[PM-12747] Move CollectionService and models to AC Team (#11278)

libs/admin-console/jest.config.js

@@ -10,7 +10,11 @@ module.exports = {
   displayName: "libs/admin-console tests",
   preset: "jest-preset-angular",
   setupFilesAfterEnv: ["<rootDir>/test.setup.ts"],
-  moduleNameMapper: pathsToModuleNameMapper(compilerOptions?.paths || {}, {
-    prefix: "<rootDir>/",
-  }),
+  moduleNameMapper: pathsToModuleNameMapper(
+    // lets us use @bitwarden/common/spec in tests
+    { "@bitwarden/common/spec": ["../common/spec"], ...(compilerOptions?.paths ?? {}) },
+    {
+      prefix: "<rootDir>/",
+    },
+  ),
 };

libs/admin-console/src/common/collections/abstractions/collection-admin.service.ts

@@ -1,4 +1,4 @@
-import { CollectionDetailsResponse } from "@bitwarden/common/vault/models/response/collection.response";
+import { CollectionDetailsResponse } from "@bitwarden/admin-console/common";
 
 import { CollectionAccessSelectionView, CollectionAdminView } from "../models";
 

libs/admin-console/src/common/collections/abstractions/collection.service.ts

@@ -0,0 +1,33 @@
+import { Observable } from "rxjs";
+
+import { CollectionId, OrganizationId, UserId } from "@bitwarden/common/types/guid";
+import { OrgKey } from "@bitwarden/common/types/key";
+import { TreeNode } from "@bitwarden/common/vault/models/domain/tree-node";
+
+import { CollectionData, Collection, CollectionView } from "../models";
+
+export abstract class CollectionService {
+  encryptedCollections$: Observable<Collection[]>;
+  decryptedCollections$: Observable<CollectionView[]>;
+
+  clearActiveUserCache: () => Promise<void>;
+  encrypt: (model: CollectionView) => Promise<Collection>;
+  decryptedCollectionViews$: (ids: CollectionId[]) => Observable<CollectionView[]>;
+  /**
+   * @deprecated This method will soon be made private
+   * See PM-12375
+   */
+  decryptMany: (
+    collections: Collection[],
+    orgKeys?: Record<OrganizationId, OrgKey>,
+  ) => Promise<CollectionView[]>;
+  get: (id: string) => Promise<Collection>;
+  getAll: () => Promise<Collection[]>;
+  getAllDecrypted: () => Promise<CollectionView[]>;
+  getAllNested: (collections?: CollectionView[]) => Promise<TreeNode<CollectionView>[]>;
+  getNested: (id: string) => Promise<TreeNode<CollectionView>>;
+  upsert: (collection: CollectionData | CollectionData[]) => Promise<any>;
+  replace: (collections: { [id: string]: CollectionData }, userId: UserId) => Promise<any>;
+  clear: (userId?: string) => Promise<void>;
+  delete: (id: string | string[]) => Promise<any>;
+}

libs/admin-console/src/common/collections/abstractions/index.ts

@@ -1 +1,2 @@
 export * from "./collection-admin.service";
+export * from "./collection.service";

libs/admin-console/src/common/collections/models/collection-admin.view.ts

@@ -1,8 +1,8 @@
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
-import { CollectionAccessDetailsResponse } from "@bitwarden/common/src/vault/models/response/collection.response";
-import { CollectionView } from "@bitwarden/common/vault/models/view/collection.view";
 
-import { CollectionAccessSelectionView } from "../models";
+import { CollectionAccessSelectionView } from "./collection-access-selection.view";
+import { CollectionAccessDetailsResponse } from "./collection.response";
+import { CollectionView } from "./collection.view";
 
 export const Unassigned = "unassigned";
 

libs/admin-console/src/common/collections/models/collection-with-id.request.ts

@@ -0,0 +1,14 @@
+import { Collection } from "./collection";
+import { CollectionRequest } from "./collection.request";
+
+export class CollectionWithIdRequest extends CollectionRequest {
+  id: string;
+
+  constructor(collection?: Collection) {
+    if (collection == null) {
+      return;
+    }
+    super(collection);
+    this.id = collection.id;
+  }
+}

libs/admin-console/src/common/collections/models/collection.data.ts

@@ -0,0 +1,29 @@
+import { Jsonify } from "type-fest";
+
+import { CollectionId, OrganizationId } from "@bitwarden/common/types/guid";
+
+import { CollectionDetailsResponse } from "./collection.response";
+
+export class CollectionData {
+  id: CollectionId;
+  organizationId: OrganizationId;
+  name: string;
+  externalId: string;
+  readOnly: boolean;
+  manage: boolean;
+  hidePasswords: boolean;
+
+  constructor(response: CollectionDetailsResponse) {
+    this.id = response.id;
+    this.organizationId = response.organizationId;
+    this.name = response.name;
+    this.externalId = response.externalId;
+    this.readOnly = response.readOnly;
+    this.manage = response.manage;
+    this.hidePasswords = response.hidePasswords;
+  }
+
+  static fromJSON(obj: Jsonify<CollectionData>) {
+    return Object.assign(new CollectionData(new CollectionDetailsResponse({})), obj);
+  }
+}

libs/admin-console/src/common/collections/models/collection.request.ts

@@ -0,0 +1,18 @@
+import { SelectionReadOnlyRequest } from "@bitwarden/common/admin-console/models/request/selection-read-only.request";
+
+import { Collection } from "./collection";
+
+export class CollectionRequest {
+  name: string;
+  externalId: string;
+  groups: SelectionReadOnlyRequest[] = [];
+  users: SelectionReadOnlyRequest[] = [];
+
+  constructor(collection?: Collection) {
+    if (collection == null) {
+      return;
+    }
+    this.name = collection.name ? collection.name.encryptedString : null;
+    this.externalId = collection.externalId;
+  }
+}

libs/admin-console/src/common/collections/models/collection.response.ts

@@ -0,0 +1,62 @@
+import { SelectionReadOnlyResponse } from "@bitwarden/common/admin-console/models/response/selection-read-only.response";
+import { BaseResponse } from "@bitwarden/common/models/response/base.response";
+import { CollectionId, OrganizationId } from "@bitwarden/common/types/guid";
+
+export class CollectionResponse extends BaseResponse {
+  id: CollectionId;
+  organizationId: OrganizationId;
+  name: string;
+  externalId: string;
+
+  constructor(response: any) {
+    super(response);
+    this.id = this.getResponseProperty("Id");
+    this.organizationId = this.getResponseProperty("OrganizationId");
+    this.name = this.getResponseProperty("Name");
+    this.externalId = this.getResponseProperty("ExternalId");
+  }
+}
+
+export class CollectionDetailsResponse extends CollectionResponse {
+  readOnly: boolean;
+  manage: boolean;
+  hidePasswords: boolean;
+
+  /**
+   * Flag indicating the user has been explicitly assigned to this Collection
+   */
+  assigned: boolean;
+
+  constructor(response: any) {
+    super(response);
+    this.readOnly = this.getResponseProperty("ReadOnly") || false;
+    this.manage = this.getResponseProperty("Manage") || false;
+    this.hidePasswords = this.getResponseProperty("HidePasswords") || false;
+
+    // Temporary until the API is updated to return this property in AC-2084
+    // For now, we can assume that if the object is 'collectionDetails' then the user is assigned
+    this.assigned = this.getResponseProperty("object") == "collectionDetails";
+  }
+}
+
+export class CollectionAccessDetailsResponse extends CollectionDetailsResponse {
+  groups: SelectionReadOnlyResponse[] = [];
+  users: SelectionReadOnlyResponse[] = [];
+  unmanaged: boolean;
+
+  constructor(response: any) {
+    super(response);
+    this.assigned = this.getResponseProperty("Assigned") || false;
+    this.unmanaged = this.getResponseProperty("Unmanaged") || false;
+
+    const groups = this.getResponseProperty("Groups");
+    if (groups != null) {
+      this.groups = groups.map((g: any) => new SelectionReadOnlyResponse(g));
+    }
+
+    const users = this.getResponseProperty("Users");
+    if (users != null) {
+      this.users = users.map((g: any) => new SelectionReadOnlyResponse(g));
+    }
+  }
+}

libs/admin-console/src/common/collections/models/collection.spec.ts

@@ -0,0 +1,77 @@
+import { makeSymmetricCryptoKey, mockEnc } from "@bitwarden/common/spec";
+import { CollectionId, OrganizationId } from "@bitwarden/common/types/guid";
+import { OrgKey } from "@bitwarden/common/types/key";
+
+import { Collection } from "./collection";
+import { CollectionData } from "./collection.data";
+
+describe("Collection", () => {
+  let data: CollectionData;
+
+  beforeEach(() => {
+    data = {
+      id: "id" as CollectionId,
+      organizationId: "orgId" as OrganizationId,
+      name: "encName",
+      externalId: "extId",
+      readOnly: true,
+      manage: true,
+      hidePasswords: true,
+    };
+  });
+
+  it("Convert from empty", () => {
+    const data = new CollectionData({} as any);
+    const card = new Collection(data);
+
+    expect(card).toEqual({
+      externalId: null,
+      hidePasswords: null,
+      id: null,
+      name: null,
+      organizationId: null,
+      readOnly: null,
+      manage: null,
+    });
+  });
+
+  it("Convert", () => {
+    const collection = new Collection(data);
+
+    expect(collection).toEqual({
+      id: "id",
+      organizationId: "orgId",
+      name: { encryptedString: "encName", encryptionType: 0 },
+      externalId: { encryptedString: "extId", encryptionType: 0 },
+      readOnly: true,
+      manage: true,
+      hidePasswords: true,
+    });
+  });
+
+  it("Decrypt", async () => {
+    const collection = new Collection();
+    collection.id = "id";
+    collection.organizationId = "orgId" as OrganizationId;
+    collection.name = mockEnc("encName");
+    collection.externalId = "extId";
+    collection.readOnly = false;
+    collection.hidePasswords = false;
+    collection.manage = true;
+
+    const key = makeSymmetricCryptoKey<OrgKey>();
+
+    const view = await collection.decrypt(key);
+
+    expect(view).toEqual({
+      externalId: "extId",
+      hidePasswords: false,
+      id: "id",
+      name: "encName",
+      organizationId: "orgId",
+      readOnly: false,
+      manage: true,
+      assigned: true,
+    });
+  });
+});

libs/admin-console/src/common/collections/models/collection.ts

@@ -0,0 +1,49 @@
+import Domain from "@bitwarden/common/platform/models/domain/domain-base";
+import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
+import { OrgKey } from "@bitwarden/common/types/key";
+
+import { CollectionData } from "./collection.data";
+import { CollectionView } from "./collection.view";
+
+export class Collection extends Domain {
+  id: string;
+  organizationId: string;
+  name: EncString;
+  externalId: string;
+  readOnly: boolean;
+  hidePasswords: boolean;
+  manage: boolean;
+
+  constructor(obj?: CollectionData) {
+    super();
+    if (obj == null) {
+      return;
+    }
+
+    this.buildDomainModel(
+      this,
+      obj,
+      {
+        id: null,
+        organizationId: null,
+        name: null,
+        externalId: null,
+        readOnly: null,
+        hidePasswords: null,
+        manage: null,
+      },
+      ["id", "organizationId", "readOnly", "hidePasswords", "manage"],
+    );
+  }
+
+  decrypt(orgKey: OrgKey): Promise<CollectionView> {
+    return this.decryptObj(
+      new CollectionView(this),
+      {
+        name: null,
+      },
+      this.organizationId,
+      orgKey,
+    );
+  }
+}

libs/admin-console/src/common/collections/models/collection.view.ts

@@ -0,0 +1,93 @@
+import { Jsonify } from "type-fest";
+
+import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
+import { View } from "@bitwarden/common/models/view/view";
+import { ITreeNodeObject } from "@bitwarden/common/vault/models/domain/tree-node";
+
+import { Collection } from "./collection";
+import { CollectionAccessDetailsResponse } from "./collection.response";
+
+export const NestingDelimiter = "/";
+
+export class CollectionView implements View, ITreeNodeObject {
+  id: string = null;
+  organizationId: string = null;
+  name: string = null;
+  externalId: string = null;
+  // readOnly applies to the items within a collection
+  readOnly: boolean = null;
+  hidePasswords: boolean = null;
+  manage: boolean = null;
+  assigned: boolean = null;
+
+  constructor(c?: Collection | CollectionAccessDetailsResponse) {
+    if (!c) {
+      return;
+    }
+
+    this.id = c.id;
+    this.organizationId = c.organizationId;
+    this.externalId = c.externalId;
+    if (c instanceof Collection) {
+      this.readOnly = c.readOnly;
+      this.hidePasswords = c.hidePasswords;
+      this.manage = c.manage;
+      this.assigned = true;
+    }
+    if (c instanceof CollectionAccessDetailsResponse) {
+      this.assigned = c.assigned;
+    }
+  }
+
+  canEditItems(org: Organization): boolean {
+    if (org != null && org.id !== this.organizationId) {
+      throw new Error(
+        "Id of the organization provided does not match the org id of the collection.",
+      );
+    }
+
+    return org?.canEditAllCiphers || this.manage || (this.assigned && !this.readOnly);
+  }
+
+  /**
+   * Returns true if the user can edit a collection (including user and group access) from the individual vault.
+   * Does not include admin permissions - see {@link CollectionAdminView.canEdit}.
+   */
+  canEdit(org: Organization): boolean {
+    if (org != null && org.id !== this.organizationId) {
+      throw new Error(
+        "Id of the organization provided does not match the org id of the collection.",
+      );
+    }
+
+    return this.manage;
+  }
+
+  /**
+   * Returns true if the user can delete a collection from the individual vault.
+   * Does not include admin permissions - see {@link CollectionAdminView.canDelete}.
+   */
+  canDelete(org: Organization): boolean {
+    if (org != null && org.id !== this.organizationId) {
+      throw new Error(
+        "Id of the organization provided does not match the org id of the collection.",
+      );
+    }
+
+    const canDeleteManagedCollections = !org?.limitCollectionCreationDeletion || org.isAdmin;
+
+    // Only use individual permissions, not admin permissions
+    return canDeleteManagedCollections && this.manage;
+  }
+
+  /**
+   * Returns true if the user can view collection info and access in a read-only state from the individual vault
+   */
+  canViewCollectionInfo(org: Organization | undefined): boolean {
+    return false;
+  }
+
+  static fromJSON(obj: Jsonify<CollectionView>) {
+    return Object.assign(new CollectionView(new Collection()), obj);
+  }
+}

libs/admin-console/src/common/collections/models/index.ts

@@ -1,3 +1,9 @@
 export * from "./bulk-collection-access.request";
 export * from "./collection-access-selection.view";
 export * from "./collection-admin.view";
+export * from "./collection";
+export * from "./collection.data";
+export * from "./collection.view";
+export * from "./collection.request";
+export * from "./collection.response";
+export * from "./collection-with-id.request";

libs/admin-console/src/common/collections/services/default-collection-admin.service.ts

@@ -3,17 +3,14 @@ import { SelectionReadOnlyRequest } from "@bitwarden/common/admin-console/models
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
-import { CollectionService } from "@bitwarden/common/vault/abstractions/collection.service";
-import { CollectionData } from "@bitwarden/common/vault/models/data/collection.data";
-import { CollectionRequest } from "@bitwarden/common/vault/models/request/collection.request";
+
+import { CollectionAdminService, CollectionService } from "../abstractions";
 import {
+  CollectionData,
+  CollectionRequest,
   CollectionAccessDetailsResponse,
   CollectionDetailsResponse,
   CollectionResponse,
-} from "@bitwarden/common/vault/models/response/collection.response";
-
-import { CollectionAdminService } from "../abstractions";
-import {
   BulkCollectionAccessRequest,
   CollectionAccessSelectionView,
   CollectionAdminView,

libs/admin-console/src/common/collections/services/default-collection.service.spec.ts

@@ -0,0 +1,139 @@
+import { mock } from "jest-mock-extended";
+import { firstValueFrom, of } from "rxjs";
+
+import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
+import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
+import { ContainerService } from "@bitwarden/common/platform/services/container.service";
+import {
+  FakeStateProvider,
+  makeEncString,
+  makeSymmetricCryptoKey,
+  mockAccountServiceWith,
+} from "@bitwarden/common/spec";
+import { CollectionId, OrganizationId, UserId } from "@bitwarden/common/types/guid";
+import { OrgKey } from "@bitwarden/common/types/key";
+
+import { CollectionData } from "../models";
+
+import {
+  DefaultCollectionService,
+  ENCRYPTED_COLLECTION_DATA_KEY,
+} from "./default-collection.service";
+
+describe("DefaultCollectionService", () => {
+  afterEach(() => {
+    delete (window as any).bitwardenContainerService;
+  });
+
+  describe("decryptedCollections$", () => {
+    it("emits decrypted collections from state", async () => {
+      // Arrange test collections
+      const org1 = Utils.newGuid() as OrganizationId;
+      const org2 = Utils.newGuid() as OrganizationId;
+
+      const collection1 = collectionDataFactory(org1);
+      const collection2 = collectionDataFactory(org2);
+
+      // Arrange state provider
+      const fakeStateProvider = mockStateProvider();
+      await fakeStateProvider.setUserState(ENCRYPTED_COLLECTION_DATA_KEY, {
+        [collection1.id]: collection1,
+        [collection2.id]: collection2,
+      });
+
+      // Arrange cryptoService - orgKeys and mock decryption
+      const cryptoService = mockCryptoService();
+      cryptoService.orgKeys$.mockReturnValue(
+        of({
+          [org1]: makeSymmetricCryptoKey<OrgKey>(),
+          [org2]: makeSymmetricCryptoKey<OrgKey>(),
+        }),
+      );
+
+      const collectionService = new DefaultCollectionService(
+        cryptoService,
+        mock<EncryptService>(),
+        mockI18nService(),
+        fakeStateProvider,
+      );
+
+      const result = await firstValueFrom(collectionService.decryptedCollections$);
+      expect(result.length).toBe(2);
+      expect(result[0]).toMatchObject({
+        id: collection1.id,
+        name: "DECRYPTED_STRING",
+      });
+      expect(result[1]).toMatchObject({
+        id: collection2.id,
+        name: "DECRYPTED_STRING",
+      });
+    });
+
+    it("handles null collection state", async () => {
+      // Arrange test collections
+      const org1 = Utils.newGuid() as OrganizationId;
+      const org2 = Utils.newGuid() as OrganizationId;
+
+      // Arrange state provider
+      const fakeStateProvider = mockStateProvider();
+      await fakeStateProvider.setUserState(ENCRYPTED_COLLECTION_DATA_KEY, null);
+
+      // Arrange cryptoService - orgKeys and mock decryption
+      const cryptoService = mockCryptoService();
+      cryptoService.orgKeys$.mockReturnValue(
+        of({
+          [org1]: makeSymmetricCryptoKey<OrgKey>(),
+          [org2]: makeSymmetricCryptoKey<OrgKey>(),
+        }),
+      );
+
+      const collectionService = new DefaultCollectionService(
+        cryptoService,
+        mock<EncryptService>(),
+        mockI18nService(),
+        fakeStateProvider,
+      );
+
+      const decryptedCollections = await firstValueFrom(collectionService.decryptedCollections$);
+      expect(decryptedCollections.length).toBe(0);
+
+      const encryptedCollections = await firstValueFrom(collectionService.encryptedCollections$);
+      expect(encryptedCollections.length).toBe(0);
+    });
+  });
+});
+
+const mockI18nService = () => {
+  const i18nService = mock<I18nService>();
+  i18nService.collator = null; // this is a mock only, avoid use of this object
+  return i18nService;
+};
+
+const mockStateProvider = () => {
+  const userId = Utils.newGuid() as UserId;
+  return new FakeStateProvider(mockAccountServiceWith(userId));
+};
+
+const mockCryptoService = () => {
+  const cryptoService = mock<CryptoService>();
+  const encryptService = mock<EncryptService>();
+  encryptService.decryptToUtf8
+    .calledWith(expect.any(EncString), expect.anything())
+    .mockResolvedValue("DECRYPTED_STRING");
+
+  (window as any).bitwardenContainerService = new ContainerService(cryptoService, encryptService);
+
+  return cryptoService;
+};
+
+const collectionDataFactory = (orgId: OrganizationId) => {
+  const collection = new CollectionData({} as any);
+  collection.id = Utils.newGuid() as CollectionId;
+  collection.organizationId = orgId;
+  collection.name = makeEncString("ENC_STRING").encryptedString;
+
+  return collection;
+};

libs/admin-console/src/common/collections/services/default-collection.service.ts

@@ -0,0 +1,231 @@
+import { combineLatest, firstValueFrom, map, Observable, of, switchMap } from "rxjs";
+import { Jsonify } from "type-fest";
+
+import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
+import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+import { Utils } from "@bitwarden/common/platform/misc/utils";
+import {
+  ActiveUserState,
+  StateProvider,
+  COLLECTION_DATA,
+  DeriveDefinition,
+  DerivedState,
+  UserKeyDefinition,
+} from "@bitwarden/common/platform/state";
+import { CollectionId, OrganizationId, UserId } from "@bitwarden/common/types/guid";
+import { OrgKey } from "@bitwarden/common/types/key";
+import { TreeNode } from "@bitwarden/common/vault/models/domain/tree-node";
+import { ServiceUtils } from "@bitwarden/common/vault/service-utils";
+
+import { CollectionService } from "../abstractions";
+import { Collection, CollectionData, CollectionView } from "../models";
+
+export const ENCRYPTED_COLLECTION_DATA_KEY = UserKeyDefinition.record<CollectionData, CollectionId>(
+  COLLECTION_DATA,
+  "collections",
+  {
+    deserializer: (jsonData: Jsonify<CollectionData>) => CollectionData.fromJSON(jsonData),
+    clearOn: ["logout"],
+  },
+);
+
+const DECRYPTED_COLLECTION_DATA_KEY = new DeriveDefinition<
+  [Record<CollectionId, CollectionData>, Record<OrganizationId, OrgKey>],
+  CollectionView[],
+  { collectionService: DefaultCollectionService }
+>(COLLECTION_DATA, "decryptedCollections", {
+  deserializer: (obj) => obj.map((collection) => CollectionView.fromJSON(collection)),
+  derive: async ([collections, orgKeys], { collectionService }) => {
+    if (collections == null) {
+      return [];
+    }
+
+    const data = Object.values(collections).map((c) => new Collection(c));
+    return await collectionService.decryptMany(data, orgKeys);
+  },
+});
+
+const NestingDelimiter = "/";
+
+export class DefaultCollectionService implements CollectionService {
+  private encryptedCollectionDataState: ActiveUserState<Record<CollectionId, CollectionData>>;
+  encryptedCollections$: Observable<Collection[]>;
+  private decryptedCollectionDataState: DerivedState<CollectionView[]>;
+  decryptedCollections$: Observable<CollectionView[]>;
+
+  decryptedCollectionViews$(ids: CollectionId[]): Observable<CollectionView[]> {
+    return this.decryptedCollections$.pipe(
+      map((collections) => collections.filter((c) => ids.includes(c.id as CollectionId))),
+    );
+  }
+
+  constructor(
+    private cryptoService: CryptoService,
+    private encryptService: EncryptService,
+    private i18nService: I18nService,
+    protected stateProvider: StateProvider,
+  ) {
+    this.encryptedCollectionDataState = this.stateProvider.getActive(ENCRYPTED_COLLECTION_DATA_KEY);
+
+    this.encryptedCollections$ = this.encryptedCollectionDataState.state$.pipe(
+      map((collections) => {
+        if (collections == null) {
+          return [];
+        }
+
+        return Object.values(collections).map((c) => new Collection(c));
+      }),
+    );
+
+    const encryptedCollectionsWithKeys = this.encryptedCollectionDataState.combinedState$.pipe(
+      switchMap(([userId, collectionData]) =>
+        combineLatest([of(collectionData), this.cryptoService.orgKeys$(userId)]),
+      ),
+    );
+
+    this.decryptedCollectionDataState = this.stateProvider.getDerived(
+      encryptedCollectionsWithKeys,
+      DECRYPTED_COLLECTION_DATA_KEY,
+      { collectionService: this },
+    );
+
+    this.decryptedCollections$ = this.decryptedCollectionDataState.state$;
+  }
+
+  async clearActiveUserCache(): Promise<void> {
+    await this.decryptedCollectionDataState.forceValue(null);
+  }
+
+  async encrypt(model: CollectionView): Promise<Collection> {
+    if (model.organizationId == null) {
+      throw new Error("Collection has no organization id.");
+    }
+    const key = await this.cryptoService.getOrgKey(model.organizationId);
+    if (key == null) {
+      throw new Error("No key for this collection's organization.");
+    }
+    const collection = new Collection();
+    collection.id = model.id;
+    collection.organizationId = model.organizationId;
+    collection.readOnly = model.readOnly;
+    collection.externalId = model.externalId;
+    collection.name = await this.encryptService.encrypt(model.name, key);
+    return collection;
+  }
+
+  // TODO: this should be private and orgKeys should be required.
+  // See https://bitwarden.atlassian.net/browse/PM-12375
+  async decryptMany(
+    collections: Collection[],
+    orgKeys?: Record<OrganizationId, OrgKey>,
+  ): Promise<CollectionView[]> {
+    if (collections == null || collections.length === 0) {
+      return [];
+    }
+    const decCollections: CollectionView[] = [];
+
+    orgKeys ??= await firstValueFrom(this.cryptoService.activeUserOrgKeys$);
+
+    const promises: Promise<any>[] = [];
+    collections.forEach((collection) => {
+      promises.push(
+        collection
+          .decrypt(orgKeys[collection.organizationId as OrganizationId])
+          .then((c) => decCollections.push(c)),
+      );
+    });
+    await Promise.all(promises);
+    return decCollections.sort(Utils.getSortFunction(this.i18nService, "name"));
+  }
+
+  async get(id: string): Promise<Collection> {
+    return (
+      (await firstValueFrom(
+        this.encryptedCollections$.pipe(map((cs) => cs.find((c) => c.id === id))),
+      )) ?? null
+    );
+  }
+
+  async getAll(): Promise<Collection[]> {
+    return await firstValueFrom(this.encryptedCollections$);
+  }
+
+  async getAllDecrypted(): Promise<CollectionView[]> {
+    return await firstValueFrom(this.decryptedCollections$);
+  }
+
+  async getAllNested(collections: CollectionView[] = null): Promise<TreeNode<CollectionView>[]> {
+    if (collections == null) {
+      collections = await this.getAllDecrypted();
+    }
+    const nodes: TreeNode<CollectionView>[] = [];
+    collections.forEach((c) => {
+      const collectionCopy = new CollectionView();
+      collectionCopy.id = c.id;
+      collectionCopy.organizationId = c.organizationId;
+      const parts = c.name != null ? c.name.replace(/^\/+|\/+$/g, "").split(NestingDelimiter) : [];
+      ServiceUtils.nestedTraverse(nodes, 0, parts, collectionCopy, null, NestingDelimiter);
+    });
+    return nodes;
+  }
+
+  /**
+   * @deprecated August 30 2022: Moved to new Vault Filter Service
+   * Remove when Desktop and Browser are updated
+   */
+  async getNested(id: string): Promise<TreeNode<CollectionView>> {
+    const collections = await this.getAllNested();
+    return ServiceUtils.getTreeNodeObjectFromList(collections, id) as TreeNode<CollectionView>;
+  }
+
+  async upsert(toUpdate: CollectionData | CollectionData[]): Promise<void> {
+    if (toUpdate == null) {
+      return;
+    }
+    await this.encryptedCollectionDataState.update((collections) => {
+      if (collections == null) {
+        collections = {};
+      }
+      if (Array.isArray(toUpdate)) {
+        toUpdate.forEach((c) => {
+          collections[c.id] = c;
+        });
+      } else {
+        collections[toUpdate.id] = toUpdate;
+      }
+      return collections;
+    });
+  }
+
+  async replace(collections: Record<CollectionId, CollectionData>, userId: UserId): Promise<void> {
+    await this.stateProvider
+      .getUser(userId, ENCRYPTED_COLLECTION_DATA_KEY)
+      .update(() => collections);
+  }
+
+  async clear(userId?: UserId): Promise<void> {
+    if (userId == null) {
+      await this.encryptedCollectionDataState.update(() => null);
+      await this.decryptedCollectionDataState.forceValue(null);
+    } else {
+      await this.stateProvider.getUser(userId, ENCRYPTED_COLLECTION_DATA_KEY).update(() => null);
+    }
+  }
+
+  async delete(id: CollectionId | CollectionId[]): Promise<any> {
+    await this.encryptedCollectionDataState.update((collections) => {
+      if (collections == null) {
+        collections = {};
+      }
+      if (typeof id === "string") {
+        delete collections[id];
+      } else {
+        (id as CollectionId[]).forEach((i) => {
+          delete collections[i];
+        });
+      }
+      return collections;
+    });
+  }
+}

libs/admin-console/src/common/collections/services/index.ts

@@ -1 +1,2 @@
 export * from "./default-collection-admin.service";
+export * from "./default-collection.service";