diff --git a/src/Api/AdminConsole/Models/Request/Organizations/OrganizationUserRestoreRequest.cs b/src/Api/AdminConsole/Models/Request/Organizations/OrganizationUserRestoreRequest.cs
index 867edf47a8..66310a1ef5 100644
--- a/src/Api/AdminConsole/Models/Request/Organizations/OrganizationUserRestoreRequest.cs
+++ b/src/Api/AdminConsole/Models/Request/Organizations/OrganizationUserRestoreRequest.cs
@@ -2,5 +2,8 @@
public class OrganizationUserRestoreRequest
{
+ ///
+ /// This is the encrypted default collection name to be used for restored users if required
+ ///
public string DefaultUserCollectionName { get; set; } = string.Empty;
}
diff --git a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/RestoreUser/v1/RestoreOrganizationUserCommand.cs b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/RestoreUser/v1/RestoreOrganizationUserCommand.cs
index 901b27a878..d3b4db7e9f 100644
--- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/RestoreUser/v1/RestoreOrganizationUserCommand.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/RestoreUser/v1/RestoreOrganizationUserCommand.cs
@@ -58,7 +58,7 @@ public class RestoreOrganizationUserCommand(
public async Task RestoreUserAsync(OrganizationUser organizationUser, EventSystemUser systemUser)
{
- await RepositoryRestoreUserAsync(organizationUser, ""); // TODO fix this
+ await RepositoryRestoreUserAsync(organizationUser, ""); // users stored by a system user will not get a default collection at this point.
await eventService.LogOrganizationUserEventAsync(organizationUser, EventType.OrganizationUser_Restored,
systemUser);
@@ -199,6 +199,9 @@ public class RestoreOrganizationUserCommand(
var orgUsersAndOrgs = await GetRelatedOrganizationUsersAndOrganizationsAsync(filteredUsers);
var result = new List>();
+ var organizationUsersDataOwnershipEnabled = (await policyRequirementQuery
+ .GetManyByOrganizationIdAsync(organizationId))
+ .ToList();
foreach (var organizationUser in filteredUsers)
{
@@ -240,10 +243,9 @@ public class RestoreOrganizationUserCommand(
await eventService.LogOrganizationUserEventAsync(organizationUser, EventType.OrganizationUser_Restored);
if (organizationUser.UserId.HasValue)
{
- if ((await policyRequirementQuery.GetAsync(organizationUser.UserId
- .Value)).State == OrganizationDataOwnershipState.Enabled
- && organizationUser.Status == OrganizationUserStatusType.Confirmed
- && !string.IsNullOrWhiteSpace(defaultCollectionName))
+ if (organizationUsersDataOwnershipEnabled.Contains(organizationUser.Id)
+ && organizationUser.Status == OrganizationUserStatusType.Confirmed
+ && !string.IsNullOrWhiteSpace(defaultCollectionName))
{
await collectionRepository.CreateDefaultCollectionsAsync(organizationUser.OrganizationId,
[organizationUser.Id],
diff --git a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RestoreUser/RestoreOrganizationUserCommandTests.cs b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RestoreUser/RestoreOrganizationUserCommandTests.cs
index bb56e2c580..f6fe331cdf 100644
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RestoreUser/RestoreOrganizationUserCommandTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RestoreUser/RestoreOrganizationUserCommandTests.cs
@@ -1372,13 +1372,10 @@ public class RestoreOrganizationUserCommandTests
.GetManyAsync(Arg.Is>(ids => ids.Contains(orgUser1.Id) && ids.Contains(orgUser2.Id)))
.Returns([orgUser1, orgUser2]);
- // Setup policy for orgUser1 (the one with UserId)
- SetupOrganizationDataOwnershipPolicy(
- sutProvider,
- orgUser1.UserId!.Value,
- organization.Id,
- OrganizationUserStatusType.Revoked,
- policyEnabled: true);
+ // Setup bulk policy query - returns org user IDs with policy enabled
+ sutProvider.GetDependency()
+ .GetManyByOrganizationIdAsync(organization.Id)
+ .Returns([orgUser1.Id]);
sutProvider.GetDependency()
.TwoFactorIsEnabledAsync(Arg.Any>())
@@ -1428,21 +1425,10 @@ public class RestoreOrganizationUserCommandTests
.GetManyAsync(Arg.Is>(ids => ids.Contains(orgUser1.Id) && ids.Contains(orgUser2.Id)))
.Returns([orgUser1, orgUser2]);
- // Setup policy enabled only for orgUser1
- SetupOrganizationDataOwnershipPolicy(
- sutProvider,
- orgUser1.UserId!.Value,
- organization.Id,
- OrganizationUserStatusType.Revoked,
- policyEnabled: true);
-
- // Setup policy disabled for orgUser2
- SetupOrganizationDataOwnershipPolicy(
- sutProvider,
- orgUser2.UserId!.Value,
- organization.Id,
- OrganizationUserStatusType.Revoked,
- policyEnabled: false);
+ // Setup bulk policy query - only orgUser1 has policy enabled
+ sutProvider.GetDependency()
+ .GetManyByOrganizationIdAsync(organization.Id)
+ .Returns([orgUser1.Id]);
sutProvider.GetDependency()
.TwoFactorIsEnabledAsync(Arg.Any>())
@@ -1492,20 +1478,10 @@ public class RestoreOrganizationUserCommandTests
.GetManyAsync(Arg.Is>(ids => ids.Contains(orgUser1.Id) && ids.Contains(orgUser2.Id)))
.Returns([orgUser1, orgUser2]);
- // Setup policy enabled for both users
- SetupOrganizationDataOwnershipPolicy(
- sutProvider,
- orgUser1.UserId!.Value,
- organization.Id,
- OrganizationUserStatusType.Revoked,
- policyEnabled: true);
-
- SetupOrganizationDataOwnershipPolicy(
- sutProvider,
- orgUser2.UserId!.Value,
- organization.Id,
- OrganizationUserStatusType.Revoked,
- policyEnabled: true);
+ // Setup bulk policy query - both users have policy enabled
+ sutProvider.GetDependency()
+ .GetManyByOrganizationIdAsync(organization.Id)
+ .Returns([orgUser1.Id, orgUser2.Id]);
sutProvider.GetDependency()
.TwoFactorIsEnabledAsync(Arg.Any>())