[PM-19306] - [Vault] In Admin Console Policies area add the remove card item type policy (#15065)

jaasen-livefront · web-flow · commit 7386a4fa9e4c · 2025-06-04T15:51:43.000-07:00
* WIP - add restricted item types policy

* admin console restricted item types

* add comment

* update feature flag

* fix comment
diff --git a/apps/web/src/app/admin-console/organizations/policies/index.ts b/apps/web/src/app/admin-console/organizations/policies/index.ts
@@ -11,3 +11,4 @@ export { SingleOrgPolicy } from "./single-org.component";
 export { TwoFactorAuthenticationPolicy } from "./two-factor-authentication.component";
 export { PoliciesComponent } from "./policies.component";
 export { RemoveUnlockWithPinPolicy } from "./remove-unlock-with-pin.component";
+export { RestrictedItemTypesPolicy } from "./restricted-item-types.component";
diff --git a/apps/web/src/app/admin-console/organizations/policies/policies.component.ts b/apps/web/src/app/admin-console/organizations/policies/policies.component.ts
@@ -15,6 +15,8 @@ import { Organization } from "@bitwarden/common/admin-console/models/domain/orga
 import { PolicyResponse } from "@bitwarden/common/admin-console/models/response/policy.response";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { OrganizationBillingServiceAbstraction } from "@bitwarden/common/billing/abstractions";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { DialogService } from "@bitwarden/components";
 import {
   ChangePlanDialogResultType,
@@ -23,7 +25,7 @@ import {
 import { All } from "@bitwarden/web-vault/app/vault/individual-vault/vault-filter/shared/models/routed-vault-filter.model";
 
 import { PolicyListService } from "../../core/policy-list.service";
-import { BasePolicy } from "../policies";
+import { BasePolicy, RestrictedItemTypesPolicy } from "../policies";
 import { CollectionDialogTabType } from "../shared/components/collection-dialog";
 
 import { PolicyEditComponent, PolicyEditDialogResult } from "./policy-edit.component";
@@ -51,6 +53,7 @@ export class PoliciesComponent implements OnInit {
     private policyListService: PolicyListService,
     private organizationBillingService: OrganizationBillingServiceAbstraction,
     private dialogService: DialogService,
+    private configService: ConfigService,
   ) {}
 
   async ngOnInit() {
@@ -91,6 +94,12 @@ export class PoliciesComponent implements OnInit {
   }
 
   async load() {
+    if (
+      (await this.configService.getFeatureFlag(FeatureFlag.RemoveCardItemTypePolicy)) &&
+      this.policyListService.getPolicies().every((p) => !(p instanceof RestrictedItemTypesPolicy))
+    ) {
+      this.policyListService.addPolicies([new RestrictedItemTypesPolicy()]);
+    }
     const response = await this.policyApiService.getPolicies(this.organizationId);
     this.orgPolicies = response.data != null && response.data.length > 0 ? response.data : [];
     this.orgPolicies.forEach((op) => {
diff --git a/apps/web/src/app/admin-console/organizations/policies/policies.module.ts b/apps/web/src/app/admin-console/organizations/policies/policies.module.ts
@@ -11,6 +11,7 @@ import { PolicyEditComponent } from "./policy-edit.component";
 import { RemoveUnlockWithPinPolicyComponent } from "./remove-unlock-with-pin.component";
 import { RequireSsoPolicyComponent } from "./require-sso.component";
 import { ResetPasswordPolicyComponent } from "./reset-password.component";
+import { RestrictedItemTypesPolicyComponent } from "./restricted-item-types.component";
 import { SendOptionsPolicyComponent } from "./send-options.component";
 import { SingleOrgPolicyComponent } from "./single-org.component";
 import { TwoFactorAuthenticationPolicyComponent } from "./two-factor-authentication.component";
@@ -30,6 +31,7 @@ import { TwoFactorAuthenticationPolicyComponent } from "./two-factor-authenticat
     PoliciesComponent,
     PolicyEditComponent,
     RemoveUnlockWithPinPolicyComponent,
+    RestrictedItemTypesPolicyComponent,
   ],
   exports: [
     DisableSendPolicyComponent,
diff --git a/apps/web/src/app/admin-console/organizations/policies/restricted-item-types.component.html b/apps/web/src/app/admin-console/organizations/policies/restricted-item-types.component.html
@@ -0,0 +1,6 @@
+<bit-form-control>
+  <input type="checkbox" bitCheckbox [formControl]="enabled" id="enabled" />
+  <bit-label>{{ "turnOn" | i18n }}</bit-label>
+</bit-form-control>
+<!-- To allow for multiple item types we can add a data formGroup, iterate over the
+ cipher types as checkboxes/multi-select and use that as a means to track which types are restricted -->
diff --git a/apps/web/src/app/admin-console/organizations/policies/restricted-item-types.component.ts b/apps/web/src/app/admin-console/organizations/policies/restricted-item-types.component.ts
@@ -0,0 +1,23 @@
+import { Component } from "@angular/core";
+
+import { PolicyType } from "@bitwarden/common/admin-console/enums";
+
+import { BasePolicy, BasePolicyComponent } from "./base-policy.component";
+
+export class RestrictedItemTypesPolicy extends BasePolicy {
+  name = "restrictedItemTypesPolicy";
+  description = "restrictedItemTypesPolicyDesc";
+  type = PolicyType.RestrictedItemTypesPolicy;
+  component = RestrictedItemTypesPolicyComponent;
+}
+
+@Component({
+  selector: "policy-restricted-item-types",
+  templateUrl: "restricted-item-types.component.html",
+  standalone: false,
+})
+export class RestrictedItemTypesPolicyComponent extends BasePolicyComponent {
+  constructor() {
+    super();
+  }
+}
diff --git a/apps/web/src/locales/en/messages.json b/apps/web/src/locales/en/messages.json
@@ -2154,6 +2154,12 @@
   "twoStepLoginRecoveryWarning": {
     "message": "Setting up two-step login can permanently lock you out of your Bitwarden account. A recovery code allows you to access your account in the event that you can no longer use your normal two-step login provider (example: you lose your device). Bitwarden support will not be able to assist you if you lose access to your account. We recommend you write down or print the recovery code and keep it in a safe place."
   },
+  "restrictedItemTypesPolicy": {
+    "message": "Remove card item type"
+  },
+  "restrictedItemTypesPolicyDesc": {
+    "message": "Do not allow members to create card item types."
+  },
   "yourSingleUseRecoveryCode": {
     "message": "Your single-use recovery code can be used to turn off two-step login in the event that you lose access to your two-step login provider. Bitwarden recommends you write down the recovery code and keep it in a safe place."
   },
diff --git a/libs/common/src/admin-console/enums/policy-type.enum.ts b/libs/common/src/admin-console/enums/policy-type.enum.ts
@@ -16,4 +16,5 @@ export enum PolicyType {
   AutomaticAppLogIn = 12, // Enables automatic log in of apps from configured identity provider
   FreeFamiliesSponsorshipPolicy = 13, // Disables free families plan for organization
   RemoveUnlockWithPin = 14, // Do not allow members to unlock their account with a PIN.
+  RestrictedItemTypesPolicy = 15, // Restricts item types that can be created within an organization
 }

Original file line number	Diff line number	Diff line change
`@@ -16,4 +16,5 @@ export enum PolicyType {`
`16`	`16`	`AutomaticAppLogIn = 12, // Enables automatic log in of apps from configured identity provider`
`17`	`17`	`FreeFamiliesSponsorshipPolicy = 13, // Disables free families plan for organization`
`18`	`18`	`RemoveUnlockWithPin = 14, // Do not allow members to unlock their account with a PIN.`
	`19`	`+ RestrictedItemTypesPolicy = 15, // Restricts item types that can be created within an organization`
`19`	`20`	`}`