fix for tests.

src/Api/AdminConsole/Models/Request/Organizations/OrganizationUserRestoreRequest.cs

@@ -2,5 +2,8 @@
 
 public class OrganizationUserRestoreRequest
 {
+    /// <summary>
+    /// This is the encrypted default collection name to be used for restored users if required
+    /// </summary>
     public string DefaultUserCollectionName { get; set; } = string.Empty;
 }

src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/RestoreUser/v1/RestoreOrganizationUserCommand.cs

@@ -58,7 +58,7 @@ public class RestoreOrganizationUserCommand(
 
     public async Task RestoreUserAsync(OrganizationUser organizationUser, EventSystemUser systemUser)
     {
-        await RepositoryRestoreUserAsync(organizationUser, ""); // TODO fix this
+        await RepositoryRestoreUserAsync(organizationUser, ""); // users stored by a system user will not get a default collection at this point.
         await eventService.LogOrganizationUserEventAsync(organizationUser, EventType.OrganizationUser_Restored,
             systemUser);
 
@@ -199,6 +199,9 @@ public class RestoreOrganizationUserCommand(
         var orgUsersAndOrgs = await GetRelatedOrganizationUsersAndOrganizationsAsync(filteredUsers);
 
         var result = new List<Tuple<OrganizationUser, string>>();
+        var organizationUsersDataOwnershipEnabled = (await policyRequirementQuery
+            .GetManyByOrganizationIdAsync<OrganizationDataOwnershipPolicyRequirement>(organizationId))
+            .ToList();
 
         foreach (var organizationUser in filteredUsers)
         {
@@ -240,10 +243,9 @@ public class RestoreOrganizationUserCommand(
                 await eventService.LogOrganizationUserEventAsync(organizationUser, EventType.OrganizationUser_Restored);
                 if (organizationUser.UserId.HasValue)
                 {
-                    if ((await policyRequirementQuery.GetAsync<OrganizationDataOwnershipPolicyRequirement>(organizationUser.UserId
-                           .Value)).State == OrganizationDataOwnershipState.Enabled
-                       && organizationUser.Status == OrganizationUserStatusType.Confirmed
-                       && !string.IsNullOrWhiteSpace(defaultCollectionName))
+                    if (organizationUsersDataOwnershipEnabled.Contains(organizationUser.Id)
+                        && organizationUser.Status == OrganizationUserStatusType.Confirmed
+                        && !string.IsNullOrWhiteSpace(defaultCollectionName))
                     {
                         await collectionRepository.CreateDefaultCollectionsAsync(organizationUser.OrganizationId,
                             [organizationUser.Id],

test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RestoreUser/RestoreOrganizationUserCommandTests.cs

@@ -1372,13 +1372,10 @@ public class RestoreOrganizationUserCommandTests
             .GetManyAsync(Arg.Is<IEnumerable<Guid>>(ids => ids.Contains(orgUser1.Id) && ids.Contains(orgUser2.Id)))
             .Returns([orgUser1, orgUser2]);
 
-        // Setup policy for orgUser1 (the one with UserId)
-        SetupOrganizationDataOwnershipPolicy(
-            sutProvider,
-            orgUser1.UserId!.Value,
-            organization.Id,
-            OrganizationUserStatusType.Revoked,
-            policyEnabled: true);
+        // Setup bulk policy query - returns org user IDs with policy enabled
+        sutProvider.GetDependency<IPolicyRequirementQuery>()
+            .GetManyByOrganizationIdAsync<OrganizationDataOwnershipPolicyRequirement>(organization.Id)
+            .Returns([orgUser1.Id]);
 
         sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
             .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<Guid>>())
@@ -1428,21 +1425,10 @@ public class RestoreOrganizationUserCommandTests
             .GetManyAsync(Arg.Is<IEnumerable<Guid>>(ids => ids.Contains(orgUser1.Id) && ids.Contains(orgUser2.Id)))
             .Returns([orgUser1, orgUser2]);
 
-        // Setup policy enabled only for orgUser1
-        SetupOrganizationDataOwnershipPolicy(
-            sutProvider,
-            orgUser1.UserId!.Value,
-            organization.Id,
-            OrganizationUserStatusType.Revoked,
-            policyEnabled: true);
-
-        // Setup policy disabled for orgUser2
-        SetupOrganizationDataOwnershipPolicy(
-            sutProvider,
-            orgUser2.UserId!.Value,
-            organization.Id,
-            OrganizationUserStatusType.Revoked,
-            policyEnabled: false);
+        // Setup bulk policy query - only orgUser1 has policy enabled
+        sutProvider.GetDependency<IPolicyRequirementQuery>()
+            .GetManyByOrganizationIdAsync<OrganizationDataOwnershipPolicyRequirement>(organization.Id)
+            .Returns([orgUser1.Id]);
 
         sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
             .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<Guid>>())
@@ -1492,20 +1478,10 @@ public class RestoreOrganizationUserCommandTests
             .GetManyAsync(Arg.Is<IEnumerable<Guid>>(ids => ids.Contains(orgUser1.Id) && ids.Contains(orgUser2.Id)))
             .Returns([orgUser1, orgUser2]);
 
-        // Setup policy enabled for both users
-        SetupOrganizationDataOwnershipPolicy(
-            sutProvider,
-            orgUser1.UserId!.Value,
-            organization.Id,
-            OrganizationUserStatusType.Revoked,
-            policyEnabled: true);
-
-        SetupOrganizationDataOwnershipPolicy(
-            sutProvider,
-            orgUser2.UserId!.Value,
-            organization.Id,
-            OrganizationUserStatusType.Revoked,
-            policyEnabled: true);
+        // Setup bulk policy query - both users have policy enabled
+        sutProvider.GetDependency<IPolicyRequirementQuery>()
+            .GetManyByOrganizationIdAsync<OrganizationDataOwnershipPolicyRequirement>(organization.Id)
+            .Returns([orgUser1.Id, orgUser2.Id]);
 
         sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
             .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<Guid>>())