[PM-28555] Add DefaultCollectionSemaphore table

src/Core/AdminConsole/Collections/DuplicateDefaultCollectionException.cs

@@ -0,0 +1,5 @@
+namespace Bit.Core.AdminConsole.Collections;
+
+public class DuplicateDefaultCollectionException()
+    : Exception("A My Items collection already exists for one or more of the specified organization members.");
+

src/Core/AdminConsole/OrganizationFeatures/Collections/CollectionUtils.cs

@@ -0,0 +1,62 @@
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Utilities;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.Collections;
+
+public static class CollectionUtils
+{
+    /// <summary>
+    /// Arranges semaphore, Collection and CollectionUser objects to create default user collections.
+    /// </summary>
+    /// <param name="organizationId">The organization ID.</param>
+    /// <param name="organizationUserIds">The IDs for organization users who need default collections.</param>
+    /// <param name="defaultCollectionName">The encrypted string to use as the default collection name.</param>
+    /// <returns>A tuple containing the semaphores, collections, and collection users.</returns>
+    public static (IEnumerable<DefaultCollectionSemaphore> semaphores,
+        IEnumerable<Collection> collections,
+        IEnumerable<CollectionUser> collectionUsers)
+        BuildDefaultUserCollections(Guid organizationId, IEnumerable<Guid> organizationUserIds,
+            string defaultCollectionName)
+    {
+        var now = DateTime.UtcNow;
+
+        var semaphores = new List<DefaultCollectionSemaphore>();
+        var collectionUsers = new List<CollectionUser>();
+        var collections = new List<Collection>();
+
+        foreach (var orgUserId in organizationUserIds)
+        {
+            var collectionId = CoreHelpers.GenerateComb();
+
+            semaphores.Add(new DefaultCollectionSemaphore
+            {
+                OrganizationUserId = orgUserId,
+                CreationDate = now
+            });
+
+            collections.Add(new Collection
+            {
+                Id = collectionId,
+                OrganizationId = organizationId,
+                Name = defaultCollectionName,
+                CreationDate = now,
+                RevisionDate = now,
+                Type = CollectionType.DefaultUserCollection,
+                DefaultUserCollectionEmail = null
+
+            });
+
+            collectionUsers.Add(new CollectionUser
+            {
+                CollectionId = collectionId,
+                OrganizationUserId = orgUserId,
+                ReadOnly = false,
+                HidePasswords = false,
+                Manage = true,
+            });
+        }
+
+        return (semaphores, collections, collectionUsers);
+    }
+}

src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/AutomaticallyConfirmOrganizationUserCommand.cs

@@ -2,9 +2,7 @@
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
-using Bit.Core.Entities;
 using Bit.Core.Enums;
-using Bit.Core.Models.Data;
 using Bit.Core.Platform.Push;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
@@ -79,19 +77,10 @@ private async Task CreateDefaultCollectionsAsync(AutomaticallyConfirmOrganizatio
                 return;
             }
 
-            await collectionRepository.CreateAsync(
-                new Collection
-                {
-                    OrganizationId = request.Organization!.Id,
-                    Name = request.DefaultUserCollectionName,
-                    Type = CollectionType.DefaultUserCollection
-                },
-                groups: null,
-                [new CollectionAccessSelection
-                {
-                    Id = request.OrganizationUser!.Id,
-                    Manage = true
-                }]);
+            await collectionRepository.CreateDefaultCollectionsAsync(
+                request.Organization!.Id,
+                [request.OrganizationUser!.Id],
+                request.DefaultUserCollectionName);
         }
         catch (Exception ex)
         {

src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/ConfirmOrganizationUserCommand.cs

@@ -12,7 +12,6 @@
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
-using Bit.Core.Models.Data;
 using Bit.Core.Platform.Push;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
@@ -297,21 +296,10 @@ private async Task CreateDefaultCollectionAsync(OrganizationUser organizationUse
             return;
         }
 
-        var defaultCollection = new Collection
-        {
-            OrganizationId = organizationUser.OrganizationId,
-            Name = defaultUserCollectionName,
-            Type = CollectionType.DefaultUserCollection
-        };
-        var collectionUser = new CollectionAccessSelection
-        {
-            Id = organizationUser.Id,
-            ReadOnly = false,
-            HidePasswords = false,
-            Manage = true
-        };
-
-        await _collectionRepository.CreateAsync(defaultCollection, groups: null, users: [collectionUser]);
+        await _collectionRepository.CreateDefaultCollectionsAsync(
+            organizationUser.OrganizationId,
+            [organizationUser.Id],
+            defaultUserCollectionName);
     }
 
     /// <summary>
@@ -347,6 +335,6 @@ private async Task CreateManyDefaultCollectionsAsync(Guid organizationId,
             return;
         }
 
-        await _collectionRepository.UpsertDefaultCollectionsAsync(organizationId, eligibleOrganizationUserIds, defaultUserCollectionName);
+        await _collectionRepository.CreateDefaultCollectionsAsync(organizationId, eligibleOrganizationUserIds, defaultUserCollectionName);
     }
 }

src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/OrganizationDataOwnershipPolicyValidator.cs

@@ -64,16 +64,26 @@ private async Task UpsertDefaultCollectionsForUsersAsync(PolicyUpdate policyUpda
         var userOrgIds = requirements
             .Select(requirement => requirement.GetDefaultCollectionRequestOnPolicyEnable(policyUpdate.OrganizationId))
             .Where(request => request.ShouldCreateDefaultCollection)
-            .Select(request => request.OrganizationUserId);
+            .Select(request => request.OrganizationUserId)
+            .ToList();
 
         if (!userOrgIds.Any())
         {
             return;
         }
 
-        await collectionRepository.UpsertDefaultCollectionsAsync(
+        // Filter out users who already have default collections
+        var existingSemaphores = await collectionRepository.GetDefaultCollectionSemaphoresAsync(userOrgIds);
+        var usersNeedingDefaultCollections = userOrgIds.Except(existingSemaphores).ToList();
+
+        if (!usersNeedingDefaultCollections.Any())
+        {
+            return;
+        }
+
+        await collectionRepository.CreateDefaultCollectionsBulkAsync(
             policyUpdate.OrganizationId,
-            userOrgIds,
+            usersNeedingDefaultCollections,
             defaultCollectionName);
     }
 }

src/Core/Entities/DefaultCollectionSemaphore.cs

@@ -0,0 +1,7 @@
+namespace Bit.Core.Entities;
+
+public class DefaultCollectionSemaphore
+{
+    public Guid OrganizationUserId { get; set; }
+    public DateTime CreationDate { get; set; } = DateTime.UtcNow;
+}

src/Core/Repositories/ICollectionRepository.cs

@@ -64,11 +64,38 @@ Task CreateOrUpdateAccessForManyAsync(Guid organizationId, IEnumerable<Guid> col
         IEnumerable<CollectionAccessSelection> users, IEnumerable<CollectionAccessSelection> groups);
 
     /// <summary>
-    /// Creates default user collections for the specified organization users if they do not already have one.
+    /// Creates default user collections for the specified organization users.
+    /// Throws an exception if any user already has a default collection for the organization.
     /// </summary>
     /// <param name="organizationId">The Organization ID.</param>
     /// <param name="organizationUserIds">The Organization User IDs to create default collections for.</param>
     /// <param name="defaultCollectionName">The encrypted string to use as the default collection name.</param>
-    /// <returns></returns>
-    Task UpsertDefaultCollectionsAsync(Guid organizationId, IEnumerable<Guid> organizationUserIds, string defaultCollectionName);
+    Task CreateDefaultCollectionsAsync(Guid organizationId, IEnumerable<Guid> organizationUserIds, string defaultCollectionName);
+
+    /// <summary>
+    /// Creates default user collections for the specified organization users using bulk insert operations.
+    /// Use this if you need to create collections for > ~1k users.
+    /// Throws an exception if any user already has a default collection for the organization.
+    /// </summary>
+    /// <param name="organizationId">The Organization ID.</param>
+    /// <param name="organizationUserIds">The Organization User IDs to create default collections for.</param>
+    /// <param name="defaultCollectionName">The encrypted string to use as the default collection name.</param>
+    /// <remarks>
+    /// If any of the OrganizationUsers may already have default collections, the caller should first filter out these
+    /// users using GetDefaultCollectionSemaphoresAsync before calling this method.
+    /// </remarks>
+    Task CreateDefaultCollectionsBulkAsync(Guid organizationId, IEnumerable<Guid> organizationUserIds, string defaultCollectionName);
+
+    /// <summary>
+    /// Gets default collection semaphores for the given organizationUserIds.
+    /// If an organizationUserId is missing from the result set, they do not have a semaphore set.
+    /// </summary>
+    /// <param name="organizationUserIds">The organization User IDs to check semaphores for.</param>
+    /// <returns>Collection of organization user IDs that have default collection semaphores.</returns>
+    /// <remarks>
+    /// The semaphore table is used to ensure that an organizationUser can only have 1 default collection.
+    /// (That is, a user may only have 1 default collection per organization.)
+    /// If a semaphore is returned, that user already has a default collection for that organization.
+    /// </remarks>
+    Task<HashSet<Guid>> GetDefaultCollectionSemaphoresAsync(IEnumerable<Guid> organizationUserIds);
 }

src/Infrastructure.Dapper/DapperHelpers.cs

@@ -160,6 +160,21 @@ public static DataTable ToGuidIdArrayTVP(this IEnumerable<Guid> ids)
         return ids.ToArrayTVP("GuidId");
     }
 
+    public static DataTable ToTwoGuidIdArrayTVP(this IEnumerable<(Guid id1, Guid id2)> values)
+    {
+        var table = new DataTable();
+        table.SetTypeName("[dbo].[TwoGuidIdArray]");
+        table.Columns.Add("Id1", typeof(Guid));
+        table.Columns.Add("Id2", typeof(Guid));
+
+        foreach (var value in values)
+        {
+            table.Rows.Add(value.id1, value.id2);
+        }
+
+        return table;
+    }
+
     public static DataTable ToArrayTVP<T>(this IEnumerable<T> values, string columnName)
     {
         var table = new DataTable();