[PM-11360] Remove export permission for providers

[eliykat]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-11360

📔 Objective

Remove provider export permissions. Provider users will not have the ability to access an organization’s export tab or export a managed organization’s items.

• split organization.canAccessImportExport into separate getters for import and export (providers can still import)
• restrict provider access to export (behind a feature flag)

Server PR: bitwarden/server#5051

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[eliykat]

Tools Team: this is just updating the org.canAccessImportExport property reference, which has been split into org.canAccessImport and org.canAccessExport. Given that this is the import component, it now refers to org.canAccessImport.

[eliykat]

The canAccessImport helper function in organization.service.abstraction has also been removed because it was only used here and this is all it was doing.

[eliykat]

It's a bit awkward to make callers fetch their own feature flag value to pass in. I tried some other approaches, but introducing any observable or promise here makes pretty large waves through all its callers. This remains the simplest approach for now.

[github-actions]

Checkmarx One – Scan Summary & Details – 87284dc1-1623-47fd-a13a-bd96053e76b7

Fixed Issues

Severity	Issue	Source File / Package
	Client_JQuery_Deprecated_Symbols	/apps/cli/src/service-container/service-container.ts: 876

[eliykat]

This is necessary because some of our model mapping is wrong. I've logged a bug here: https://bitwarden.atlassian.net/browse/PM-15078

[codecov]

Codecov Report

Attention: Patch coverage is 13.51351% with 32 lines in your changes missing coverage. Please review.

Project coverage is 33.46%. Comparing base (9429ae1) to head (7ca6244).

✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
...s/settings/organization-settings-routing.module.ts	0.00%	14 Missing ⚠️
...nizations/layouts/organization-layout.component.ts	40.00%	6 Missing ⚠️
...on/src/admin-console/models/domain/organization.ts	0.00%	6 Missing ⚠️
libs/importer/src/components/import.component.ts	0.00%	5 Missing ⚠️
apps/cli/src/tools/import.command.ts	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #12062      +/-   ##
==========================================
+ Coverage   33.44%   33.46%   +0.01%     
==========================================
  Files        2863     2863              
  Lines       89638    89633       -5     
  Branches    17059    17059              
==========================================
+ Hits        29983    29992       +9     
+ Misses      57294    57280      -14     
  Partials     2361     2361              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

---

🚨 Try these New Features:

• JS Bundle Analysis - Avoid shipping oversized bundles