[PM-24055] - Collection Users and Groups null on Public response (#6713)

* Integration test around getting and saving collection with group/user permissions

* This adds groups to the collections returned.

* Added new stored procedures so we don't accidentally wipe out access due to null parameters.

* wrapping all calls in transaction in the event that there is an error.

test/Api.IntegrationTest/Controllers/Public/CollectionsControllerTests.cs

@@ -0,0 +1,117 @@
+using Bit.Api.AdminConsole.Public.Models.Request;
+using Bit.Api.IntegrationTest.Factories;
+using Bit.Api.IntegrationTest.Helpers;
+using Bit.Api.Models.Public.Request;
+using Bit.Api.Models.Public.Response;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.Billing.Enums;
+using Bit.Core.Enums;
+using Bit.Core.Models.Data;
+using Bit.Core.Platform.Push;
+using Bit.Core.Repositories;
+using Bit.Core.Services;
+using Xunit;
+
+namespace Bit.Api.IntegrationTest.Controllers.Public;
+
+public class CollectionsControllerTests : IClassFixture<ApiApplicationFactory>, IAsyncLifetime
+{
+
+    private readonly HttpClient _client;
+    private readonly ApiApplicationFactory _factory;
+    private readonly LoginHelper _loginHelper;
+
+    private string _ownerEmail = null!;
+    private Organization _organization = null!;
+
+    public CollectionsControllerTests(ApiApplicationFactory factory)
+    {
+        _factory = factory;
+        _factory.SubstituteService<IPushNotificationService>(_ => { });
+        _factory.SubstituteService<IFeatureService>(_ => { });
+        _client = factory.CreateClient();
+        _loginHelper = new LoginHelper(_factory, _client);
+    }
+
+    public async Task InitializeAsync()
+    {
+        _ownerEmail = $"integration-test{Guid.NewGuid()}@bitwarden.com";
+        await _factory.LoginWithNewAccount(_ownerEmail);
+
+        (_organization, _) = await OrganizationTestHelpers.SignUpAsync(_factory,
+            plan: PlanType.EnterpriseAnnually,
+            ownerEmail: _ownerEmail,
+            passwordManagerSeats: 10,
+            paymentMethod: PaymentMethodType.Card);
+
+        await _loginHelper.LoginWithOrganizationApiKeyAsync(_organization.Id);
+    }
+
+    public Task DisposeAsync()
+    {
+        _client.Dispose();
+        return Task.CompletedTask;
+    }
+
+    [Fact]
+    public async Task CreateCollectionWithMultipleUsersAndVariedPermissions_Success()
+    {
+        // Arrange
+        _organization.AllowAdminAccessToAllCollectionItems = true;
+        await _factory.GetService<IOrganizationRepository>().UpsertAsync(_organization);
+
+        var groupRepository = _factory.GetService<IGroupRepository>();
+        var group = await groupRepository.CreateAsync(new Group
+        {
+            OrganizationId = _organization.Id,
+            Name = "CollectionControllerTests.CreateCollectionWithMultipleUsersAndVariedPermissions_Success",
+            ExternalId = $"CollectionControllerTests.CreateCollectionWithMultipleUsersAndVariedPermissions_Success{Guid.NewGuid()}",
+        });
+
+        var (_, user) = await OrganizationTestHelpers.CreateNewUserWithAccountAsync(
+            _factory,
+            _organization.Id,
+            OrganizationUserType.User);
+
+        var collection = await OrganizationTestHelpers.CreateCollectionAsync(
+            _factory,
+            _organization.Id,
+            "Shared Collection with a group",
+            externalId: "shared-collection-with-group",
+            groups:
+            [
+                new CollectionAccessSelection { Id = group.Id, ReadOnly = false, HidePasswords = false, Manage = true }
+            ],
+            users:
+            [
+                new CollectionAccessSelection { Id = user.Id, ReadOnly = false, HidePasswords = false, Manage = true }
+            ]);
+
+        var getCollectionsResponse = await _client.GetFromJsonAsync<ListResponseModel<CollectionResponseModel>>("public/collections");
+        var getCollectionResponse = await _client.GetFromJsonAsync<CollectionResponseModel>($"public/collections/{collection.Id}");
+
+        var firstCollection = getCollectionsResponse.Data.First(x => x.ExternalId == "shared-collection-with-group");
+
+        var update = new CollectionUpdateRequestModel
+        {
+            ExternalId = firstCollection.ExternalId,
+            Groups = firstCollection.Groups?.Select(x => new AssociationWithPermissionsRequestModel
+            {
+                Id = x.Id,
+                ReadOnly = x.ReadOnly,
+                HidePasswords = x.HidePasswords,
+                Manage = x.Manage
+            }),
+        };
+
+        await _client.PutAsJsonAsync($"public/collections/{firstCollection.Id}", update);
+
+        var result = await _factory.GetService<ICollectionRepository>()
+            .GetByIdWithAccessAsync(firstCollection.Id);
+
+        Assert.NotNull(result);
+        Assert.NotEmpty(result.Item2.Groups);
+        Assert.NotEmpty(result.Item2.Users);
+    }
+}

test/Api.IntegrationTest/Helpers/OrganizationTestHelpers.cs

@@ -159,14 +159,16 @@ public static class OrganizationTestHelpers
         Guid organizationId,
         string name,
         IEnumerable<CollectionAccessSelection>? users = null,
-        IEnumerable<CollectionAccessSelection>? groups = null)
+        IEnumerable<CollectionAccessSelection>? groups = null,
+        string? externalId = null)
     {
         var collectionRepository = factory.GetService<ICollectionRepository>();
         var collection = new Collection
         {
             OrganizationId = organizationId,
             Name = name,
-            Type = CollectionType.SharedCollection
+            Type = CollectionType.SharedCollection,
+            ExternalId = externalId
         };
 
         await collectionRepository.CreateAsync(collection, groups, users);

test/Infrastructure.IntegrationTest/AdminConsole/Repositories/CollectionRepository/CollectionRepositoryReplaceTests.cs

@@ -144,4 +144,69 @@ public class CollectionRepositoryReplaceTests
         await userRepository.DeleteAsync(user);
         await organizationRepository.DeleteAsync(organization);
     }
+
+    [Theory, DatabaseData]
+    public async Task ReplaceAsync_WhenNotPassingGroupsOrUsers_DoesNotDeleteAccess(
+        IUserRepository userRepository,
+        IOrganizationRepository organizationRepository,
+        IOrganizationUserRepository organizationUserRepository,
+        IGroupRepository groupRepository,
+        ICollectionRepository collectionRepository)
+    {
+        // Arrange
+        var organization = await organizationRepository.CreateTestOrganizationAsync();
+
+        var user1 = await userRepository.CreateTestUserAsync();
+        var orgUser1 = await organizationUserRepository.CreateTestOrganizationUserAsync(organization, user1);
+
+        var user2 = await userRepository.CreateTestUserAsync();
+        var orgUser2 = await organizationUserRepository.CreateTestOrganizationUserAsync(organization, user2);
+
+        var group1 = await groupRepository.CreateTestGroupAsync(organization);
+        var group2 = await groupRepository.CreateTestGroupAsync(organization);
+
+        var collection = new Collection
+        {
+            Name = "Test Collection Name",
+            OrganizationId = organization.Id,
+        };
+
+        await collectionRepository.CreateAsync(collection,
+            [
+                new CollectionAccessSelection { Id = group1.Id, Manage = true, HidePasswords = true, ReadOnly = false, },
+                new CollectionAccessSelection { Id = group2.Id, Manage = false, HidePasswords = false, ReadOnly = true, },
+            ],
+            [
+                new CollectionAccessSelection { Id = orgUser1.Id, Manage = true, HidePasswords = false, ReadOnly = true },
+                new CollectionAccessSelection { Id = orgUser2.Id, Manage = false, HidePasswords = true, ReadOnly = false },
+            ]
+        );
+
+        // Act
+        collection.Name = "Updated Collection Name";
+
+        await collectionRepository.ReplaceAsync(collection, null, null);
+
+        // Assert
+        var (actualCollection, actualAccess) = await collectionRepository.GetByIdWithAccessAsync(collection.Id);
+
+        Assert.NotNull(actualCollection);
+        Assert.Equal("Updated Collection Name", actualCollection.Name);
+
+        var groups = actualAccess.Groups.ToArray();
+        Assert.Equal(2, groups.Length);
+        Assert.Single(groups, g => g.Id == group1.Id && g.Manage && g.HidePasswords && !g.ReadOnly);
+        Assert.Single(groups, g => g.Id == group2.Id && !g.Manage && !g.HidePasswords && g.ReadOnly);
+
+        var users = actualAccess.Users.ToArray();
+
+        Assert.Equal(2, users.Length);
+        Assert.Single(users, u => u.Id == orgUser1.Id && u.Manage && !u.HidePasswords && u.ReadOnly);
+        Assert.Single(users, u => u.Id == orgUser2.Id && !u.Manage && u.HidePasswords && !u.ReadOnly);
+
+        // Clean up data
+        await userRepository.DeleteAsync(user1);
+        await userRepository.DeleteAsync(user2);
+        await organizationRepository.DeleteAsync(organization);
+    }
 }