diff --git a/src/Admin/AdminConsole/Controllers/ProvidersController.cs b/src/Admin/AdminConsole/Controllers/ProvidersController.cs index d58d132bbc..160af7893e 100644 --- a/src/Admin/AdminConsole/Controllers/ProvidersController.cs +++ b/src/Admin/AdminConsole/Controllers/ProvidersController.cs @@ -305,9 +305,8 @@ public class ProvidersController : Controller return RedirectToAction("Index"); } - var flexibleCollectionsSignupEnabled = _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsSignup); var flexibleCollectionsV1Enabled = _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1); - var organization = model.CreateOrganization(provider, flexibleCollectionsSignupEnabled, flexibleCollectionsV1Enabled); + var organization = model.CreateOrganization(provider, flexibleCollectionsV1Enabled); await _organizationService.CreatePendingOrganization(organization, model.Owners, User, _userService, model.SalesAssistedTrialStarted); await _providerService.AddOrganization(providerId, organization.Id, null); diff --git a/src/Admin/AdminConsole/Models/OrganizationEditModel.cs b/src/Admin/AdminConsole/Models/OrganizationEditModel.cs index abb7bdaa6c..54d13d8196 100644 --- a/src/Admin/AdminConsole/Models/OrganizationEditModel.cs +++ b/src/Admin/AdminConsole/Models/OrganizationEditModel.cs @@ -162,19 +162,18 @@ public class OrganizationEditModel : OrganizationViewModel { "baseServiceAccount", p.SecretsManager.BaseServiceAccount } }); - public Organization CreateOrganization(Provider provider, bool flexibleCollectionsSignupEnabled, bool flexibleCollectionsV1Enabled) + public Organization CreateOrganization(Provider provider, bool flexibleCollectionsV1Enabled) { BillingEmail = provider.BillingEmail; var newOrg = new Organization { - // This feature flag indicates that new organizations should be automatically onboarded to - // Flexible Collections enhancements - FlexibleCollections = flexibleCollectionsSignupEnabled, - // These collection management settings smooth the migration for existing organizations by disabling some FC behavior. - // If the organization is onboarded to Flexible Collections on signup, we turn them OFF to enable all new behaviour. - // If the organization is NOT onboarded now, they will have to be migrated later, so they default to ON to limit FC changes on migration. - LimitCollectionCreationDeletion = !flexibleCollectionsSignupEnabled, + // Flexible Collections MVP is fully released and all organizations must always have this setting enabled. + // AC-1714 will remove this flag after all old code has been removed. + FlexibleCollections = true, + + // This is a transitional setting that defaults to ON until Flexible Collections v1 is released + // (to preserve existing behavior) and defaults to OFF after release (enabling new behavior) AllowAdminAccessToAllCollectionItems = !flexibleCollectionsV1Enabled }; return ToOrganization(newOrg); diff --git a/src/Core/AdminConsole/Entities/Organization.cs b/src/Core/AdminConsole/Entities/Organization.cs index fc8e515bd9..f12baf5729 100644 --- a/src/Core/AdminConsole/Entities/Organization.cs +++ b/src/Core/AdminConsole/Entities/Organization.cs @@ -86,20 +86,20 @@ public class Organization : ITableObject, IStorableSubscriber, IRevisable, public int? MaxAutoscaleSmSeats { get; set; } public int? MaxAutoscaleSmServiceAccounts { get; set; } /// - /// Refers to the ability for an organization to limit collection creation and deletion to owners and admins only + /// If set to true, only owners, admins, and some custom users can create and delete collections. + /// If set to false, any organization member can create a collection, and any member can delete a collection that + /// they have Can Manage permissions for. /// public bool LimitCollectionCreationDeletion { get; set; } /// - /// Refers to the ability for an organization to limit owner/admin access to all collection items - /// - /// True: Owner/admins can access all items belonging to any collections - /// False: Owner/admins can only access items for collections they are assigned - /// + /// If set to true, admins, owners, and some custom users can read/write all collections and items in the Admin Console. + /// If set to false, users generally need collection-level permissions to read/write a collection or its items. /// public bool AllowAdminAccessToAllCollectionItems { get; set; } /// - /// True if the organization is using the Flexible Collections permission changes, false otherwise. - /// For existing organizations, this must only be set to true once data migrations have been run for this organization. + /// This is an organization-level feature flag (not controlled via LaunchDarkly) to onboard organizations to the + /// Flexible Collections MVP changes. This has been fully released and must always be set to TRUE for all organizations. + /// AC-1714 will remove this flag after all old code has been removed. /// public bool FlexibleCollections { get; set; } diff --git a/src/Core/AdminConsole/Services/Implementations/OrganizationService.cs b/src/Core/AdminConsole/Services/Implementations/OrganizationService.cs index f32b29d83e..e71b9c1beb 100644 --- a/src/Core/AdminConsole/Services/Implementations/OrganizationService.cs +++ b/src/Core/AdminConsole/Services/Implementations/OrganizationService.cs @@ -438,9 +438,6 @@ public class OrganizationService : IOrganizationService ValidatePlan(plan, signup.AdditionalSeats, "Password Manager"); - var flexibleCollectionsSignupEnabled = - _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsSignup); - var flexibleCollectionsV1Enabled = _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1); @@ -482,14 +479,12 @@ public class OrganizationService : IOrganizationService // Secrets Manager not available for purchase with Consolidated Billing. UseSecretsManager = false, - // This feature flag indicates that new organizations should be automatically onboarded to - // Flexible Collections enhancements - FlexibleCollections = flexibleCollectionsSignupEnabled, + // Flexible Collections MVP is fully released and all organizations must always have this setting enabled. + // AC-1714 will remove this flag after all old code has been removed. + FlexibleCollections = true, - // These collection management settings smooth the migration for existing organizations by disabling some FC behavior. - // If the organization is onboarded to Flexible Collections on signup, we turn them OFF to enable all new behaviour. - // If the organization is NOT onboarded now, they will have to be migrated later, so they default to ON to limit FC changes on migration. - LimitCollectionCreationDeletion = !flexibleCollectionsSignupEnabled, + // This is a transitional setting that defaults to ON until Flexible Collections v1 is released + // (to preserve existing behavior) and defaults to OFF after release (enabling new behavior) AllowAdminAccessToAllCollectionItems = !flexibleCollectionsV1Enabled }; @@ -533,9 +528,6 @@ public class OrganizationService : IOrganizationService await ValidateSignUpPoliciesAsync(signup.Owner.Id); } - var flexibleCollectionsSignupEnabled = - _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsSignup); - var flexibleCollectionsV1IsEnabled = _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsV1); @@ -577,14 +569,12 @@ public class OrganizationService : IOrganizationService UsePasswordManager = true, UseSecretsManager = signup.UseSecretsManager, - // This feature flag indicates that new organizations should be automatically onboarded to - // Flexible Collections enhancements - FlexibleCollections = flexibleCollectionsSignupEnabled, + // Flexible Collections MVP is fully released and all organizations must always have this setting enabled. + // AC-1714 will remove this flag after all old code has been removed. + FlexibleCollections = true, - // These collection management settings smooth the migration for existing organizations by disabling some FC behavior. - // If the organization is onboarded to Flexible Collections on signup, we turn them OFF to enable all new behaviour. - // If the organization is NOT onboarded now, they will have to be migrated later, so they default to ON to limit FC changes on migration. - LimitCollectionCreationDeletion = !flexibleCollectionsSignupEnabled, + // This is a transitional setting that defaults to ON until Flexible Collections v1 is released + // (to preserve existing behavior) and defaults to OFF after release (enabling new behavior) AllowAdminAccessToAllCollectionItems = !flexibleCollectionsV1IsEnabled }; @@ -665,9 +655,6 @@ public class OrganizationService : IOrganizationService await ValidateSignUpPoliciesAsync(owner.Id); - var flexibleCollectionsSignupEnabled = - _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollectionsSignup); - var organization = new Organization { Name = license.Name, @@ -713,7 +700,7 @@ public class OrganizationService : IOrganizationService // This feature flag indicates that new organizations should be automatically onboarded to // Flexible Collections enhancements - FlexibleCollections = flexibleCollectionsSignupEnabled, + FlexibleCollections = true, }; var result = await SignUpAsync(organization, owner.Id, ownerKey, collectionName, false); diff --git a/src/Core/Constants.cs b/src/Core/Constants.cs index a95d0290c0..6804a9a223 100644 --- a/src/Core/Constants.cs +++ b/src/Core/Constants.cs @@ -115,10 +115,6 @@ public static class FeatureFlagKeys public const string KeyRotationImprovements = "key-rotation-improvements"; public const string DuoRedirect = "duo-redirect"; /// - /// Enables flexible collections improvements for new organizations on creation - /// - public const string FlexibleCollectionsSignup = "flexible-collections-signup"; - /// /// Exposes a migration button in the web vault which allows users to migrate an existing organization to /// flexible collections /// @@ -151,8 +147,7 @@ public static class FeatureFlagKeys return new Dictionary() { { DuoRedirect, "true" }, - { UnassignedItemsBanner, "true"}, - { FlexibleCollectionsSignup, "true" } + { UnassignedItemsBanner, "true"} }; } } diff --git a/test/Core.Test/AdminConsole/Services/OrganizationServiceTests.cs b/test/Core.Test/AdminConsole/Services/OrganizationServiceTests.cs index db6805c097..48a66dff0e 100644 --- a/test/Core.Test/AdminConsole/Services/OrganizationServiceTests.cs +++ b/test/Core.Test/AdminConsole/Services/OrganizationServiceTests.cs @@ -252,7 +252,7 @@ public class OrganizationServiceTests [Theory] [BitAutoData(PlanType.FamiliesAnnually)] - public async Task SignUp_WithFlexibleCollections_SetsAccessAllToFalse + public async Task SignUp_EnablesFlexibleCollectionsFeatures (PlanType planType, OrganizationSignup signup, SutProvider sutProvider) { signup.Plan = planType; @@ -261,10 +261,6 @@ public class OrganizationServiceTests signup.PremiumAccessAddon = false; signup.UseSecretsManager = false; - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.FlexibleCollectionsSignup) - .Returns(true); - // Extract orgUserId when created Guid? orgUserId = null; await sutProvider.GetDependency() @@ -272,6 +268,10 @@ public class OrganizationServiceTests var result = await sutProvider.Sut.SignUpAsync(signup); + // Assert: Organization.FlexibleCollections is enabled + await sutProvider.GetDependency().Received(1) + .CreateAsync(Arg.Is(o => o.FlexibleCollections)); + // Assert: AccessAll is not used await sutProvider.GetDependency().Received(1).CreateAsync( Arg.Is(o => @@ -295,33 +295,6 @@ public class OrganizationServiceTests Assert.NotNull(result.Item2); } - [Theory] - [BitAutoData(PlanType.FamiliesAnnually)] - public async Task SignUp_WithoutFlexibleCollections_SetsAccessAllToTrue - (PlanType planType, OrganizationSignup signup, SutProvider sutProvider) - { - signup.Plan = planType; - var plan = StaticStore.GetPlan(signup.Plan); - signup.AdditionalSeats = 0; - signup.PaymentMethodType = PaymentMethodType.Card; - signup.PremiumAccessAddon = false; - signup.UseSecretsManager = false; - - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.FlexibleCollectionsSignup) - .Returns(false); - - var result = await sutProvider.Sut.SignUpAsync(signup); - - await sutProvider.GetDependency().Received(1).CreateAsync( - Arg.Is(o => - o.UserId == signup.Owner.Id && - o.AccessAll == true)); - - Assert.NotNull(result.Item1); - Assert.NotNull(result.Item2); - } - [Theory] [BitAutoData(PlanType.EnterpriseAnnually)] [BitAutoData(PlanType.EnterpriseMonthly)]