Skip to content

[PM-25379] Refactor org metadata #6441

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Oct 13, 2025
Merged

[PM-25379] Refactor org metadata #6441

merged 9 commits into from
Oct 13, 2025

Conversation

kdenney
Copy link
Contributor

@kdenney kdenney commented Oct 10, 2025
edited
Loading

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-25379

📔 Objective

Note: this is a copy of PR #6418 as that one had to be reverted because it was merged too early. This PR will not be merged until the clients PR is also merged.

This work was a refactor, so no functional or visual changes should be present. Note: these changes are only applied with the feature flag pm-25379-use-new-organization-metadata-structure

Here’s a list of changes made for this issue.

  1. All properties that were not being used anywhere in clients were removed from the models.
  2. The cloud-hosted organization subscription page:
    1. This page used to look at the organization metadata (provided by the server API) to determine if it should show the self hosting section. The property checked was isEligibleForSelfHost. This was updated to instead simply check that the org’s plan tier is either families or enterprise and the matching property was removed from the metadata models. (This is equivalent to the logic used by the server API before, but does not require any additional data to be fetched.)
    2. This page also used isManaged in org metadata to switch between two variations of UI for the “manage subscription” section. This was updated to instead use hasBillableProvider which the client already has access to on the org object and the property was removed from the metadata models. The UI switches:
      1. When the org is managed by a consolidated billing MSP.
      2. When the org is not managed by a consolidated billing MSP.
  3. The organization members page uses organization metadata fetched from the API in the following cases:
    1. isOnSecretsManagerStandalone is used to force the secrets manager access checkbox when inviting a new member or editing an existing member.
    2. occupiedSeatCount is used in the following cases:
      1. to restrict inviting additional members if the seat limit is reached
      2. to show the remaining seats on the invite dialog
  4. The member access report uses metadata simply to pass it along to the edit member dialog for the same usage as above when editing an existing member.

This PR is of course the server-side changes. It includes the new feature flag, removing of unused properties, refactoring the GetMetadata function into a new query class, and a new vnext endpoint to use that query.

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

@kdenney kdenney requested a review from a team as a code owner October 10, 2025 14:11
@github-actions GitHub Actions
Copy link
Contributor

Logo
Checkmarx One – Scan Summary & Details05b4e2ad-d6f9-4a4d-8a40-6caa792b6e23

New Issues (1)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
MEDIUM Use_Of_Hardcoded_Password /src/Core/Constants.cs: 145
detailsThe application uses the hard-coded password CipherRepositoryBulkResourceCreation for authentication purposes, either using it to verify users' id...
ID: IpzRCs6K073h%2F5Gz4YJ%2BlZY%2Fwlg%3D
Attack Vector
Fixed Issues (4)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
MEDIUM CSRF /src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs: 108
MEDIUM CSRF /src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs: 96
MEDIUM CSRF /src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs: 60
MEDIUM CSRF /src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs: 50

@kdenney kdenney merged commit fedc6b8 into main Oct 13, 2025
78 of 79 checks passed
@kdenney kdenney deleted the billing/pm-25379/clean-up-org-metadata-usage branch October 13, 2025 15:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amorask-bitwarden amorask-bitwarden amorask-bitwarden approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kdenney @amorask-bitwarden