[PM-28555] Create idempotent sproc for creating a My Items collection

src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/AutomaticallyConfirmOrganizationUserCommand.cs

@@ -2,9 +2,7 @@
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
-using Bit.Core.Entities;
 using Bit.Core.Enums;
-using Bit.Core.Models.Data;
 using Bit.Core.Platform.Push;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
@@ -79,19 +77,10 @@ private async Task CreateDefaultCollectionsAsync(AutomaticallyConfirmOrganizatio
                 return;
             }
 
-            await collectionRepository.CreateAsync(
-                new Collection
-                {
-                    OrganizationId = request.Organization!.Id,
-                    Name = request.DefaultUserCollectionName,
-                    Type = CollectionType.DefaultUserCollection
-                },
-                groups: null,
-                [new CollectionAccessSelection
-                {
-                    Id = request.OrganizationUser!.Id,
-                    Manage = true
-                }]);
+            await collectionRepository.UpsertDefaultCollectionAsync(
+                request.Organization!.Id,
+                request.OrganizationUser!.Id,
+                request.DefaultUserCollectionName);
         }
         catch (Exception ex)
         {

src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/ConfirmOrganizationUserCommand.cs

@@ -12,7 +12,6 @@
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
-using Bit.Core.Models.Data;
 using Bit.Core.Platform.Push;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
@@ -297,21 +296,10 @@ private async Task CreateDefaultCollectionAsync(OrganizationUser organizationUse
             return;
         }
 
-        var defaultCollection = new Collection
-        {
-            OrganizationId = organizationUser.OrganizationId,
-            Name = defaultUserCollectionName,
-            Type = CollectionType.DefaultUserCollection
-        };
-        var collectionUser = new CollectionAccessSelection
-        {
-            Id = organizationUser.Id,
-            ReadOnly = false,
-            HidePasswords = false,
-            Manage = true
-        };
-
-        await _collectionRepository.CreateAsync(defaultCollection, groups: null, users: [collectionUser]);
+        await _collectionRepository.UpsertDefaultCollectionAsync(
+            organizationUser.OrganizationId,
+            organizationUser.Id,
+            defaultUserCollectionName);
     }
 
     /// <summary>

src/Core/Entities/Collection.cs

@@ -8,16 +8,66 @@ namespace Bit.Core.Entities;
 
 public class Collection : ITableObject<Guid>
 {
+    /// <summary>
+    /// The unique identifier for the collection.
+    /// </summary>
     public Guid Id { get; set; }
+
+    /// <summary>
+    /// The identifier of the organization that owns this collection.
+    /// </summary>
     public Guid OrganizationId { get; set; }
+
+    /// <summary>
+    /// The name of the collection, encrypted with the organization symmetric key.
+    /// </summary>
     public string Name { get; set; } = null!;
+
+    /// <summary>
+    /// An external identifier for integration with external systems.
+    /// </summary>
     [MaxLength(300)]
     public string? ExternalId { get; set; }
+
+    /// <summary>
+    /// The date and time when the collection was created.
+    /// </summary>
     public DateTime CreationDate { get; set; } = DateTime.UtcNow;
+
+    /// <summary>
+    /// The date and time when the collection was last revised.
+    /// </summary>
     public DateTime RevisionDate { get; set; } = DateTime.UtcNow;
+
+    /// <summary>
+    /// The type of collection - see <see cref="CollectionType"/>.
+    /// </summary>
     public CollectionType Type { get; set; } = CollectionType.SharedCollection;
+
+    /// <summary>
+    /// The email address for the OrganizationUser associated with a DefaultUserCollection collection type.
+    /// </summary>
+    /// <remarks>
+    /// This is only populated at the time the OrganizationUser leaves or is removed from the organization.
+    /// It is then used as the collection name so that administrators can identify the collection.
+    /// It is null for all other collection types and at all other times.
+    /// </remarks>
     public string? DefaultUserCollectionEmail { get; set; }
 
+    /// <summary>
+    /// The ID for the OrganizationUser associated with this default collection.
+    /// INTERNAL DATABASE USE ONLY - DO NOT USE - SEE REMARKS.
+    /// </summary>
+    /// <remarks>
+    /// This is used to enforce uniqueness so that an OrganizationUser can only have 1 default collection
+    /// in a given organization.
+    /// It should NOT be used for any other purpose, used in the application code, or exposed to the front-end.
+    /// In particular, refer to the <see cref="CollectionUser"/> to evaluate user assignment and permissions.
+    /// Only populated for collections of type DefaultUserCollection.
+    /// Set to null when the OrganizationUser entry is deleted.
+    /// </remarks>
+    public Guid? DefaultCollectionOwner { get; set; }
+
     public void SetNewId()
     {
         Id = CoreHelpers.GenerateComb();

src/Core/Enums/CollectionType.cs

@@ -2,6 +2,16 @@
 
 public enum CollectionType
 {
+    /// <summary>
+    /// A standard collection used to share items within an organization.
+    /// </summary>
     SharedCollection = 0,
+
+    /// <summary>
+    /// The default collection for an OrganizationUser, called a "My Items" collection in the product.
+    /// This is used by an OrganizationUser to store their items within the organization and is not
+    /// accessible by other members.
+    /// It is only created if the Organization Data Ownership policy is enabled.
+    /// </summary>
     DefaultUserCollection = 1,
 }

src/Core/Repositories/ICollectionRepository.cs

@@ -71,4 +71,14 @@ Task CreateOrUpdateAccessForManyAsync(Guid organizationId, IEnumerable<Guid> col
     /// <param name="defaultCollectionName">The encrypted string to use as the default collection name.</param>
     /// <returns></returns>
     Task UpsertDefaultCollectionsAsync(Guid organizationId, IEnumerable<Guid> organizationUserIds, string defaultCollectionName);
+
+    /// <summary>
+    /// Creates a default user collection for the specified organization user if they do not already have one.
+    /// This operation is idempotent - calling it multiple times will not create duplicate collections.
+    /// </summary>
+    /// <param name="organizationId">The Organization ID.</param>
+    /// <param name="organizationUserId">The Organization User ID to create/find a default collection for.</param>
+    /// <param name="defaultCollectionName">The encrypted string to use as the default collection name.</param>
+    /// <returns>True if a new collection was created; false if the user already had a default collection.</returns>
+    Task<bool> UpsertDefaultCollectionAsync(Guid organizationId, Guid organizationUserId, string defaultCollectionName);
 }

src/Infrastructure.Dapper/Repositories/CollectionRepository.cs

@@ -396,6 +396,30 @@ public async Task UpsertDefaultCollectionsAsync(Guid organizationId, IEnumerable
         }
     }
 
+    public async Task<bool> UpsertDefaultCollectionAsync(Guid organizationId, Guid organizationUserId, string defaultCollectionName)
+    {
+        using (var connection = new SqlConnection(ConnectionString))
+        {
+            var collectionId = CoreHelpers.GenerateComb();
+            var now = DateTime.UtcNow;
+            var parameters = new DynamicParameters();
+            parameters.Add("@CollectionId", collectionId);
+            parameters.Add("@OrganizationId", organizationId);
+            parameters.Add("@OrganizationUserId", organizationUserId);
+            parameters.Add("@Name", defaultCollectionName);
+            parameters.Add("@CreationDate", now);
+            parameters.Add("@RevisionDate", now);
+            parameters.Add("@WasCreated", dbType: DbType.Boolean, direction: ParameterDirection.Output);
+
+            await connection.ExecuteAsync(
+                $"[{Schema}].[Collection_UpsertDefaultCollection]",
+                parameters,
+                commandType: CommandType.StoredProcedure);
+
+            return parameters.Get<bool>("@WasCreated");
+        }
+    }
+
     private async Task<HashSet<Guid>> GetOrgUserIdsWithDefaultCollectionAsync(SqlConnection connection, SqlTransaction transaction, Guid organizationId)
     {
         const string sql = @"
@@ -438,8 +462,8 @@ INNER JOIN
                 CreationDate = DateTime.UtcNow,
                 RevisionDate = DateTime.UtcNow,
                 Type = CollectionType.DefaultUserCollection,
-                DefaultUserCollectionEmail = null
-
+                DefaultUserCollectionEmail = null,
+                DefaultCollectionOwner = orgUserId
             });
 
             collectionUsers.Add(new CollectionUser

src/Infrastructure.EntityFramework/AdminConsole/Configurations/CollectionEntityTypeConfiguration.cs

@@ -0,0 +1,31 @@
+using Bit.Infrastructure.EntityFramework.Models;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Metadata.Builders;
+
+namespace Bit.Infrastructure.EntityFramework.AdminConsole.Configurations;
+
+public class CollectionEntityTypeConfiguration : IEntityTypeConfiguration<Collection>
+{
+    public void Configure(EntityTypeBuilder<Collection> builder)
+    {
+        builder
+            .Property(c => c.Id)
+            .ValueGeneratedNever();
+
+        builder
+            .HasIndex(c => new { c.DefaultCollectionOwner, c.OrganizationId, c.Type })
+            .IsUnique()
+            .HasFilter("[Type] = 1")
+            .HasDatabaseName("IX_Collection_DefaultCollectionOwner_OrganizationId_Type");
+
+        // Configure FK with NO ACTION delete behavior to prevent cascade conflicts
+        // Cleanup is handled explicitly in OrganizationUserRepository.DeleteAsync
+        builder
+            .HasOne<OrganizationUser>()
+            .WithMany()
+            .HasForeignKey(c => c.DefaultCollectionOwner)
+            .OnDelete(DeleteBehavior.NoAction);
+
+        builder.ToTable(nameof(Collection));
+    }
+}

src/Infrastructure.EntityFramework/AdminConsole/Repositories/OrganizationUserRepository.cs

@@ -114,7 +114,8 @@ await dbContext.Collections
                         .SetProperty(c => c.Type, CollectionType.SharedCollection)
                         .SetProperty(c => c.RevisionDate, utcNow)
                         .SetProperty(c => c.DefaultUserCollectionEmail,
-                            c => c.DefaultUserCollectionEmail == null ? email : c.DefaultUserCollectionEmail));
+                            c => c.DefaultUserCollectionEmail == null ? email : c.DefaultUserCollectionEmail)
+                        .SetProperty(c => c.DefaultCollectionOwner, (Guid?)null));
 
                 await dbContext.CollectionUsers
                     .Where(cu => cu.OrganizationUserId == organizationUser.Id)

src/Infrastructure.EntityFramework/Repositories/CollectionRepository.cs

@@ -821,6 +821,63 @@ public async Task UpsertDefaultCollectionsAsync(Guid organizationId, IEnumerable
         await dbContext.SaveChangesAsync();
     }
 
+    public async Task<bool> UpsertDefaultCollectionAsync(Guid organizationId, Guid organizationUserId, string defaultCollectionName)
+    {
+        using var scope = ServiceScopeFactory.CreateScope();
+        var dbContext = GetDatabaseContext(scope);
+
+        try
+        {
+            // Create new default collection
+            var collectionId = CoreHelpers.GenerateComb();
+            var now = DateTime.UtcNow;
+
+            var collection = new Collection
+            {
+                Id = collectionId,
+                OrganizationId = organizationId,
+                Name = defaultCollectionName,
+                ExternalId = null,
+                CreationDate = now,
+                RevisionDate = now,
+                Type = CollectionType.DefaultUserCollection,
+                DefaultUserCollectionEmail = null,
+                DefaultCollectionOwner = organizationUserId
+            };
+
+            var collectionUser = new CollectionUser
+            {
+                CollectionId = collectionId,
+                OrganizationUserId = organizationUserId,
+                ReadOnly = false,
+                HidePasswords = false,
+                Manage = true
+            };
+
+            await dbContext.Collections.AddAsync(collection);
+            await dbContext.CollectionUsers.AddAsync(collectionUser);
+            await dbContext.SaveChangesAsync();
+
+            // Bump user account revision dates
+            await dbContext.UserBumpAccountRevisionDateByCollectionIdAsync(collectionId, organizationId);
+            await dbContext.SaveChangesAsync();
+
+            return true;
+        }
+        catch (DbUpdateException ex) when (IsUniqueConstraintViolation(ex))
+        {
+            // Collection already exists, return false
+            return false;
+        }
+    }
+
+    private static bool IsUniqueConstraintViolation(DbUpdateException ex)
+    {
+        // Check if the inner exception is a SqlException with error 2601 or 2627
+        return ex.InnerException is Microsoft.Data.SqlClient.SqlException sqlEx
+            && (sqlEx.Number == 2601 || sqlEx.Number == 2627);
+    }
+
     private async Task<HashSet<Guid>> GetOrgUserIdsWithDefaultCollectionAsync(DatabaseContext dbContext, Guid organizationId)
     {
         var results = await dbContext.OrganizationUsers
@@ -861,8 +918,8 @@ private async Task<HashSet<Guid>> GetOrgUserIdsWithDefaultCollectionAsync(Databa
                 CreationDate = DateTime.UtcNow,
                 RevisionDate = DateTime.UtcNow,
                 Type = CollectionType.DefaultUserCollection,
-                DefaultUserCollectionEmail = null
-
+                DefaultUserCollectionEmail = null,
+                DefaultCollectionOwner = orgUserId
             });
 
             collectionUsers.Add(new CollectionUser