[PM-31978] Expand Organization Ability documentation by eliykat · Pull Request #6970 · bitwarden/server

eliykat · 2026-02-10T02:18:27Z

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-31978

📔 Objective

In #6781 we added initial documentation around the organization ability pattern. This PR incorporates additional documentation from Confluence, including a step-by-step guide with file references. This has been cross-checked and updated. The confluence doc will be deleted or archived to avoid confusion.

📸 Screenshots

github-actions · 2026-02-10T02:29:17Z

Checkmarx One – Scan Summary & Details – e51e4b16-d00a-4a4f-8044-f1c88d8f27f1

Fixed Issues (2)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	~~CSRF~~	/src/Api/Vault/Controllers/CiphersController.cs: 1178
	~~CSRF~~	/src/Api/Vault/Controllers/CiphersController.cs: 1062

claude · 2026-02-10T02:37:20Z

Claude finished @eliykat's task in 2m 8s —— View job

Code Review: Documentation Update - Organization Ability Guide

Commit reviewed: bd2af48 (latest)

Summary

This PR expands the Organization Ability README with a comprehensive 10-step implementation guide for adding new ability flags, incorporating and cross-checking content from Confluence. The single modified file is src/Core/AdminConsole/OrganizationFeatures/OrganizationAbility/README.md.

Assessment

Category	Status
Security	N/A (documentation only)
Correctness	All 30+ referenced file paths verified to exist in the codebase
Breaking Changes	None
Test Coverage	N/A

Verification

Every file path listed in the step-by-step guide (Steps 1-9) was verified against the current repository, including:

Core entities, SQL tables, stored procedures, and views
EF repository and query files
API response models and data models
Admin portal models, views, and controllers (including the newly added _OrganizationFormScripts.cshtml reference)
Licensing constants, claims factory, and license verification files
Integration test file

Findings

No issues identified. The documentation is well-structured, accurate, and provides clear actionable guidance for developers adding new organization abilities.

codecov · 2026-02-10T02:57:06Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 56.26%. Comparing base (de330e9) to head (76e0567).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #6970   +/-   ##
=======================================
  Coverage   56.26%   56.26%           
=======================================
  Files        1983     1983           
  Lines       87651    87651           
  Branches     7815     7815           
=======================================
+ Hits        49317    49318    +1     
+ Misses      36504    36503    -1     
  Partials     1830     1830

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

r-tome

This is great!

…entation

sven-bitwarden · 2026-02-12T16:56:22Z

@eliykat The only question I have - you outlined the difference between organization abilities and feature flags, but what considerations go into organization abilities vs policies? Is that worth documenting here or is it already elsewhere?

sonarqubecloud · 2026-02-13T06:02:24Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

kdenney

I was able to confirm these patterns and what changes are needed. Please let me know if I missed anything or if you have any more questions. FYI our team is planning to address this as technical debt to clean up in a future sprint so hopefully this is greatly simplified soon. ☺️

kdenney · 2026-02-13T16:00:18Z