PM-9155: Hide the vault filter when personal ownership and single organization policies apply (#777)

Author: matt-livefront

BitwardenShared/Core/Platform/Services/ServiceContainer.swift

@@ -523,6 +523,7 @@ public class ServiceContainer: Services { // swiftlint:disable:this type_body_le
             errorReporter: errorReporter,
             folderService: folderService,
             organizationService: organizationService,
+            policyService: policyService,
             settingsService: settingsService,
             stateService: stateService,
             syncService: syncService,

BitwardenShared/Core/Vault/Repositories/TestHelpers/MockVaultRepository.swift

@@ -10,6 +10,8 @@ class MockVaultRepository: VaultRepository {
     var addCipherCiphers = [CipherView]()
     var addCipherResult: Result<Void, Error> = .success(())
 
+    var canShowVaultFilter = true
+
     var ciphersAutofillPublisherUriCalled: String?
     var ciphersSubject = CurrentValueSubject<[CipherListView], Error>([])
     var ciphersAutofillSubject = CurrentValueSubject<[BitwardenShared.VaultListSection], Error>([])
@@ -113,6 +115,10 @@ class MockVaultRepository: VaultRepository {
         try addCipherResult.get()
     }
 
+    func canShowVaultFilter() async -> Bool {
+        canShowVaultFilter
+    }
+
     func cipherPublisher() async throws -> AsyncThrowingPublisher<AnyPublisher<[CipherListView], Error>> {
         ciphersSubject.eraseToAnyPublisher().values
     }

BitwardenShared/Core/Vault/Repositories/VaultRepository.swift

@@ -27,6 +27,14 @@ public protocol VaultRepository: AnyObject {
     ///
     func addCipher(_ cipher: CipherView) async throws
 
+    /// Whether the vault filter can be shown to the user. It might not be shown to the user if the
+    /// policies are set up to disable personal vault ownership and only allow the user to be in a
+    /// single organization.
+    ///
+    /// - Returns: `true` if the vault filter can be shown.
+    ///
+    func canShowVaultFilter() async -> Bool
+
     /// Removes any temporarily downloaded attachments.
     func clearTemporaryDownloads()
 
@@ -322,6 +330,9 @@ class DefaultVaultRepository { // swiftlint:disable:this type_body_length
     /// The service used to manage syncing and updates to the user's organizations.
     private let organizationService: OrganizationService
 
+    /// The service for managing the polices for the user.
+    private let policyService: PolicyService
+
     /// The service used by the application to manage user settings.
     let settingsService: SettingsService
 
@@ -350,6 +361,7 @@ class DefaultVaultRepository { // swiftlint:disable:this type_body_length
     ///   - errorReporter: The service used by the application to report non-fatal errors.
     ///   - folderService: The service used to manage syncing and updates to the user's folders.
     ///   - organizationService: The service used to manage syncing and updates to the user's organizations.
+    ///   - policyService: The service for managing the polices for the user.
     ///   - settingsService: The service used by the application to manage user settings.
     ///   - stateService: The service used by the application to manage account state.
     ///   - syncService: The service used to handle syncing vault data with the API.
@@ -365,6 +377,7 @@ class DefaultVaultRepository { // swiftlint:disable:this type_body_length
         errorReporter: ErrorReporter,
         folderService: FolderService,
         organizationService: OrganizationService,
+        policyService: PolicyService,
         settingsService: SettingsService,
         stateService: StateService,
         syncService: SyncService,
@@ -379,6 +392,7 @@ class DefaultVaultRepository { // swiftlint:disable:this type_body_length
         self.errorReporter = errorReporter
         self.folderService = folderService
         self.organizationService = organizationService
+        self.policyService = policyService
         self.settingsService = settingsService
         self.stateService = stateService
         self.syncService = syncService
@@ -919,6 +933,12 @@ extension DefaultVaultRepository: VaultRepository {
         try await cipherService.addCipherWithServer(cipher)
     }
 
+    func canShowVaultFilter() async -> Bool {
+        let disablePersonalOwnership = await policyService.policyAppliesToUser(.personalOwnership)
+        let singleOrg = await policyService.policyAppliesToUser(.onlyOrg)
+        return !(disablePersonalOwnership && singleOrg)
+    }
+
     func clearTemporaryDownloads() {
         Task {
             do {

BitwardenShared/Core/Vault/Repositories/VaultRepositoryTests.swift

@@ -21,6 +21,7 @@ class VaultRepositoryTests: BitwardenTestCase { // swiftlint:disable:this type_b
     var now: Date!
     var premiumAccount = Account.fixture(profile: .fixture(hasPremiumPersonally: true))
     var organizationService: MockOrganizationService!
+    var policyService: MockPolicyService!
     var stateService: MockStateService!
     var subject: DefaultVaultRepository!
     var syncService: MockSyncService!
@@ -44,6 +45,7 @@ class VaultRepositoryTests: BitwardenTestCase { // swiftlint:disable:this type_b
         folderService = MockFolderService()
         now = Date(year: 2024, month: 1, day: 18)
         organizationService = MockOrganizationService()
+        policyService = MockPolicyService()
         syncService = MockSyncService()
         timeProvider = MockTimeProvider(.mockTime(now))
         vaultTimeoutService = MockVaultTimeoutService()
@@ -59,6 +61,7 @@ class VaultRepositoryTests: BitwardenTestCase { // swiftlint:disable:this type_b
             errorReporter: errorReporter,
             folderService: folderService,
             organizationService: organizationService,
+            policyService: policyService,
             settingsService: MockSettingsService(),
             stateService: stateService,
             syncService: syncService,
@@ -81,6 +84,7 @@ class VaultRepositoryTests: BitwardenTestCase { // swiftlint:disable:this type_b
         fido2UserInterfaceHelper = nil
         folderService = nil
         organizationService = nil
+        policyService = nil
         now = nil
         stateService = nil
         subject = nil
@@ -109,6 +113,42 @@ class VaultRepositoryTests: BitwardenTestCase { // swiftlint:disable:this type_b
         }
     }
 
+    /// `canShowVaultFilter()` returns true if only org and personal ownership policies are disabled.
+    func test_canShowVaultFilter_onlyOrgAndPersonalOwnershipDisabled() async {
+        policyService.policyAppliesToUserResult[.onlyOrg] = false
+        policyService.policyAppliesToUserResult[.personalOwnership] = false
+
+        let canShowVaultFilter = await subject.canShowVaultFilter()
+        XCTAssertTrue(canShowVaultFilter)
+    }
+
+    /// `canShowVaultFilter()` returns false if the only org and personal ownership policies are enabled.
+    func test_canShowVaultFilter_onlyOrgAndPersonalOwnershipEnabled() async {
+        policyService.policyAppliesToUserResult[.onlyOrg] = true
+        policyService.policyAppliesToUserResult[.personalOwnership] = true
+
+        let canShowVaultFilter = await subject.canShowVaultFilter()
+        XCTAssertFalse(canShowVaultFilter)
+    }
+
+    /// `canShowVaultFilter()` returns false if the only org is enabled but not personal ownership.
+    func test_canShowVaultFilter_onlyOrgEnabled() async {
+        policyService.policyAppliesToUserResult[.onlyOrg] = true
+        policyService.policyAppliesToUserResult[.personalOwnership] = false
+
+        let canShowVaultFilter = await subject.canShowVaultFilter()
+        XCTAssertTrue(canShowVaultFilter)
+    }
+
+    /// `canShowVaultFilter()` returns false if the personal ownership is enabled but not only org.
+    func test_canShowVaultFilter_personalOwnershipEnabled() async {
+        policyService.policyAppliesToUserResult[.onlyOrg] = false
+        policyService.policyAppliesToUserResult[.personalOwnership] = true
+
+        let canShowVaultFilter = await subject.canShowVaultFilter()
+        XCTAssertTrue(canShowVaultFilter)
+    }
+
     /// `cipherPublisher()` returns a publisher for the list of a user's ciphers.
     func test_cipherPublisher() async throws {
         let ciphers: [Cipher] = [.fixture(name: "Bitwarden")]

BitwardenShared/UI/Platform/Tabs/TabCoordinator.swift

@@ -164,7 +164,8 @@ final class TabCoordinator: Coordinator, HasTabNavigator {
             do {
                 for try await organizations in try await vaultRepository.organizationsPublisher() {
                     guard let navigator = tabNavigator?.navigator(for: TabRoute.vault(.list)) else { return }
-                    if organizations.isEmpty {
+                    let canShowVaultFilter = await vaultRepository.canShowVaultFilter()
+                    if organizations.isEmpty || !canShowVaultFilter {
                         navigator.rootViewController?.title = Localizations.myVault
                     } else {
                         navigator.rootViewController?.title = Localizations.vaults

BitwardenShared/UI/Platform/Tabs/TabCoordinatorTests.swift

@@ -167,6 +167,24 @@ class TabCoordinatorTests: BitwardenTestCase {
         XCTAssertEqual(viewController.title, Localizations.vaults)
     }
 
+    /// `start()` subscribes to the organization publisher and updates the vault navigation bar
+    /// title if the vault filter can't be shown.
+    func test_start_organizationsCanShowVaultFilterDisabled() {
+        let mockRoot = MockRootNavigator()
+        let viewController = UIViewController()
+        mockRoot.rootViewController = viewController
+        tabNavigator.navigatorForTabReturns = mockRoot
+        vaultRepository.canShowVaultFilter = false
+        vaultRepository.organizationsSubject = .init([
+            .fixture(),
+        ])
+
+        subject.start()
+
+        waitFor(viewController.title != nil)
+        XCTAssertEqual(viewController.title, Localizations.myVault)
+    }
+
     /// `start()` presents the tab navigator within the root navigator and starts the child-coordinators.
     func test_start_organizationsError() throws {
         let mockRoot = MockRootNavigator()

BitwardenShared/UI/Vault/Vault/VaultGroup/VaultGroupProcessor.swift

@@ -158,6 +158,7 @@ final class VaultGroupProcessor: StateProcessor<
     private func checkPersonalOwnershipPolicy() async {
         let isPersonalOwnershipDisabled = await services.policyService.policyAppliesToUser(.personalOwnership)
         state.isPersonalOwnershipDisabled = isPersonalOwnershipDisabled
+        state.canShowVaultFilter = await services.vaultRepository.canShowVaultFilter()
     }
 
     /// Refreshes the vault group's TOTP Codes.

BitwardenShared/UI/Vault/Vault/VaultGroup/VaultGroupProcessorTests.swift

@@ -143,6 +143,43 @@ class VaultGroupProcessorTests: BitwardenTestCase { // swiftlint:disable:this ty
         XCTAssertTrue(subject.state.isPersonalOwnershipDisabled)
     }
 
+    /// `perform(_:)` with `appeared` determines whether the vault filter can be shown based on
+    /// policy settings.
+    func test_perform_appeared_policyCanShowVaultFilterDisabled() {
+        vaultRepository.canShowVaultFilter = false
+        subject.state.organizations = [.fixture()]
+
+        let task = Task {
+            await subject.perform(.appeared)
+        }
+        waitFor(subject.state.loadingState == .data([]))
+        task.cancel()
+
+        XCTAssertFalse(subject.state.canShowVaultFilter)
+        XCTAssertFalse(subject.state.vaultFilterState.canShowVaultFilter)
+        XCTAssertEqual(subject.state.vaultFilterState.vaultFilterOptions, [])
+    }
+
+    /// `perform(_:)` with `appeared` determines whether the vault filter can be shown based on
+    /// policy settings.
+    func test_perform_appeared_policyCanShowVaultFilterEnabled() {
+        vaultRepository.canShowVaultFilter = true
+        subject.state.organizations = [.fixture()]
+
+        let task = Task {
+            await subject.perform(.appeared)
+        }
+        waitFor(subject.state.loadingState == .data([]))
+        task.cancel()
+
+        XCTAssertTrue(subject.state.canShowVaultFilter)
+        XCTAssertTrue(subject.state.vaultFilterState.canShowVaultFilter)
+        XCTAssertEqual(
+            subject.state.vaultFilterState.vaultFilterOptions,
+            [.allVaults, .myVault, .organization(.fixture())]
+        )
+    }
+
     /// `perform(_:)` with `.morePressed` has the vault item more options helper display the alert.
     func test_perform_morePressed() async throws {
         await subject.perform(.morePressed(.fixture()))

BitwardenShared/UI/Vault/Vault/VaultGroup/VaultGroupState.swift

@@ -6,6 +6,9 @@ import Foundation
 struct VaultGroupState: Equatable {
     // MARK: Properties
 
+    /// Whether the vault filter can be shown.
+    var canShowVaultFilter = true
+
     /// Whether there is data for the vault group.
     var emptyData: Bool {
         loadingState.data.isEmptyOrNil
@@ -83,6 +86,16 @@ struct VaultGroupState: Equatable {
     /// The url to open in the device's web browser.
     var url: URL?
 
+    /// The state for showing the vault filter.
+    var vaultFilterState: SearchVaultFilterRowState {
+        SearchVaultFilterRowState(
+            canShowVaultFilter: canShowVaultFilter,
+            isPersonalOwnershipDisabled: isPersonalOwnershipDisabled,
+            organizations: organizations,
+            searchVaultFilterType: searchVaultFilterType
+        )
+    }
+
     /// The vault filter used to display a single or all vaults for the user.
     let vaultFilterType: VaultFilterType
 }

BitwardenShared/UI/Vault/Vault/VaultGroup/VaultGroupView.swift

@@ -156,13 +156,7 @@ struct VaultGroupView: View {
     private var searchVaultFilterRow: some View {
         SearchVaultFilterRowView(
             hasDivider: true, store: store.child(
-                state: { state in
-                    SearchVaultFilterRowState(
-                        organizations: state.organizations,
-                        searchVaultFilterType: state.searchVaultFilterType,
-                        isPersonalOwnershipDisabled: state.isPersonalOwnershipDisabled
-                    )
-                },
+                state: \.vaultFilterState,
                 mapAction: { action in
                     switch action {
                     case let .searchVaultFilterChanged(type):

BitwardenShared/UI/Vault/Vault/VaultList/SearchVaultFilterRowView/SearchVaultFilterRowState.swift

@@ -5,19 +5,22 @@
 struct SearchVaultFilterRowState: Equatable {
     // MARK: Properties
 
+    /// Whether the vault filter can be shown.
+    var canShowVaultFilter = true
+
+    /// Whether the policy is enforced to disable personal vault ownership.
+    var isPersonalOwnershipDisabled: Bool = false
+
     /// The list of organizations the user is a member of.
     var organizations: [Organization] = []
 
     /// The search vault filter used to display a single or all vaults for the user.
     var searchVaultFilterType: VaultFilterType = .allVaults
 
-    /// Whether the policy is enforced to disable personal vault ownership.
-    var isPersonalOwnershipDisabled: Bool = false
-
     /// The list of vault filter options that can be used to filter the vault, if the user is a
     /// member of any organizations.
     var vaultFilterOptions: [VaultFilterType] {
-        guard !organizations.isEmpty else { return [] }
+        guard !organizations.isEmpty, canShowVaultFilter else { return [] }
 
         let sortedOrganizations = organizations
             .sorted { $0.name.localizedStandardCompare($1.name) == .orderedAscending }

BitwardenShared/UI/Vault/Vault/VaultList/SearchVaultFilterRowView/SearchVaultFilterRowStateTests.swift

@@ -45,4 +45,34 @@ class SearchVaultFilterRowStateTests: BitwardenTestCase {
             ]
         )
     }
+
+    /// `vaultFilterOptions` returns no filter options if organizations exist but the filter should be hidden.
+    func test_vaultFilterOptions_organizationsShouldNotShowVaultFilter() {
+        subject.organizations = [
+            Organization.fixture(id: "1", name: "Org 1"),
+            Organization.fixture(id: "2", name: "Test Org"),
+            Organization.fixture(id: "3", name: "ABC Org"),
+        ]
+        subject.canShowVaultFilter = false
+        XCTAssertEqual(subject.vaultFilterOptions, [])
+    }
+
+    /// `vaultFilterOptions` returns the filter organization filter options if personal ownership is disabled.
+    func test_vaultFilterOptions_personalOwnershipDisabled() {
+        subject.organizations = [
+            Organization.fixture(id: "1", name: "Org 1"),
+            Organization.fixture(id: "2", name: "Test Org"),
+            Organization.fixture(id: "3", name: "ABC Org"),
+        ]
+        subject.isPersonalOwnershipDisabled = true
+        XCTAssertEqual(
+            subject.vaultFilterOptions,
+            [
+                .allVaults,
+                .organization(Organization.fixture(id: "3", name: "ABC Org")),
+                .organization(Organization.fixture(id: "1", name: "Org 1")),
+                .organization(Organization.fixture(id: "2", name: "Test Org")),
+            ]
+        )
+    }
 }

BitwardenShared/UI/Vault/Vault/VaultList/VaultListProcessor.swift

@@ -179,6 +179,7 @@ extension VaultListProcessor {
     private func checkPersonalOwnershipPolicy() async {
         let isPersonalOwnershipDisabled = await services.policyService.policyAppliesToUser(.personalOwnership)
         state.isPersonalOwnershipDisabled = isPersonalOwnershipDisabled
+        state.canShowVaultFilter = await services.vaultRepository.canShowVaultFilter()
     }
 
     /// Checks if we need to display the unassigned ciphers alert, and displays if necessary.