[PM-36678] Add custom user check

[JimmyVo16]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-36678

📔 Objective

1. Add a guard to prevent custom users from restoring or revoking admins.
2. Support both single and bulk cases.
3. Add unit tests.

It’s a simple change. The unit tests should be sufficient. No manual tests are needed.

[github-actions]

🤖 Bitwarden Claude Code Review

Overall Assessment: APPROVE

This PR adds an authorization check preventing Custom users (who hold ManageUsers permission but are not Admins/Owners) from revoking or restoring Admin-type organization users. The check is applied in three places: the v1 single-user and bulk RestoreOrganizationUserCommand, the v1 single-user RevokeOrganizationUserCommand, and the v2 RevokeOrganizationUsersValidator (with a corresponding CustomUsersCannotRevokeAdmins error). Tests cover the new positive and negative paths for both Restore and Revoke, including a SCIM/SystemUser bypass case.

Code Review Details

No code findings.

PR Metadata Assessment

• ❓ QUESTION: PR title is the raw branch name ("Ac/pm 36678/add customer user check") and contains a typo ("customer" → "Custom"). The Objective section in the description is also empty. Consider tightening the title (e.g., "Prevent Custom users from revoking/restoring Admins") and filling in the Objective.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 59.99%. Comparing base (4a3c204) to head (ce1e687).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #7675   +/-   ##
=======================================
  Coverage   59.98%   59.99%           
=======================================
  Files        2133     2133           
  Lines       93731    93752   +21     
  Branches     8311     8316    +5     
=======================================
+ Hits        56226    56246   +20     
- Misses      35527    35528    +1     
  Partials     1978     1978           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.