[AC-1721] Include limit collection creation/deletion in license file

src/Api/AdminConsole/Controllers/OrganizationsController.cs

@@ -782,6 +782,7 @@ public async Task<OrganizationSsoResponseModel> PostSso(Guid id, [FromBody] Orga
 
     [HttpPut("{id}/collection-management")]
     [RequireFeature(FeatureFlagKeys.FlexibleCollections)]
+    [SelfHosted(NotSelfHostedOnly = true)]
     public async Task<OrganizationResponseModel> PutCollectionManagement(Guid id, [FromBody] OrganizationCollectionManagementUpdateRequestModel model)
     {
         var organization = await _organizationRepository.GetByIdAsync(id);

src/Core/AdminConsole/Entities/Organization.cs

@@ -236,7 +236,7 @@ public TwoFactorProvider GetTwoFactorProvider(TwoFactorProviderType provider)
         return providers[provider];
     }
 
-    public void UpdateFromLicense(OrganizationLicense license)
+    public void UpdateFromLicense(OrganizationLicense license, bool flexibleCollectionsIsEnabled)
     {
         Name = license.Name;
         BusinessName = license.BusinessName;
@@ -267,5 +267,6 @@ public void UpdateFromLicense(OrganizationLicense license)
         UseSecretsManager = license.UseSecretsManager;
         SmSeats = license.SmSeats;
         SmServiceAccounts = license.SmServiceAccounts;
+        LimitCollectionCreationDeletion = !flexibleCollectionsIsEnabled || license.LimitCollectionCreationDeletion;
     }
 }

src/Core/AdminConsole/Services/Implementations/OrganizationService.cs

@@ -555,6 +555,9 @@ public async Task<Tuple<Organization, OrganizationUser>> SignUpAsync(
 
         await ValidateSignUpPoliciesAsync(owner.Id);
 
+        var flexibleCollectionsIsEnabled =
+            _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext);
+
         var organization = new Organization
         {
             Name = license.Name,
@@ -594,7 +597,8 @@ public async Task<Tuple<Organization, OrganizationUser>> SignUpAsync(
             UsePasswordManager = license.UsePasswordManager,
             UseSecretsManager = license.UseSecretsManager,
             SmSeats = license.SmSeats,
-            SmServiceAccounts = license.SmServiceAccounts
+            SmServiceAccounts = license.SmServiceAccounts,
+            LimitCollectionCreationDeletion = !flexibleCollectionsIsEnabled || license.LimitCollectionCreationDeletion
         };
 
         var result = await SignUpAsync(organization, owner.Id, ownerKey, collectionName, false);

src/Core/Models/Business/OrganizationLicense.cs

@@ -52,6 +52,7 @@ public OrganizationLicense(Organization org, SubscriptionInfo subscriptionInfo,
         UseSecretsManager = org.UseSecretsManager;
         SmSeats = org.SmSeats;
         SmServiceAccounts = org.SmServiceAccounts;
+        LimitCollectionCreationDeletion = org.LimitCollectionCreationDeletion;
 
         if (subscriptionInfo?.Subscription == null)
         {
@@ -135,6 +136,7 @@ public OrganizationLicense(Organization org, SubscriptionInfo subscriptionInfo,
     public bool UseSecretsManager { get; set; }
     public int? SmSeats { get; set; }
     public int? SmServiceAccounts { get; set; }
+    public bool LimitCollectionCreationDeletion { get; set; } = true;
     public bool Trial { get; set; }
     public LicenseType? LicenseType { get; set; }
     public string Hash { get; set; }
@@ -146,11 +148,10 @@ public OrganizationLicense(Organization org, SubscriptionInfo subscriptionInfo,
     /// </summary>
     /// <remarks>Intentionally set one version behind to allow self hosted users some time to update before
     /// getting out of date license errors</remarks>
-    public const int CurrentLicenseFileVersion = 12;
-
+    public const int CurrentLicenseFileVersion = 13;
     private bool ValidLicenseVersion
     {
-        get => Version is >= 1 and <= 13;
+        get => Version is >= 1 and <= 14;
     }
 
     public byte[] GetDataBytes(bool forHash = false)
@@ -191,6 +192,8 @@ public byte[] GetDataBytes(bool forHash = false)
                     (Version >= 13 || !p.Name.Equals(nameof(UsePasswordManager))) &&
                     (Version >= 13 || !p.Name.Equals(nameof(SmSeats))) &&
                     (Version >= 13 || !p.Name.Equals(nameof(SmServiceAccounts))) &&
+                    // LimitCollectionCreationDeletion was added in Version 14
+                    (Version >= 14 || !p.Name.Equals(nameof(LimitCollectionCreationDeletion))) &&
                     (
                         !forHash ||
                         (
@@ -338,6 +341,13 @@ public bool VerifyData(Organization organization, IGlobalSettings globalSettings
                         organization.SmServiceAccounts == SmServiceAccounts;
             }
 
+            // Restore validity check when Flexible Collections are enabled for cloud and self-host
+            // https://bitwarden.atlassian.net/browse/AC-1875
+            // if (valid && Version >= 14)
+            // {
+            //     valid = organization.LimitCollectionCreationDeletion == LimitCollectionCreationDeletion;
+            // }
+
             return valid;
         }
         else

src/Core/OrganizationFeatures/OrganizationLicenses/UpdateOrganizationLicenseCommand.cs

@@ -2,6 +2,7 @@
 
 using System.Text.Json;
 using Bit.Core.AdminConsole.Entities;
+using Bit.Core.Context;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Business;
 using Bit.Core.Models.Data.Organizations;
@@ -17,15 +18,21 @@ public class UpdateOrganizationLicenseCommand : IUpdateOrganizationLicenseComman
     private readonly ILicensingService _licensingService;
     private readonly IGlobalSettings _globalSettings;
     private readonly IOrganizationService _organizationService;
+    private readonly IFeatureService _featureService;
+    private readonly ICurrentContext _currentContext;
 
     public UpdateOrganizationLicenseCommand(
         ILicensingService licensingService,
         IGlobalSettings globalSettings,
-        IOrganizationService organizationService)
+        IOrganizationService organizationService,
+        IFeatureService featureService,
+        ICurrentContext currentContext)
     {
         _licensingService = licensingService;
         _globalSettings = globalSettings;
         _organizationService = organizationService;
+        _featureService = featureService;
+        _currentContext = currentContext;
     }
 
     public async Task UpdateLicenseAsync(SelfHostedOrganizationDetails selfHostedOrganization,
@@ -58,8 +65,9 @@ private async Task WriteLicenseFileAsync(Organization organization, Organization
 
     private async Task UpdateOrganizationAsync(SelfHostedOrganizationDetails selfHostedOrganizationDetails, OrganizationLicense license)
     {
+        var flexibleCollectionsIsEnabled = _featureService.IsEnabled(FeatureFlagKeys.FlexibleCollections, _currentContext);
         var organization = selfHostedOrganizationDetails.ToOrganization();
-        organization.UpdateFromLicense(license);
+        organization.UpdateFromLicense(license, flexibleCollectionsIsEnabled);
 
         await _organizationService.ReplaceAndUpdateCacheAsync(organization);
     }

test/Core.Test/Models/Business/OrganizationLicenseFileFixtures.cs

@@ -21,7 +21,10 @@ public static class OrganizationLicenseFileFixtures
     private const string Version13 =
         "{\n  'LicenseKey': 'myLicenseKey',\n  'InstallationId': '78900000-0000-0000-0000-000000000123',\n  'Id': '12300000-0000-0000-0000-000000000456',\n  'Name': 'myOrg',\n  'BillingEmail': 'myBillingEmail',\n  'BusinessName': 'myBusinessName',\n  'Enabled': true,\n  'Plan': 'myPlan',\n  'PlanType': 11,\n  'Seats': 10,\n  'MaxCollections': 2,\n  'UsePolicies': true,\n  'UseSso': true,\n  'UseKeyConnector': true,\n  'UseScim': true,\n  'UseGroups': true,\n  'UseEvents': true,\n  'UseDirectory': true,\n  'UseTotp': true,\n  'Use2fa': true,\n  'UseApi': true,\n  'UseResetPassword': true,\n  'MaxStorageGb': 100,\n  'SelfHost': true,\n  'UsersGetPremium': true,\n  'UseCustomPermissions': true,\n  'Version': 12,\n  'Issued': '2023-11-23T03:25:24.265409Z',\n  'Refresh': '2023-11-30T03:25:24.265409Z',\n  'Expires': '2023-11-30T03:25:24.265409Z',\n  'ExpirationWithoutGracePeriod': null,\n  'UsePasswordManager': true,\n  'UseSecretsManager': true,\n  'SmSeats': 5,\n  'SmServiceAccounts': 8,\n  'Trial': true,\n  'LicenseType': 1,\n  'Hash': 'hZ4WcSX/7ooRZ6asDRMJ/t0K5hZkQdvkgEyy6wY\\u002BwQk=',\n  'Signature': ''\n}";
 
-    private static readonly Dictionary<int, string> LicenseVersions = new() { { 12, Version12 }, { 13, Version13 } };
+    private const string Version14 =
+        "{\n  'LicenseKey': 'myLicenseKey',\n  'InstallationId': '78900000-0000-0000-0000-000000000123',\n  'Id': '12300000-0000-0000-0000-000000000456',\n  'Name': 'myOrg',\n  'BillingEmail': 'myBillingEmail',\n  'BusinessName': 'myBusinessName',\n  'Enabled': true,\n  'Plan': 'myPlan',\n  'PlanType': 11,\n  'Seats': 10,\n  'MaxCollections': 2,\n  'UsePolicies': true,\n  'UseSso': true,\n  'UseKeyConnector': true,\n  'UseScim': true,\n  'UseGroups': true,\n  'UseEvents': true,\n  'UseDirectory': true,\n  'UseTotp': true,\n  'Use2fa': true,\n  'UseApi': true,\n  'UseResetPassword': true,\n  'MaxStorageGb': 100,\n  'SelfHost': true,\n  'UsersGetPremium': true,\n  'UseCustomPermissions': true,\n  'Version': 13,\n  'Issued': '2023-11-29T22:42:33.970597Z',\n  'Refresh': '2023-12-06T22:42:33.970597Z',\n  'Expires': '2023-12-06T22:42:33.970597Z',\n  'ExpirationWithoutGracePeriod': null,\n  'UsePasswordManager': true,\n  'UseSecretsManager': true,\n  'SmSeats': 5,\n  'SmServiceAccounts': 8,\n  'LimitCollectionCreationDeletion': true,\n  'Trial': true,\n  'LicenseType': 1,\n  'Hash': '4G2u\\u002BWKO9EOiVnDVNr7uPxxRkv7TtaOmDl7kAYH05Fw=',\n  'Signature': ''\n}";
+
+    private static readonly Dictionary<int, string> LicenseVersions = new() { { 12, Version12 }, { 13, Version13 }, { 14, Version14 } };
 
     public static OrganizationLicense GetVersion(int licenseVersion)
     {