From c8d6a26ec311cb283f80ba751db5d6858bbe9001 Mon Sep 17 00:00:00 2001
From: Kyle Spearrin <kyle.spearrin@gmail.com>
Date: Mon, 13 Mar 2017 22:54:24 -0400
Subject: [PATCH] user vault associations

---
 .../OrganizationUsersController.cs            |  4 ++--
 .../OrganizationUserRequestModels.cs          |  6 ------
 .../Implementations/OrganizationService.cs    | 21 ++++++++++++-------
 .../Stored Procedures/SubvaultUser_Update.sql |  1 -
 4 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/src/Api/Controllers/OrganizationUsersController.cs b/src/Api/Controllers/OrganizationUsersController.cs
index fed8cf252..d70d6b364 100644
--- a/src/Api/Controllers/OrganizationUsersController.cs
+++ b/src/Api/Controllers/OrganizationUsersController.cs
@@ -59,7 +59,7 @@ namespace Bit.Api.Controllers
         {
             var user = await _userService.GetUserByPrincipalAsync(User);
             var result = await _organizationService.InviteUserAsync(new Guid(orgId), model.Email,
-                model.Subvaults.Select(s => s.ToSubvaultUser()));
+                model.Subvaults?.Select(s => s.ToSubvaultUser()));
         }
 
         [HttpPut("{id}/accept")]
@@ -87,7 +87,7 @@ namespace Bit.Api.Controllers
                 throw new NotFoundException();
             }
 
-            await _organizationService.SaveUserAsync(organizationUser, model.Subvaults.Select(s => s.ToSubvaultUser()));
+            await _organizationService.SaveUserAsync(organizationUser, model.Subvaults?.Select(s => s.ToSubvaultUser()));
         }
 
         [HttpDelete("{id}")]
diff --git a/src/Core/Models/Api/Request/Organizations/OrganizationUserRequestModels.cs b/src/Core/Models/Api/Request/Organizations/OrganizationUserRequestModels.cs
index 5e0edad03..ddae48e3d 100644
--- a/src/Core/Models/Api/Request/Organizations/OrganizationUserRequestModels.cs
+++ b/src/Core/Models/Api/Request/Organizations/OrganizationUserRequestModels.cs
@@ -28,7 +28,6 @@ namespace Bit.Core.Models.Api
 
     public class OrganizationUserSubvaultRequestModel
     {
-        public string Id { get; set; }
         public string SubvaultId { get; set; }
         public bool Admin { get; set; }
         public bool ReadOnly { get; set; }
@@ -46,11 +45,6 @@ namespace Bit.Core.Models.Api
                 subvault.SubvaultId = new Guid(SubvaultId);
             }
 
-            if(!string.IsNullOrWhiteSpace(Id))
-            {
-                subvault.Id = new Guid(Id);
-            }
-
             return subvault;
         }
     }
diff --git a/src/Core/Services/Implementations/OrganizationService.cs b/src/Core/Services/Implementations/OrganizationService.cs
index 338d71f25..b9909674d 100644
--- a/src/Core/Services/Implementations/OrganizationService.cs
+++ b/src/Core/Services/Implementations/OrganizationService.cs
@@ -164,26 +164,33 @@ namespace Bit.Core.Services
 
         private async Task SaveUserSubvaultsAsync(OrganizationUser user, IEnumerable<SubvaultUser> subvaults, bool newUser)
         {
+            if(subvaults == null)
+            {
+                subvaults = new List<SubvaultUser>();
+            }
+
             var orgSubvaults = await _subvaultRepository.GetManyByOrganizationIdAsync(user.OrganizationId);
             var currentUserSubvaults = newUser ? null : await _subvaultUserRepository.GetManyByOrganizationUserIdAsync(user.Id);
 
             // Let's make sure all these belong to this user and organization.
             var filteredSubvaults = subvaults.Where(s => orgSubvaults.Any(os => os.Id == s.SubvaultId));
-            if(!newUser)
-            {
-                filteredSubvaults = filteredSubvaults.Where(s =>
-                    s.Id == default(Guid) || currentUserSubvaults.Any(cs => cs.Id == s.Id));
-            }
-
             foreach(var subvault in filteredSubvaults)
             {
+                var existingSubvaultUser = currentUserSubvaults?.FirstOrDefault(cs => cs.SubvaultId == subvault.SubvaultId);
+                if(existingSubvaultUser != null)
+                {
+                    subvault.Id = existingSubvaultUser.Id;
+                    subvault.CreationDate = existingSubvaultUser.CreationDate;
+                }
+
                 subvault.OrganizationUserId = user.Id;
                 await _subvaultUserRepository.UpsertAsync(subvault);
             }
 
             if(!newUser)
             {
-                var subvaultsToDelete = currentUserSubvaults.Where(cs => !subvaults.Any(s => s.Id == cs.Id));
+                var subvaultsToDelete = currentUserSubvaults.Where(cs =>
+                    !filteredSubvaults.Any(s => s.SubvaultId == cs.SubvaultId));
                 foreach(var subvault in subvaultsToDelete)
                 {
                     await _subvaultUserRepository.DeleteAsync(subvault);
diff --git a/src/Sql/dbo/Stored Procedures/SubvaultUser_Update.sql b/src/Sql/dbo/Stored Procedures/SubvaultUser_Update.sql
index 5981f0a56..a96d77b3a 100644
--- a/src/Sql/dbo/Stored Procedures/SubvaultUser_Update.sql	
+++ b/src/Sql/dbo/Stored Procedures/SubvaultUser_Update.sql	
@@ -2,7 +2,6 @@
     @Id UNIQUEIDENTIFIER,
     @SubvaultId UNIQUEIDENTIFIER,
     @OrganizationUserId UNIQUEIDENTIFIER,
-    @Key VARCHAR(MAX),
     @Admin BIT,
     @ReadOnly BIT,
     @CreationDate DATETIME2(7),