization.UseRiskInsights;
 }
--- a/src/Admin/AdminConsole/Views/Shared/_OrganizationForm.cshtml
+++ b/src/Admin/AdminConsole/Views/Shared/_OrganizationForm.cshtml
@ -94,7 +94,7 @@
            </div>
        </div>
        <h2>Features</h2>
-        <div class="row mb-3">
+        <div class="row mb-4">
            <div class="col-4">
                <h3>General</h3>
                <div class="form-check mb-2">
@ -146,7 +146,7 @@
                    <label class="form-check-label" asp-for="UseCustomPermissions"></label>
                </div>
            </div>
-            <div class="col-4">
+            <div class="col-3">
                <h3>Password Manager</h3>
                <div class="form-check">
                    <input type="checkbox" class="form-check-input" asp-for="UseTotp" disabled='@(canEditPlan ? null : "disabled")'>
@ -157,13 +157,20 @@
                    <label class="form-check-label" asp-for="UsersGetPremium"></label>
                </div>
            </div>
-            <div class="col-4">
+            <div class="col-3">
                <h3>Secrets Manager</h3>
                <div class="form-check">
                    <input type="checkbox" class="form-check-input" asp-for="UseSecretsManager" disabled='@(canEditPlan ? null : "disabled")'>
                    <label class="form-check-label" asp-for="UseSecretsManager"></label>
                </div>
            </div>
+            <div class="col-2">
+                <h3>Access Insights</h3>
+                <div class="form-check">
+                    <input type="checkbox" class="form-check-input" asp-for="UseRiskInsights" disabled='@(canEditPlan ? null : "disabled")'>
+                    <label class="form-check-label" asp-for="UseRiskInsights"></label>
+                </div>
+            </div>
        </div>
    }

--- a/src/Api/AdminConsole/Models/Response/Organizations/OrganizationResponseModel.cs
+++ b/src/Api/AdminConsole/Models/Response/Organizations/OrganizationResponseModel.cs
@ -60,6 +60,7 @@ public class OrganizationResponseModel : ResponseModel
        // Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
        LimitCollectionCreationDeletion = organization.LimitCollectionCreationDeletion;
        AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
+        UseRiskInsights = organization.UseRiskInsights;
    }

    public Guid Id { get; set; }
@ -106,6 +107,7 @@ public class OrganizationResponseModel : ResponseModel
    // Deperectated: https://bitwarden.atlassian.net/browse/PM-10863
    public bool LimitCollectionCreationDeletion { get; set; }
    public bool AllowAdminAccessToAllCollectionItems { get; set; }
+    public bool UseRiskInsights { get; set; }
 }

 public class OrganizationSubscriptionResponseModel : OrganizationResponseModel
--- a/src/Api/AdminConsole/Models/Response/ProfileOrganizationResponseModel.cs
+++ b/src/Api/AdminConsole/Models/Response/ProfileOrganizationResponseModel.cs
@ -71,6 +71,7 @@ public class ProfileOrganizationResponseModel : ResponseModel
        LimitCollectionCreationDeletion = organization.LimitCollectionCreationDeletion;
        AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
        UserIsManagedByOrganization = organizationIdsManagingUser.Contains(organization.OrganizationId);
+        UseRiskInsights = organization.UseRiskInsights;

        if (organization.SsoConfig != null)
        {
@ -143,4 +144,5 @@ public class ProfileOrganizationResponseModel : ResponseModel
    /// False if the Account Deprovisioning feature flag is disabled.
    /// </returns>
    public bool UserIsManagedByOrganization { get; set; }
+    public bool UseRiskInsights { get; set; }
 }
--- a/src/Api/AdminConsole/Models/Response/ProfileProviderOrganizationResponseModel.cs
+++ b/src/Api/AdminConsole/Models/Response/ProfileProviderOrganizationResponseModel.cs
@ -49,5 +49,6 @@ public class ProfileProviderOrganizationResponseModel : ProfileOrganizationRespo
        // https://bitwarden.atlassian.net/browse/PM-10863
        LimitCollectionCreationDeletion = organization.LimitCollectionCreationDeletion;
        AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
+        UseRiskInsights = organization.UseRiskInsights;
    }
 }
--- a/src/Core/AdminConsole/Entities/Organization.cs
+++ b/src/Core/AdminConsole/Entities/Organization.cs
@ -115,6 +115,11 @@ public class Organization : ITableObject<Guid>, IStorableSubscriber, IRevisable,
    /// </summary>
    public bool AllowAdminAccessToAllCollectionItems { get; set; }

+    /// <summary>
+    /// Risk Insights is a reporting feature that provides insights into the security of an organization's vault.
+    /// </summary>
+    public bool UseRiskInsights { get; set; }
+
    public void SetNewId()
    {
        if (Id == default(Guid))
--- a/src/Core/AdminConsole/Models/Data/Organizations/OrganizationAbility.cs
+++ b/src/Core/AdminConsole/Models/Data/Organizations/OrganizationAbility.cs
@ -26,6 +26,7 @@ public class OrganizationAbility
        // Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
        LimitCollectionCreationDeletion = organization.LimitCollectionCreationDeletion;
        AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
+        UseRiskInsights = organization.UseRiskInsights;
    }

    public Guid Id { get; set; }
@ -45,4 +46,5 @@ public class OrganizationAbility
    // Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
    public bool LimitCollectionCreationDeletion { get; set; }
    public bool AllowAdminAccessToAllCollectionItems { get; set; }
+    public bool UseRiskInsights { get; set; }
 }
--- a/src/Core/AdminConsole/Models/Data/Organizations/OrganizationUsers/OrganizationUserOrganizationDetails.cs
+++ b/src/Core/AdminConsole/Models/Data/Organizations/OrganizationUsers/OrganizationUserOrganizationDetails.cs
@ -59,4 +59,5 @@ public class OrganizationUserOrganizationDetails
    // Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
    public bool LimitCollectionCreationDeletion { get; set; }
    public bool AllowAdminAccessToAllCollectionItems { get; set; }
+    public bool UseRiskInsights { get; set; }
 }
--- a/src/Core/AdminConsole/Models/Data/Provider/ProviderUserOrganizationDetails.cs
+++ b/src/Core/AdminConsole/Models/Data/Provider/ProviderUserOrganizationDetails.cs
@ -44,4 +44,5 @@ public class ProviderUserOrganizationDetails
    public bool LimitCollectionDeletion { get; set; }
    public bool LimitCollectionCreationDeletion { get; set; }
    public bool AllowAdminAccessToAllCollectionItems { get; set; }
+    public bool UseRiskInsights { get; set; }
 }
--- a/src/Infrastructure.EntityFramework/AdminConsole/Repositories/OrganizationRepository.cs
+++ b/src/Infrastructure.EntityFramework/AdminConsole/Repositories/OrganizationRepository.cs
@ -103,7 +103,8 @@ public class OrganizationRepository : Repository<Core.AdminConsole.Entities.Orga
                LimitCollectionDeletion = e.LimitCollectionDeletion,
                // Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
                LimitCollectionCreationDeletion = e.LimitCollectionCreationDeletion,
-                AllowAdminAccessToAllCollectionItems = e.AllowAdminAccessToAllCollectionItems
+                AllowAdminAccessToAllCollectionItems = e.AllowAdminAccessToAllCollectionItems,
+                UseRiskInsights = e.UseRiskInsights,
            }).ToListAsync();
        }
    }
--- a/src/Infrastructure.EntityFramework/AdminConsole/Repositories/Queries/OrganizationUserOrganizationDetailsViewQuery.cs
+++ b/src/Infrastructure.EntityFramework/AdminConsole/Repositories/Queries/OrganizationUserOrganizationDetailsViewQuery.cs
@ -71,6 +71,7 @@ public class OrganizationUserOrganizationDetailsViewQuery : IQuery<OrganizationU
                        // Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
                        LimitCollectionCreationDeletion = o.LimitCollectionCreationDeletion,
                        AllowAdminAccessToAllCollectionItems = o.AllowAdminAccessToAllCollectionItems,
+                        UseRiskInsights = o.UseRiskInsights,
                    };
        return query;
    }
--- a/src/Infrastructure.EntityFramework/AdminConsole/Repositories/Queries/ProviderUserOrganizationDetailsViewQuery.cs
+++ b/src/Infrastructure.EntityFramework/AdminConsole/Repositories/Queries/ProviderUserOrganizationDetailsViewQuery.cs
@ -49,6 +49,7 @@ public class ProviderUserOrganizationDetailsViewQuery : IQuery<ProviderUserOrgan
            // Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
            LimitCollectionCreationDeletion = x.o.LimitCollectionCreationDeletion,
            AllowAdminAccessToAllCollectionItems = x.o.AllowAdminAccessToAllCollectionItems,
+            UseRiskInsights = x.o.UseRiskInsights,
        });
    }
 }
--- a/Procedures/Organization_Create.sql
+++ b/Procedures/Organization_Create.sql
@ -54,7 +54,8 @@ CREATE PROCEDURE [dbo].[Organization_Create]
    @LimitCollectionCreationDeletion BIT = NULL, -- Deprecated https://bitwarden.atlassian.net/browse/PM-10863
    @LimitCollectionCreation BIT = NULL,
    @LimitCollectionDeletion BIT = NULL,
-    @AllowAdminAccessToAllCollectionItems BIT = 0
+    @AllowAdminAccessToAllCollectionItems BIT = 0,
+    @UseRiskInsights BIT = 0
 AS
 BEGIN
    SET NOCOUNT ON
@ -119,7 +120,8 @@ BEGIN
        [LimitCollectionCreationDeletion], -- Deprecated https://bitwarden.atlassian.net/browse/PM-10863
        [LimitCollectionCreation],
        [LimitCollectionDeletion],
-        [AllowAdminAccessToAllCollectionItems]
+        [AllowAdminAccessToAllCollectionItems],
+        [UseRiskInsights]
    )
    VALUES
    (
@ -178,6 +180,7 @@ BEGIN
        COALESCE(@LimitCollectionCreation, @LimitCollectionDeletion, 0), -- Deprecated https://bitwarden.atlassian.net/browse/PM-10863)
        @LimitCollectionCreation,
        @LimitCollectionDeletion,
-        @AllowAdminAccessToAllCollectionItems
+        @AllowAdminAccessToAllCollectionItems,
+        @UseRiskInsights
    )
 END
--- a/Procedures/Organization_ReadAbilities.sql
+++ b/Procedures/Organization_ReadAbilities.sql
@ -24,7 +24,8 @@ BEGIN
        [LimitCollectionCreationDeletion], -- Deprecated https://bitwarden.atlassian.net/browse/PM-10863
        [LimitCollectionCreation],
        [LimitCollectionDeletion],
-        [AllowAdminAccessToAllCollectionItems]
+        [AllowAdminAccessToAllCollectionItems],
+        [UseRiskInsights]
    FROM
        [dbo].[Organization]
 END
--- a/Procedures/Organization_Update.sql
+++ b/Procedures/Organization_Update.sql
@ -54,7 +54,8 @@ CREATE PROCEDURE [dbo].[Organization_Update]
    @LimitCollectionCreationDeletion BIT = null, -- Deprecated https://bitwarden.atlassian.net/browse/PM-10863
    @LimitCollectionCreation BIT = null,
    @LimitCollectionDeletion BIT = null,
-    @AllowAdminAccessToAllCollectionItems BIT = 0
+    @AllowAdminAccessToAllCollectionItems BIT = 0,
+    @UseRiskInsights BIT = 0
 AS
 BEGIN
    SET NOCOUNT ON
@ -119,7 +120,8 @@ BEGIN
        [LimitCollectionCreationDeletion] = COALESCE(@LimitCollectionCreation, @LimitCollectionDeletion, 0),
        [LimitCollectionCreation] = @LimitCollectionCreation,
        [LimitCollectionDeletion] = @LimitCollectionDeletion,
-        [AllowAdminAccessToAllCollectionItems] = @AllowAdminAccessToAllCollectionItems
+        [AllowAdminAccessToAllCollectionItems] = @AllowAdminAccessToAllCollectionItems,
+        [UseRiskInsights] = @UseRiskInsights
    WHERE
        [Id] = @Id
 END
--- a/src/Sql/dbo/Tables/Organization.sql
+++ b/src/Sql/dbo/Tables/Organization.sql
@ -55,6 +55,7 @@ CREATE TABLE [dbo].[Organization] (
    [LimitCollectionCreation]       BIT              NOT NULL CONSTRAINT [DF_Organization_LimitCollectionCreation] DEFAULT (0),
    [LimitCollectionDeletion]       BIT              NOT NULL CONSTRAINT [DF_Organization_LimitCollectionDeletion] DEFAULT (0),
    [AllowAdminAccessToAllCollectionItems]   BIT              NOT NULL CONSTRAINT [DF_Organization_AllowAdminAccessToAllCollectionItems] DEFAULT (0),
+    [UseRiskInsights]               BIT              NOT NULL CONSTRAINT [DF_Organization_UseRiskInsights] DEFAULT (0),
    CONSTRAINT [PK_Organization] PRIMARY KEY CLUSTERED ([Id] ASC)
 );

--- a/src/Sql/dbo/Views/OrganizationUserOrganizationDetailsView.sql
+++ b/src/Sql/dbo/Views/OrganizationUserOrganizationDetailsView.sql
@ -49,7 +49,8 @@ SELECT
    O.[LimitCollectionCreationDeletion], -- Deprecated https://bitwarden.atlassian.net/browse/PM-10863
    O.[LimitCollectionCreation],
    O.[LimitCollectionDeletion],
-    O.[AllowAdminAccessToAllCollectionItems]
+    O.[AllowAdminAccessToAllCollectionItems],
+    O.[UseRiskInsights]
 FROM
    [dbo].[OrganizationUser] OU
 LEFT JOIN
--- a/src/Sql/dbo/Views/ProviderUserProviderOrganizationDetailsView.sql
+++ b/src/Sql/dbo/Views/ProviderUserProviderOrganizationDetailsView.sql
@ -35,7 +35,8 @@ SELECT
    O.[LimitCollectionCreationDeletion], -- Deprecated https://bitwarden.atlassian.net/browse/PM-10863
    O.[LimitCollectionCreation],
    O.[LimitCollectionDeletion],
-    O.[AllowAdminAccessToAllCollectionItems]
+    O.[AllowAdminAccessToAllCollectionItems],
+    O.[UseRiskInsights]
 FROM
    [dbo].[ProviderUser] PU
 INNER JOIN