[PM-27884][PM-27886][PM-27885] - Add Cipher Archives (#6578)

* add Archives column to ciphers table

* add archives column

* update cipher archive/unarchive and cipher deatils query

* add migrations

* add missing migrations

* fixes

* update tests. cleanup

* syntax fix

* fix sql syntax

* fix sql

* fix CreateWithCollections

* fix sql

* fix migration file

* fix migration

* add go

* add missing go

* fix migrations

* add missing proc

* fix migrations

* implement claude suggestions

* fix test

* update cipher service and tests

* updates to soft delete

* update UserCipherDetailsQuery and migration

* update migration

* update archive ciphers command to allow org ciphers to be archived

* updates to archivedDate

* revert change to UserCipherDetails

* updates to migration and procs

* remove archivedDate from Cipher_CreateWithCollections

* remove trailing comma

* fix syntax errors

* fix migration

* add double quotes around datetime

* fix syntax error

* remove archivedDate from cipher entity

* re-add ArchivedDate into cipher

* fix migration

* do not set Cipher.ArchivedDate in CipherRepository

* re-add ArchivedDate until removed from the db

* set defaults

* change to CREATE OR ALTER

* fix migration

* fix migration file

* quote datetime

* fix existing archiveAsync test. add additional test

* quote datetime

* update migration

* do not wrap datetime in quotes

* do not wrap datetime in quotes

* fix migration

* clean up archives and archivedDate from procs

* fix UserCipherDetailsQuery

* fix setting date in JSON_MODIFY

* prefer cast over convert

* fix cipher response model

* re-add ArchivedDate

* add new keyword

* remove ArchivedDate from entity

* use custom parameters for CipherDetails_CreateWithCollections

* remove reference to archivedDate

* add missing param

* add missing param

* fix params

* fix cipher repository

* fix migration file

* update request/response models

* update migration

* remove Archives from Cipher_CreateWithCollections

* revert last change

* clean up

* remove comment

* remove column in migration

* change language in drop

* wrap in brackets

* put drop column in separate migration

* remove archivedDate column

* re-add archivedDate

* add refresh module

* bump migration name

* fix proc and migration

* do not require edit permission for archiving ciphers

* do not require edit permission for unarchiving ciphers

Author: jaasen-livefront

src/Api/Vault/Controllers/CiphersController.cs

@@ -903,7 +903,7 @@ public async Task PostBulkCollections([FromBody] CipherBulkUpdateCollectionsRequ
 
     [HttpPut("{id}/archive")]
     [RequireFeature(FeatureFlagKeys.ArchiveVaultItems)]
-    public async Task<CipherMiniResponseModel> PutArchive(Guid id)
+    public async Task<CipherResponseModel> PutArchive(Guid id)
     {
         var userId = _userService.GetProperUserId(User).Value;
 
@@ -914,19 +914,24 @@ public async Task<CipherMiniResponseModel> PutArchive(Guid id)
             throw new BadRequestException("Cipher was not archived. Ensure the provided ID is correct and you have permission to archive it.");
         }
 
-        return new CipherMiniResponseModel(archivedCipherOrganizationDetails.First(), _globalSettings, archivedCipherOrganizationDetails.First().OrganizationUseTotp);
+        return new CipherResponseModel(archivedCipherOrganizationDetails.First(),
+            await _userService.GetUserByPrincipalAsync(User),
+            await _applicationCacheService.GetOrganizationAbilitiesAsync(),
+            _globalSettings
+        );
     }
 
     [HttpPut("archive")]
     [RequireFeature(FeatureFlagKeys.ArchiveVaultItems)]
-    public async Task<ListResponseModel<CipherMiniResponseModel>> PutArchiveMany([FromBody] CipherBulkArchiveRequestModel model)
+    public async Task<ListResponseModel<CipherResponseModel>> PutArchiveMany([FromBody] CipherBulkArchiveRequestModel model)
     {
         if (!_globalSettings.SelfHosted && model.Ids.Count() > 500)
         {
             throw new BadRequestException("You can only archive up to 500 items at a time.");
         }
 
         var userId = _userService.GetProperUserId(User).Value;
+        var user = await _userService.GetUserByPrincipalAsync(User);
 
         var cipherIdsToArchive = new HashSet<Guid>(model.Ids);
 
@@ -937,9 +942,14 @@ public async Task<ListResponseModel<CipherMiniResponseModel>> PutArchiveMany([Fr
             throw new BadRequestException("No ciphers were archived. Ensure the provided IDs are correct and you have permission to archive them.");
         }
 
-        var responses = archivedCiphers.Select(c => new CipherMiniResponseModel(c, _globalSettings, c.OrganizationUseTotp));
+        var organizationAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync();
+        var responses = archivedCiphers.Select(c => new CipherResponseModel(c,
+            user,
+            organizationAbilities,
+            _globalSettings
+        ));
 
-        return new ListResponseModel<CipherMiniResponseModel>(responses);
+        return new ListResponseModel<CipherResponseModel>(responses);
     }
 
     [HttpDelete("{id}")]
@@ -1101,7 +1111,7 @@ public async Task PutDeleteManyAdmin([FromBody] CipherBulkDeleteRequestModel mod
 
     [HttpPut("{id}/unarchive")]
     [RequireFeature(FeatureFlagKeys.ArchiveVaultItems)]
-    public async Task<CipherMiniResponseModel> PutUnarchive(Guid id)
+    public async Task<CipherResponseModel> PutUnarchive(Guid id)
     {
         var userId = _userService.GetProperUserId(User).Value;
 
@@ -1112,19 +1122,25 @@ public async Task<CipherMiniResponseModel> PutUnarchive(Guid id)
             throw new BadRequestException("Cipher was not unarchived. Ensure the provided ID is correct and you have permission to archive it.");
         }
 
-        return new CipherMiniResponseModel(unarchivedCipherDetails.First(), _globalSettings, unarchivedCipherDetails.First().OrganizationUseTotp);
+        return new CipherResponseModel(unarchivedCipherDetails.First(),
+            await _userService.GetUserByPrincipalAsync(User),
+            await _applicationCacheService.GetOrganizationAbilitiesAsync(),
+            _globalSettings
+        );
     }
 
     [HttpPut("unarchive")]
     [RequireFeature(FeatureFlagKeys.ArchiveVaultItems)]
-    public async Task<ListResponseModel<CipherMiniResponseModel>> PutUnarchiveMany([FromBody] CipherBulkUnarchiveRequestModel model)
+    public async Task<ListResponseModel<CipherResponseModel>> PutUnarchiveMany([FromBody] CipherBulkUnarchiveRequestModel model)
     {
         if (!_globalSettings.SelfHosted && model.Ids.Count() > 500)
         {
             throw new BadRequestException("You can only unarchive up to 500 items at a time.");
         }
 
         var userId = _userService.GetProperUserId(User).Value;
+        var user = await _userService.GetUserByPrincipalAsync(User);
+        var organizationAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync();
 
         var cipherIdsToUnarchive = new HashSet<Guid>(model.Ids);
 
@@ -1135,9 +1151,9 @@ public async Task<ListResponseModel<CipherMiniResponseModel>> PutUnarchiveMany([
             throw new BadRequestException("Ciphers were not unarchived. Ensure the provided ID is correct and you have permission to archive it.");
         }
 
-        var responses = unarchivedCipherOrganizationDetails.Select(c => new CipherMiniResponseModel(c, _globalSettings, c.OrganizationUseTotp));
+        var responses = unarchivedCipherOrganizationDetails.Select(c => new CipherResponseModel(c, user, organizationAbilities, _globalSettings));
 
-        return new ListResponseModel<CipherMiniResponseModel>(responses);
+        return new ListResponseModel<CipherResponseModel>(responses);
     }
 
     [HttpPut("{id}/restore")]

src/Api/Vault/Models/Request/CipherRequestModel.cs

@@ -80,6 +80,7 @@ public CipherDetails ToCipherDetails(CipherDetails existingCipher)
     {
         existingCipher.FolderId = string.IsNullOrWhiteSpace(FolderId) ? null : (Guid?)new Guid(FolderId);
         existingCipher.Favorite = Favorite;
+        existingCipher.ArchivedDate = ArchivedDate;
         ToCipher(existingCipher);
         return existingCipher;
     }
@@ -127,9 +128,9 @@ public Cipher ToCipher(Cipher existingCipher, Guid? userId = null)
         var userIdKey = userId.HasValue ? userId.ToString().ToUpperInvariant() : null;
         existingCipher.Reprompt = Reprompt;
         existingCipher.Key = Key;
-        existingCipher.ArchivedDate = ArchivedDate;
         existingCipher.Folders = UpdateUserSpecificJsonField(existingCipher.Folders, userIdKey, FolderId);
         existingCipher.Favorites = UpdateUserSpecificJsonField(existingCipher.Favorites, userIdKey, Favorite);
+        existingCipher.Archives = UpdateUserSpecificJsonField(existingCipher.Archives, userIdKey, ArchivedDate);
 
         var hasAttachments2 = (Attachments2?.Count ?? 0) > 0;
         var hasAttachments = (Attachments?.Count ?? 0) > 0;

src/Api/Vault/Models/Response/CipherResponseModel.cs

@@ -70,7 +70,6 @@ public CipherMiniResponseModel(Cipher cipher, IGlobalSettings globalSettings, bo
         DeletedDate = cipher.DeletedDate;
         Reprompt = cipher.Reprompt.GetValueOrDefault(CipherRepromptType.None);
         Key = cipher.Key;
-        ArchivedDate = cipher.ArchivedDate;
     }
 
     public Guid Id { get; set; }
@@ -111,7 +110,6 @@ public CipherMiniResponseModel(Cipher cipher, IGlobalSettings globalSettings, bo
     public DateTime? DeletedDate { get; set; }
     public CipherRepromptType Reprompt { get; set; }
     public string Key { get; set; }
-    public DateTime? ArchivedDate { get; set; }
 }
 
 public class CipherResponseModel : CipherMiniResponseModel
@@ -127,6 +125,7 @@ public CipherResponseModel(
         FolderId = cipher.FolderId;
         Favorite = cipher.Favorite;
         Edit = cipher.Edit;
+        ArchivedDate = cipher.ArchivedDate;
         ViewPassword = cipher.ViewPassword;
         Permissions = new CipherPermissionsResponseModel(user, cipher, organizationAbilities);
     }
@@ -135,6 +134,7 @@ public CipherResponseModel(
     public bool Favorite { get; set; }
     public bool Edit { get; set; }
     public bool ViewPassword { get; set; }
+    public DateTime? ArchivedDate { get; set; }
     public CipherPermissionsResponseModel Permissions { get; set; }
 }
 

src/Core/Vault/Commands/ArchiveCiphersCommand.cs

@@ -37,7 +37,7 @@ public async Task<ICollection<CipherDetails>> ArchiveManyAsync(IEnumerable<Guid>
         }
 
         var archivingCiphers = ciphers
-            .Where(c => cipherIdsSet.Contains(c.Id) && c is { Edit: true, OrganizationId: null, ArchivedDate: null })
+            .Where(c => cipherIdsSet.Contains(c.Id) && c is { ArchivedDate: null })
             .ToList();
 
         var revisionDate = await _cipherRepository.ArchiveAsync(archivingCiphers.Select(c => c.Id), archivingUserId);

src/Core/Vault/Commands/UnarchiveCiphersCommand.cs

@@ -37,7 +37,7 @@ public async Task<ICollection<CipherDetails>> UnarchiveManyAsync(IEnumerable<Gui
         }
 
         var unarchivingCiphers = ciphers
-            .Where(c => cipherIdsSet.Contains(c.Id) && c is { Edit: true, ArchivedDate: not null })
+            .Where(c => cipherIdsSet.Contains(c.Id) && c is { ArchivedDate: not null })
             .ToList();
 
         var revisionDate =

src/Core/Vault/Entities/Cipher.cs

@@ -25,7 +25,7 @@ public class Cipher : ITableObject<Guid>, ICloneable
     public DateTime? DeletedDate { get; set; }
     public Enums.CipherRepromptType? Reprompt { get; set; }
     public string Key { get; set; }
-    public DateTime? ArchivedDate { get; set; }
+    public string Archives { get; set; }
 
     public void SetNewId()
     {

src/Core/Vault/Models/Data/CipherDetails.cs

@@ -9,7 +9,8 @@ public class CipherDetails : CipherOrganizationDetails
     public bool Edit { get; set; }
     public bool ViewPassword { get; set; }
     public bool Manage { get; set; }
-
+    // Per-user archived date from Archives JSON.
+    public DateTime? ArchivedDate { get; set; }
     public CipherDetails() { }
 
     public CipherDetails(CipherOrganizationDetails cipher)
@@ -51,6 +52,7 @@ public CipherDetailsWithCollections(
         Reprompt = cipher.Reprompt;
         Key = cipher.Key;
         FolderId = cipher.FolderId;
+        ArchivedDate = cipher.ArchivedDate;
         Favorite = cipher.Favorite;
         Edit = cipher.Edit;
         ViewPassword = cipher.ViewPassword;

src/Infrastructure.Dapper/AdminConsole/Helpers/BulkResourceCreationService.cs

@@ -218,8 +218,8 @@ private static DataTable BuildCiphersTable(SqlBulkCopy bulkCopy, IEnumerable<Cip
         ciphersTable.Columns.Add(revisionDateColumn);
         var deletedDateColumn = new DataColumn(nameof(c.DeletedDate), typeof(DateTime));
         ciphersTable.Columns.Add(deletedDateColumn);
-        var archivedDateColumn = new DataColumn(nameof(c.ArchivedDate), typeof(DateTime));
-        ciphersTable.Columns.Add(archivedDateColumn);
+        var archivesColumn = new DataColumn(nameof(c.Archives), typeof(string));
+        ciphersTable.Columns.Add(archivesColumn);
         var repromptColumn = new DataColumn(nameof(c.Reprompt), typeof(short));
         ciphersTable.Columns.Add(repromptColumn);
         var keyColummn = new DataColumn(nameof(c.Key), typeof(string));
@@ -249,7 +249,7 @@ private static DataTable BuildCiphersTable(SqlBulkCopy bulkCopy, IEnumerable<Cip
             row[creationDateColumn] = cipher.CreationDate;
             row[revisionDateColumn] = cipher.RevisionDate;
             row[deletedDateColumn] = cipher.DeletedDate.HasValue ? (object)cipher.DeletedDate : DBNull.Value;
-            row[archivedDateColumn] = cipher.ArchivedDate.HasValue ? cipher.ArchivedDate : DBNull.Value;
+            row[archivesColumn] = cipher.Archives;
             row[repromptColumn] = cipher.Reprompt.HasValue ? cipher.Reprompt.Value : DBNull.Value;
             row[keyColummn] = cipher.Key;
 

src/Infrastructure.EntityFramework/Repositories/Queries/UserCipherDetailsQuery.cs

@@ -5,7 +5,6 @@
 using Bit.Core.Enums;
 using Bit.Core.Vault.Models.Data;
 using Bit.Infrastructure.EntityFramework.Vault.Models;
-
 namespace Bit.Infrastructure.EntityFramework.Repositories.Queries;
 
 public class UserCipherDetailsQuery : IQuery<CipherDetails>
@@ -72,7 +71,7 @@ from cg in cg_g.DefaultIfEmpty()
                         OrganizationUseTotp = o.UseTotp,
                         c.Reprompt,
                         c.Key,
-                        c.ArchivedDate
+                        c.Archives
                     };
 
         var query2 = from c in dbContext.Ciphers
@@ -96,7 +95,7 @@ from cg in cg_g.DefaultIfEmpty()
                          OrganizationUseTotp = false,
                          c.Reprompt,
                          c.Key,
-                         c.ArchivedDate
+                         c.Archives
                      };
 
         var union = query.Union(query2).Select(c => new CipherDetails
@@ -118,11 +117,32 @@ from cg in cg_g.DefaultIfEmpty()
             Manage = c.Manage,
             OrganizationUseTotp = c.OrganizationUseTotp,
             Key = c.Key,
-            ArchivedDate = c.ArchivedDate
+            ArchivedDate = GetArchivedDate(_userId, new Cipher { Id = c.Id, Archives = c.Archives })
         });
         return union;
     }
 
+    private static DateTime? GetArchivedDate(Guid? userId, Cipher cipher)
+    {
+        try
+        {
+            if (userId.HasValue && !string.IsNullOrWhiteSpace(cipher.Archives))
+            {
+                var archives = JsonSerializer.Deserialize<Dictionary<Guid, DateTime>>(cipher.Archives);
+                if (archives.TryGetValue(userId.Value, out var archivedDate))
+                {
+                    return archivedDate;
+                }
+            }
+
+            return null;
+        }
+        catch
+        {
+            return null;
+        }
+    }
+
     private static Guid? GetFolderId(Guid? userId, Cipher cipher)
     {
         try

src/Infrastructure.EntityFramework/Vault/Repositories/CipherRepository.cs

@@ -811,7 +811,29 @@ on ucd.Id equals c.Id
             await cipherEntitiesToModify.ForEachAsync(cipher =>
             {
                 dbContext.Attach(cipher);
-                cipher.ArchivedDate = action == CipherStateAction.Unarchive ? null : utcNow;
+
+                // Build or load the per-user archives map
+                var archives = string.IsNullOrWhiteSpace(cipher.Archives)
+                    ? new Dictionary<Guid, DateTime>()
+                    : CoreHelpers.LoadClassFromJsonData<Dictionary<Guid, DateTime>>(cipher.Archives)
+                      ?? new Dictionary<Guid, DateTime>();
+
+                if (action == CipherStateAction.Unarchive)
+                {
+                    // Remove this user's archive record
+                    archives.Remove(userId);
+                }
+                else if (action == CipherStateAction.Archive)
+                {
+                    // Set this user's archive date
+                    archives[userId] = utcNow;
+                }
+
+                // Persist the updated JSON or clear it if empty
+                cipher.Archives = archives.Count == 0
+                    ? null
+                    : CoreHelpers.ClassToJsonData(archives);
+
                 cipher.RevisionDate = utcNow;
             });