[PM-25993] Fix default collection automatic selection based on organization policies (#2016)

Author: fedemkr

BitwardenShared/Core/Vault/Helpers/CollectionHelper.swift

@@ -9,7 +9,7 @@ protocol CollectionHelper { // sourcery: AutoMockable
 }
 
 /// Default implementation of `CollectionHelper`.
-struct DefaultCollectionHelper : CollectionHelper {
+struct DefaultCollectionHelper: CollectionHelper {
     // MARK: Properties
 
     /// The service used to manage syncing and updates to the user's organizations.

BitwardenShared/Core/Vault/Services/PolicyService.swift

@@ -43,6 +43,13 @@ protocol PolicyService: AnyObject {
     ///
     func isSendHideEmailDisabledByPolicy() async -> Bool
 
+    /// Gets the organizations IDs that are applying the policy to the active user.
+    ///
+    /// - Parameter policyType: The policy to check.
+    /// - Returns: The organizations applying the policy to the active user.
+    ///
+    func organizationsApplyingPolicyToUser(_ policyType: PolicyType) async -> [String]
+
     /// Determines whether a policy applies to the active user.
     ///
     /// - Parameter policyType: The policy to check.
@@ -358,6 +365,11 @@ extension DefaultPolicyService {
         }
     }
 
+    func organizationsApplyingPolicyToUser(_ policyType: PolicyType) async -> [String] {
+        let policies = await policiesApplyingToUser(policyType, filter: nil)
+        return policies.map(\.organizationId)
+    }
+
     func policyAppliesToUser(_ policyType: PolicyType) async -> Bool {
         await policyAppliesToUser(policyType, filter: nil)
     }

BitwardenShared/Core/Vault/Services/PolicyServiceTests.swift

@@ -415,6 +415,22 @@ class PolicyServiceTests: BitwardenTestCase { // swiftlint:disable:this type_bod
         XCTAssertNil(policyValues?.action)
     }
 
+    /// `organizationsApplyingPolicyToUser(_:)` returns the organization IDs which apply the policy.
+    func test_organizationsApplyingPolicyToUser() async {
+        stateService.activeAccount = .fixture()
+        organizationService.fetchAllOrganizationsResult = .success([
+            .fixture(id: "org-1"),
+            .fixture(id: "org-2"),
+        ])
+        policyDataStore.fetchPoliciesResult = .success([
+            .fixture(enabled: false, organizationId: "org-1", type: .twoFactorAuthentication),
+            .fixture(enabled: true, organizationId: "org-2", type: .twoFactorAuthentication),
+        ])
+
+        let organizations = await subject.organizationsApplyingPolicyToUser(.twoFactorAuthentication)
+        XCTAssertEqual(organizations, ["org-2"])
+    }
+
     /// `policyAppliesToUser(_:)` returns whether the policy applies to the user.
     func test_policyAppliesToUser() async {
         stateService.activeAccount = .fixture()

BitwardenShared/Core/Vault/Services/TestHelpers/MockPolicyService.swift

@@ -22,6 +22,8 @@ class MockPolicyService: PolicyService {
 
     var fetchTimeoutPolicyValuesResult: Result<(SessionTimeoutAction?, Int)?, Error> = .success(nil)
 
+    var organizationsApplyingPolicyToUserResult: [PolicyType: [String]] = [:]
+
     var policyAppliesToUserResult = [PolicyType: Bool]()
     var policyAppliesToUserPoliciesType = [PolicyType]()
     var policyAppliesToUserPolicies = [Policy]()
@@ -60,6 +62,10 @@ class MockPolicyService: PolicyService {
         try fetchTimeoutPolicyValuesResult.get()
     }
 
+    func organizationsApplyingPolicyToUser(_ policyType: BitwardenShared.PolicyType) async -> [String] {
+        organizationsApplyingPolicyToUserResult[policyType] ?? []
+    }
+
     func policyAppliesToUser(_ policyType: PolicyType) async -> Bool {
         policyAppliesToUserPoliciesType.append(policyType)
         return policyAppliesToUserResult[policyType] ?? false

BitwardenShared/UI/Vault/VaultItem/AddEditItem/AddEditItemProcessor.swift

@@ -280,7 +280,9 @@ final class AddEditItemProcessor: StateProcessor<// swiftlint:disable:this type_
     /// Fetches any additional data (e.g. organizations and folders) needed for adding or editing a cipher.
     private func fetchCipherOptions() async {
         do {
-            let isPersonalOwnershipDisabled = await services.policyService.policyAppliesToUser(.personalOwnership)
+            state.organizationsWithPersonalOwnershipPolicy = await services.policyService
+                .organizationsApplyingPolicyToUser(.personalOwnership)
+            let isPersonalOwnershipDisabled = !state.organizationsWithPersonalOwnershipPolicy.isEmpty
             let ownershipOptions = try await services.vaultRepository
                 .fetchCipherOwnershipOptions(includePersonal: !isPersonalOwnershipDisabled)
 
@@ -301,12 +303,9 @@ final class AddEditItemProcessor: StateProcessor<// swiftlint:disable:this type_
                 state.owner = ownershipOptions.first
             }
 
-            if state.configuration.isAdding {
-                let defaultCollection = state.collectionsForOwner.first(where: { $0.type == .defaultUserCollection })
-                if let defaultCollectionId = defaultCollection?.id, state.collectionIds.isEmpty {
-                    state.collectionIds.append(defaultCollectionId)
-                }
-            } else {
+            state.selectDefaultCollectionIfNeeded()
+
+            if !state.configuration.isAdding {
                 await services.eventService.collect(eventType: .cipherClientViewed, cipherId: state.cipher.id)
             }
         } catch {

BitwardenShared/UI/Vault/VaultItem/AddEditItem/AddEditItemProcessorTests.swift

@@ -1056,7 +1056,7 @@ class AddEditItemProcessorTests: BitwardenTestCase {
         ]
         vaultRepository.fetchCollectionsResult = .success(collections)
 
-        policyService.policyAppliesToUserResult[.personalOwnership] = true
+        policyService.organizationsApplyingPolicyToUserResult[.personalOwnership] = ["1"]
 
         await subject.perform(.fetchCipherOptions)
 
@@ -1092,7 +1092,7 @@ class AddEditItemProcessorTests: BitwardenTestCase {
             .fixture(id: "2", name: "Engineering"),
         ])
 
-        policyService.policyAppliesToUserResult[.personalOwnership] = true
+        policyService.organizationsApplyingPolicyToUserResult[.personalOwnership] = ["1"]
 
         await subject.perform(.fetchCipherOptions)
 
@@ -1138,7 +1138,7 @@ class AddEditItemProcessorTests: BitwardenTestCase {
             .fixture(id: "3", name: "Platform", organizationId: "1"),
         ]
 
-        policyService.policyAppliesToUserResult[.personalOwnership] = true
+        policyService.organizationsApplyingPolicyToUserResult[.personalOwnership] = ["1"]
         vaultRepository.fetchCipherOwnershipOptions = [.organization(id: "1", name: "OrgTest")]
         vaultRepository.fetchCollectionsResult = .success(collections)
 
@@ -1160,7 +1160,7 @@ class AddEditItemProcessorTests: BitwardenTestCase {
             .fixture(id: "3", name: "Platform", organizationId: "1", type: .defaultUserCollection),
         ]
 
-        policyService.policyAppliesToUserResult[.personalOwnership] = true
+        policyService.organizationsApplyingPolicyToUserResult[.personalOwnership] = ["1"]
         vaultRepository.fetchCipherOwnershipOptions = [.organization(id: "1", name: "OrgTest")]
         vaultRepository.fetchCollectionsResult = .success(collections)
 
@@ -1180,7 +1180,7 @@ class AddEditItemProcessorTests: BitwardenTestCase {
             .fixture(id: "2", name: "Engineering", organizationId: "1", type: .sharedCollection),
         ]
 
-        policyService.policyAppliesToUserResult[.personalOwnership] = true
+        policyService.organizationsApplyingPolicyToUserResult[.personalOwnership] = ["1"]
         vaultRepository.fetchCipherOwnershipOptions = [.organization(id: "1", name: "OrgTest")]
         vaultRepository.fetchCollectionsResult = .success(collections)
 
@@ -1200,7 +1200,7 @@ class AddEditItemProcessorTests: BitwardenTestCase {
             .fixture(id: "2", name: "Engineering", organizationId: "1", type: .sharedCollection),
         ]
 
-        policyService.policyAppliesToUserResult[.personalOwnership] = false
+        policyService.organizationsApplyingPolicyToUserResult[.personalOwnership] = []
         vaultRepository.fetchCipherOwnershipOptions = [.organization(id: "1", name: "OrgTest")]
         vaultRepository.fetchCollectionsResult = .success(collections)
 
@@ -1220,7 +1220,7 @@ class AddEditItemProcessorTests: BitwardenTestCase {
             .fixture(id: "2", name: "Engineering", organizationId: "1"),
         ]
 
-        policyService.policyAppliesToUserResult[.personalOwnership] = true
+        policyService.organizationsApplyingPolicyToUserResult[.personalOwnership] = ["1"]
         vaultRepository.fetchCipherOwnershipOptions = [.organization(id: "1", name: "OrgTest")]
         vaultRepository.fetchCollectionsResult = .success(collections)
 
@@ -1245,7 +1245,7 @@ class AddEditItemProcessorTests: BitwardenTestCase {
             .fixture(id: "2", name: "Engineering", organizationId: "1"),
         ]
 
-        policyService.policyAppliesToUserResult[.personalOwnership] = true
+        policyService.organizationsApplyingPolicyToUserResult[.personalOwnership] = ["1"]
         vaultRepository.fetchCipherOwnershipOptions = [.organization(id: "1", name: "OrgTest")]
         vaultRepository.fetchCollectionsResult = .success(collections)
 

BitwardenShared/UI/Vault/VaultItem/AddEditItem/AddEditItemState.swift

@@ -88,6 +88,9 @@ protocol AddEditItemState: Sendable {
     /// The organization ID of the cipher, if the cipher is owned by an organization.
     var organizationId: String? { get }
 
+    /// The organization IDs that have `.personalOwnership` policy applied.
+    var organizationsWithPersonalOwnershipPolicy: [String] { get set }
+
     /// The owner of this item.
     var owner: CipherOwner? { get set }
 
@@ -123,6 +126,9 @@ protocol AddEditItemState: Sendable {
     ///
     mutating func toggleCollection(newValue: Bool, collectionId: String)
 
+    /// Selects the `.defaultUserCollection` if needed, mainly checking the organization policies apply.
+    mutating func selectDefaultCollectionIfNeeded()
+
     /// Updates the `CipherView` fields of `CipherItemState` with an updated `CipherView`. This will
     /// preserve any additional UI properties on the state.
     ///

BitwardenShared/UI/Vault/VaultItem/CipherItemState.swift

@@ -107,6 +107,9 @@ struct CipherItemState: Equatable { // swiftlint:disable:this type_body_length
     /// The name of the organization the cipher belongs to, if any.
     var organizationName: String?
 
+    /// The organization IDs that have `.personalOwnership` policy applied.
+    var organizationsWithPersonalOwnershipPolicy: [String] = []
+
     /// The list of ownership options that can be selected for the cipher.
     var ownershipOptions = [CipherOwner]()
 
@@ -248,6 +251,7 @@ struct CipherItemState: Equatable { // swiftlint:disable:this type_body_length
         set {
             organizationId = newValue?.organizationId
             collectionIds = []
+            selectDefaultCollectionIfNeeded()
         }
     }
 
@@ -425,6 +429,8 @@ struct CipherItemState: Equatable { // swiftlint:disable:this type_body_length
 }
 
 extension CipherItemState: AddEditItemState {
+    // MARK: Properties
+
     var navigationTitle: String {
         switch configuration {
         case .add:
@@ -446,6 +452,25 @@ extension CipherItemState: AddEditItemState {
         }
     }
 
+    // MARK: Methods
+
+    mutating func selectDefaultCollectionIfNeeded() {
+        guard configuration.isAdding else {
+            return
+        }
+
+        let defaultCollectionForOwner = collectionsForOwner.first(where: { $0.type == .defaultUserCollection })
+
+        guard let defaultCollectionId = defaultCollectionForOwner?.id,
+              collectionIds.isEmpty,
+              let ownerOrganizationId = owner?.organizationId,
+              organizationsWithPersonalOwnershipPolicy.contains(ownerOrganizationId) else {
+            return
+        }
+
+        collectionIds.append(defaultCollectionId)
+    }
+
     mutating func update(from cipherView: CipherView) {
         apply(cipherView: cipherView)
     }

BitwardenShared/UI/Vault/VaultItem/CipherItemStateTests.swift

@@ -408,6 +408,129 @@ class CipherItemStateTests: BitwardenTestCase { // swiftlint:disable:this type_b
         XCTAssertEqual(subjectSSHKey.navigationTitle, Localizations.newSSHKey)
     }
 
+    /// `setter:owner` adds the default user collection to the collection IDs
+    /// when it's adding, there's a default user collection for the owner organization and such
+    /// organization has the `.personalOwnership` policy turned on.
+    func test_owner_addsDefaultCollection() {
+        var subject = CipherItemState(hasPremium: false)
+        subject.organizationId = "2"
+        subject.ownershipOptions = [
+            .organization(id: "1", name: "Org"),
+            .organization(id: "2", name: "Org2"),
+            .organization(id: "3", name: "Org3"),
+        ]
+        subject.allUserCollections = [
+            .fixture(id: "1", organizationId: "1", type: .defaultUserCollection),
+            .fixture(id: "2", organizationId: "1"),
+            .fixture(id: "3", organizationId: "2"),
+            .fixture(id: "4", organizationId: "2", type: .defaultUserCollection),
+        ]
+        subject.organizationsWithPersonalOwnershipPolicy = ["1", "2"]
+        subject.collectionIds = []
+
+        subject.owner = .organization(id: "1", name: "Org")
+        XCTAssertEqual(subject.collectionIds, ["1"])
+    }
+
+    /// `selectDefaultCollectionIfNeeded()` adds the default user collection to the collection IDs
+    /// when it's adding, there's a default user collection for the owner organization and such
+    /// organization has the `.personalOwnership` policy turned on.
+    func test_selectDefaultCollectionIfNeeded_addsDefaultCollection() {
+        var subject = CipherItemState(hasPremium: false)
+        subject.organizationId = "1"
+        subject.ownershipOptions = [
+            .organization(id: "1", name: "Org"),
+            .organization(id: "2", name: "Org2"),
+            .organization(id: "3", name: "Org3"),
+        ]
+        subject.allUserCollections = [
+            .fixture(id: "1", organizationId: "1", type: .defaultUserCollection),
+            .fixture(id: "2", organizationId: "1"),
+            .fixture(id: "3", organizationId: "2"),
+            .fixture(id: "4", organizationId: "2", type: .defaultUserCollection),
+        ]
+        subject.organizationsWithPersonalOwnershipPolicy = ["1", "2"]
+        subject.collectionIds = []
+
+        subject.selectDefaultCollectionIfNeeded()
+        XCTAssertEqual(subject.collectionIds, ["1"])
+
+        // added this to check that the collection doesn't get duplicated
+        // when the function is called twice.
+        subject.selectDefaultCollectionIfNeeded()
+        XCTAssertEqual(subject.collectionIds, ["1"])
+    }
+
+    /// `selectDefaultCollectionIfNeeded()` doesn't add the default user collection to the collection IDs
+    /// when it's editing.
+    func test_selectDefaultCollectionIfNeeded_editing() throws {
+        var subject = try XCTUnwrap(CipherItemState(existing: .fixture(id: "1"), hasPremium: false))
+        subject.organizationId = "1"
+        subject.ownershipOptions = [
+            .organization(id: "1", name: "Org"),
+            .organization(id: "2", name: "Org2"),
+            .organization(id: "3", name: "Org3"),
+        ]
+        subject.allUserCollections = [
+            .fixture(id: "1", organizationId: "1", type: .defaultUserCollection),
+            .fixture(id: "2", organizationId: "1"),
+            .fixture(id: "3", organizationId: "2"),
+            .fixture(id: "4", organizationId: "2", type: .defaultUserCollection),
+        ]
+        subject.organizationsWithPersonalOwnershipPolicy = ["1", "2"]
+        subject.collectionIds = []
+
+        subject.selectDefaultCollectionIfNeeded()
+        XCTAssertEqual(subject.collectionIds, [])
+    }
+
+    /// `selectDefaultCollectionIfNeeded()` doesn't add the default user collection to the collection IDs
+    /// when it's adding, but there's no default user collection for the owner organization.
+    func test_selectDefaultCollectionIfNeeded_noDefaultCollection() {
+        var subject = CipherItemState(hasPremium: false)
+        subject.organizationId = "1"
+        subject.ownershipOptions = [
+            .organization(id: "1", name: "Org"),
+            .organization(id: "2", name: "Org2"),
+            .organization(id: "3", name: "Org3"),
+        ]
+        subject.allUserCollections = [
+            .fixture(id: "1", organizationId: "1"),
+            .fixture(id: "2", organizationId: "1"),
+            .fixture(id: "3", organizationId: "2"),
+            .fixture(id: "4", organizationId: "2", type: .defaultUserCollection),
+        ]
+        subject.organizationsWithPersonalOwnershipPolicy = ["1", "2"]
+        subject.collectionIds = []
+
+        subject.selectDefaultCollectionIfNeeded()
+        XCTAssertEqual(subject.collectionIds, [])
+    }
+
+    /// `selectDefaultCollectionIfNeeded()` doesn't add the default user collection to the collection IDs
+    /// when it's adding, there's  default user collection for the owner organization and such
+    /// organization has the `.personalOwnership` policy turned off.
+    func test_selectDefaultCollectionIfNeeded_personalOwnershipOff() {
+        var subject = CipherItemState(hasPremium: false)
+        subject.organizationId = "1"
+        subject.ownershipOptions = [
+            .organization(id: "1", name: "Org"),
+            .organization(id: "2", name: "Org2"),
+            .organization(id: "3", name: "Org3"),
+        ]
+        subject.allUserCollections = [
+            .fixture(id: "1", organizationId: "1", type: .defaultUserCollection),
+            .fixture(id: "2", organizationId: "1"),
+            .fixture(id: "3", organizationId: "2"),
+            .fixture(id: "4", organizationId: "2", type: .defaultUserCollection),
+        ]
+        subject.organizationsWithPersonalOwnershipPolicy = ["2"]
+        subject.collectionIds = []
+
+        subject.selectDefaultCollectionIfNeeded()
+        XCTAssertEqual(subject.collectionIds, [])
+    }
+
     /// `shouldShowLearnNewLoginActionCard` should be `true`, if the cipher is a login type and configuration is `.add`.
     func test_shouldShowLearnNewLoginActionCard_true() {
         let cipher = CipherView.loginFixture(login: .fixture(fido2Credentials: [.fixture()]))