[PM-28616] Add flag UsePhishingBlocker to dbo.Organization

[voommen-livefront]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-28616

📔 Objective

Added the usePhishingBlocker flag to dbo.Organization
Updated EntityFramework & Migrations
Added a flag in the Admin pages for an organization to Use Phishing Blocker
Updated the models and views here as well.

📸 Screenshots

UI for Admin Console

Database (MSSQL)

Phishing Blocker in API calls

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[claude]

Claude finished @voommen-livefront's task —— View job

---

Code Review Complete

Summary

This PR adds a UsePhishingBlocker boolean flag to the Organization entity across the entire stack. The implementation is structurally sound with comprehensive coverage of database schema, stored procedures, views, Entity Framework migrations (all providers), models, API responses, and Admin UI.

Findings

Finding 1: Missing UsePhishingBlocker in UpdateFromLicense method
❌ Major Issue - The Organization.UpdateFromLicense() method at src/Core/AdminConsole/Entities/Organization.cs:303-342 does not include UsePhishingBlocker. This means self-hosted organizations updating from licenses won't receive this flag.

Required Fix

Add this line in UpdateFromLicense() after line 341:

UsePhishingBlocker = license.UsePhishingBlocker;

This requires the corresponding property to exist in OrganizationLicense as well.

Finding 2: Missing UsePhishingBlocker in OrganizationEditModel.ToOrganization method
❌ Major Issue - The ToOrganization() method at src/Admin/AdminConsole/Models/OrganizationEditModel.cs:295-334 doesn't set UsePhishingBlocker on the organization entity. While the controller manually sets it (line 476), the ToOrganization() method should be complete for consistency.

Required Fix

Add this line after line 332:

existingOrganization.UsePhishingBlocker = UsePhishingBlocker;

Finding 3: No unit tests included
⚠️ Minor Issue - Per CLAUDE.md guidelines: "ALWAYS add unit tests (with mocking) for any new feature development". No test files were modified or added for this feature.

Suggested Tests

Consider adding tests for:

• Organization entity property persistence
• UpdateFromLicense including UsePhishingBlocker
• OrganizationEditModel ToOrganization mapping
• API response model serialization
• Database stored procedure parameter handling

Finding 4: PR description quality
💭 Question - The objective states "Added the usePhishingBlocker flag" but doesn't explain the business purpose or use case. What functionality does this flag enable? How will it be used by the application?

Good Practices Observed

• Consistent implementation across all database providers (MSSQL, MySQL, PostgreSQL, SQLite)
• Proper default value (0/false) with constraint for new column
• All database views and stored procedures updated systematically
• Admin UI integration follows existing patterns
• Display attribute properly configured for the form field
• API response models include the new property

Action Items

1. ❌ Add UsePhishingBlocker to UpdateFromLicense() method (and verify OrganizationLicense has this property)
2. ❌ Add UsePhishingBlocker mapping in ToOrganization() method
3. ⚠️ Add unit tests covering the new property
4. 💭 Clarify in PR description what phishing blocker functionality this flag enables

[github-actions]

Checkmarx One – Scan Summary & Details – 84f39145-c206-4965-8e53-0b39082788d8

Great job! No new security vulnerabilities introduced in this pull request

[codecov]

Codecov Report

❌ Patch coverage is 88.88889% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 56.94%. Comparing base (6270591) to head (223b71f).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
...Admin/AdminConsole/Models/OrganizationEditModel.cs	50.00%	1 Missing ⚠️
...Admin/AdminConsole/Models/OrganizationViewModel.cs	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6625      +/-   ##
==========================================
+ Coverage   52.98%   56.94%   +3.95%     
==========================================
  Files        1909     1899      -10     
  Lines       84828    84609     -219     
  Branches     7634     7604      -30     
==========================================
+ Hits        44948    48179    +3231     
+ Misses      38127    34607    -3520     
- Partials     1753     1823      +70     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.