Skip to content

[PM-31978] Expand Organization Ability documentation#6970

Open
eliykat wants to merge 10 commits intomainfrom
ac/pm-31978/expand-organizationability-documentation
Open

[PM-31978] Expand Organization Ability documentation#6970
eliykat wants to merge 10 commits intomainfrom
ac/pm-31978/expand-organizationability-documentation

Conversation

@eliykat
Copy link
Member

@eliykat eliykat commented Feb 10, 2026

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-31978

📔 Objective

In #6781 we added initial documentation around the organization ability pattern. This PR incorporates additional documentation from Confluence, including a step-by-step guide with file references. This has been cross-checked and updated. The confluence doc will be deleted or archived to avoid confusion.

📸 Screenshots

@eliykat eliykat requested a review from a team as a code owner February 10, 2026 02:18
@eliykat eliykat requested review from a team, amorask-bitwarden, r-tome and sven-bitwarden and removed request for a team February 10, 2026 02:18
@github-actions
Copy link
Contributor

github-actions bot commented Feb 10, 2026

Logo
Checkmarx One – Scan Summary & Detailse51e4b16-d00a-4a4f-8044-f1c88d8f27f1

Fixed Issues (2)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1178
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1062

@eliykat eliykat added the ai-review Request a Claude code review label Feb 10, 2026
@claude
Copy link
Contributor

claude bot commented Feb 10, 2026

Claude finished @eliykat's task in 2m 8s —— View job


Code Review: Documentation Update - Organization Ability Guide

Commit reviewed: bd2af48 (latest)

Summary

This PR expands the Organization Ability README with a comprehensive 10-step implementation guide for adding new ability flags, incorporating and cross-checking content from Confluence. The single modified file is src/Core/AdminConsole/OrganizationFeatures/OrganizationAbility/README.md.

Assessment

Category Status
Security N/A (documentation only)
Correctness All 30+ referenced file paths verified to exist in the codebase
Breaking Changes None
Test Coverage N/A

Verification

Every file path listed in the step-by-step guide (Steps 1-9) was verified against the current repository, including:

  • Core entities, SQL tables, stored procedures, and views
  • EF repository and query files
  • API response models and data models
  • Admin portal models, views, and controllers (including the newly added _OrganizationFormScripts.cshtml reference)
  • Licensing constants, claims factory, and license verification files
  • Integration test file

Findings

No issues identified. The documentation is well-structured, accurate, and provides clear actionable guidance for developers adding new organization abilities.

@codecov
Copy link

codecov bot commented Feb 10, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 56.26%. Comparing base (de330e9) to head (76e0567).

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #6970   +/-   ##
=======================================
  Coverage   56.26%   56.26%           
=======================================
  Files        1983     1983           
  Lines       87651    87651           
  Branches     7815     7815           
=======================================
+ Hits        49317    49318    +1     
+ Misses      36504    36503    -1     
  Partials     1830     1830           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

r-tome
r-tome previously approved these changes Feb 10, 2026
Copy link
Contributor

@r-tome r-tome left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great!

@cturnbull-bitwarden cturnbull-bitwarden requested review from kdenney and removed request for amorask-bitwarden February 10, 2026 15:47
@bitwarden bitwarden deleted a comment from claude bot Feb 10, 2026
@sven-bitwarden
Copy link
Contributor

@eliykat The only question I have - you outlined the difference between organization abilities and feature flags, but what considerations go into organization abilities vs policies? Is that worth documenting here or is it already elsewhere?

@sonarqubecloud
Copy link

Copy link
Contributor

@kdenney kdenney left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was able to confirm these patterns and what changes are needed. Please let me know if I missed anything or if you have any more questions. FYI our team is planning to address this as technical debt to clean up in a future sprint so hopefully this is greatly simplified soon. ☺️

> ⚠️ **WARNING:** Mistakes in organization license changes can disable the entire organization for self-hosted customers!
> Double-check your work and ask for help if unsure.
>
> **Note:** Do not add new properties to the `OrganizationLicense` file - make sure you use the claims-based system below.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I confirmed with Conner that this is wrong. New features do need added to OrganizationLicense because those properties are still used in the UpdateOrganizationLicenseCommand to update the organization properties from the license properties. So this needs removed and other changes below as well.

Note: I will likely miss a few spots here but if you add a property and add it to LicenseConstants and then run tests in UpdateOrganizationLicenseCommandTests.cs, the test failures will guide you to all of the changes required so that should help identify areas that need documented.

**Update tests:**

- `test/Core.Test/Billing/Organizations/Commands/UpdateOrganizationLicenseCommandTests.cs`
- Exclude from test comparison (line ~91)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe this should be removed. Since we are adding the properties to both classes, I believe we do want this test to include them in this comparison.


**Update tests:**

- `test/Core.Test/Billing/Organizations/Commands/UpdateOrganizationLicenseCommandTests.cs`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks to me like you probably want to also add the new property to this test: UpdateLicenseAsync_WithClaimsPrincipal_ExtractsAllPropertiesFromClaims

> Double-check your work and ask for help if unsure.
>
> **Note:** Do not add new properties to the `OrganizationLicense` file - make sure you use the claims-based system below.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is also required to add the new property to the UpdateFromLicense() method in src/Core/AdminConsole/Entities/Organization.cs


**Update license verification:**

- `src/Core/Billing/Organizations/Models/OrganizationLicense.cs`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm pretty sure you also need to add the new property to the GetDataBytes() method in this file to the section at the bottom below this comment:
// any new fields added need to be added here so that they're ignored

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ai-review Request a Claude code review

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants