Add limit item deletion organization setting migration (#5283)

2025-06-30 07:36:14 -05:00 · 2025-01-21 15:51:34 -05:00
parent 7462352e18
commit 4069ac3a4b
17 changed files with 9589 additions and 8 deletions
--- a/src/Core/AdminConsole/Entities/Organization.cs
+++ b/src/Core/AdminConsole/Entities/Organization.cs
@ -103,6 +103,12 @@ public class Organization : ITableObject<Guid>, IStorableSubscriber, IRevisable,
    /// </summary>
    public bool AllowAdminAccessToAllCollectionItems { get; set; }

+    /// <summary>
+    /// If set to true, members can only delete items when they have a Can Manage permission over the collection.
+    /// If set to false, members can delete items when they have a Can Manage OR Can Edit permission over the collection.
+    /// </summary>
+    public bool LimitItemDeletion { get; set; }
+
    /// <summary>
    /// Risk Insights is a reporting feature that provides insights into the security of an organization's vault.
    /// </summary>
--- a/Procedures/Organization_Create.sql
+++ b/Procedures/Organization_Create.sql
@ -54,7 +54,8 @@ CREATE PROCEDURE [dbo].[Organization_Create]
    @LimitCollectionCreation BIT = NULL,
    @LimitCollectionDeletion BIT = NULL,
    @AllowAdminAccessToAllCollectionItems BIT = 0,
-    @UseRiskInsights BIT = 0
+    @UseRiskInsights BIT = 0,
+    @LimitItemDeletion BIT = 0
 AS
 BEGIN
    SET NOCOUNT ON
@ -116,7 +117,8 @@ BEGIN
        [LimitCollectionCreation],
        [LimitCollectionDeletion],
        [AllowAdminAccessToAllCollectionItems],
-        [UseRiskInsights]
+        [UseRiskInsights],
+        [LimitItemDeletion]
    )
    VALUES
    (
@ -175,6 +177,7 @@ BEGIN
        @LimitCollectionCreation,
        @LimitCollectionDeletion,
        @AllowAdminAccessToAllCollectionItems,
-        @UseRiskInsights
+        @UseRiskInsights,
+        @LimitItemDeletion
    )
 END
--- a/Procedures/Organization_ReadAbilities.sql
+++ b/Procedures/Organization_ReadAbilities.sql
@ -24,7 +24,8 @@ BEGIN
        [LimitCollectionCreation],
        [LimitCollectionDeletion],
        [AllowAdminAccessToAllCollectionItems],
-        [UseRiskInsights]
+        [UseRiskInsights],
+        [LimitItemDeletion]
    FROM
        [dbo].[Organization]
 END
--- a/Procedures/Organization_Update.sql
+++ b/Procedures/Organization_Update.sql
@ -54,7 +54,8 @@ CREATE PROCEDURE [dbo].[Organization_Update]
    @LimitCollectionCreation BIT = null,
    @LimitCollectionDeletion BIT = null,
    @AllowAdminAccessToAllCollectionItems BIT = 0,
-    @UseRiskInsights BIT = 0
+    @UseRiskInsights BIT = 0,
+    @LimitItemDeletion BIT = 0
 AS
 BEGIN
    SET NOCOUNT ON
@ -116,7 +117,8 @@ BEGIN
        [LimitCollectionCreation] = @LimitCollectionCreation,
        [LimitCollectionDeletion] = @LimitCollectionDeletion,
        [AllowAdminAccessToAllCollectionItems] = @AllowAdminAccessToAllCollectionItems,
-        [UseRiskInsights] = @UseRiskInsights
+        [UseRiskInsights] = @UseRiskInsights,
+        [LimitItemDeletion] = @LimitItemDeletion
    WHERE
        [Id] = @Id
 END
--- a/src/Sql/dbo/Tables/Organization.sql
+++ b/src/Sql/dbo/Tables/Organization.sql
@ -53,6 +53,7 @@ CREATE TABLE [dbo].[Organization] (
    [SecretsManagerBeta]            BIT              NOT NULL CONSTRAINT [DF_Organization_SecretsManagerBeta] DEFAULT (0),
    [LimitCollectionCreation]       BIT              NOT NULL CONSTRAINT [DF_Organization_LimitCollectionCreation] DEFAULT (0),
    [LimitCollectionDeletion]       BIT              NOT NULL CONSTRAINT [DF_Organization_LimitCollectionDeletion] DEFAULT (0),
+    [LimitItemDeletion]             BIT              NOT NULL CONSTRAINT [DF_Organization_LimitItemDeletion] DEFAULT (0),
    [AllowAdminAccessToAllCollectionItems]   BIT              NOT NULL CONSTRAINT [DF_Organization_AllowAdminAccessToAllCollectionItems] DEFAULT (0),
    [UseRiskInsights]               BIT              NOT NULL CONSTRAINT [DF_Organization_UseRiskInsights] DEFAULT (0),
    CONSTRAINT [PK_Organization] PRIMARY KEY CLUSTERED ([Id] ASC)
--- a/src/Sql/dbo/Views/OrganizationUserOrganizationDetailsView.sql
+++ b/src/Sql/dbo/Views/OrganizationUserOrganizationDetailsView.sql
@ -49,7 +49,8 @@ SELECT
    O.[LimitCollectionCreation],
    O.[LimitCollectionDeletion],
    O.[AllowAdminAccessToAllCollectionItems],
-    O.[UseRiskInsights]
+    O.[UseRiskInsights],
+    O.[LimitItemDeletion]
 FROM
    [dbo].[OrganizationUser] OU
 LEFT JOIN
--- a/src/Sql/dbo/Views/ProviderUserProviderOrganizationDetailsView.sql
+++ b/src/Sql/dbo/Views/ProviderUserProviderOrganizationDetailsView.sql
@ -36,7 +36,8 @@ SELECT
    O.[LimitCollectionDeletion],
    O.[AllowAdminAccessToAllCollectionItems],
    O.[UseRiskInsights],
-    P.[Type] ProviderType
+    P.[Type] ProviderType,
+    O.[LimitItemDeletion]
 FROM
    [dbo].[ProviderUser] PU
 INNER JOIN