[PM-20554] fix admin endpoint for deleting unassigned items (#6061)

* fix admin endpoint for deleting unassigned items * whitespace cleanup * fix tests * switch type cast to constructor for CipherDetails * fix tests
2025-12-11 04:34:37 -06:00 · 2025-07-14 15:50:10 -04:00 · 2025-07-14 15:50:10 -04:00 · 676f39cef8
commit 676f39cef8
parent d914ab8a98
2 changed files with 107 additions and 89 deletions
--- a/src/Api/Vault/Controllers/CiphersController.cs
+++ b/src/Api/Vault/Controllers/CiphersController.cs
@ -926,14 +926,14 @@ public class CiphersController : Controller
    public async Task PutDeleteAdmin(Guid id)
    {
        var userId = _userService.GetProperUserId(User).Value;
-        var cipher = await GetByIdAsync(id, userId);
+        var cipher = await GetByIdAsyncAdmin(id);
        if (cipher == null || !cipher.OrganizationId.HasValue ||
            !await CanDeleteOrRestoreCipherAsAdminAsync(cipher.OrganizationId.Value, new[] { cipher.Id }))
        {
            throw new NotFoundException();
        }

-        await _cipherService.SoftDeleteAsync(cipher, userId, true);
+        await _cipherService.SoftDeleteAsync(new CipherDetails(cipher), userId, true);
    }

    [HttpPut("delete")]
@ -995,14 +995,14 @@ public class CiphersController : Controller
    public async Task<CipherMiniResponseModel> PutRestoreAdmin(Guid id)
    {
        var userId = _userService.GetProperUserId(User).Value;
-        var cipher = await GetByIdAsync(id, userId);
+        var cipher = await GetByIdAsyncAdmin(id);
        if (cipher == null || !cipher.OrganizationId.HasValue ||
            !await CanDeleteOrRestoreCipherAsAdminAsync(cipher.OrganizationId.Value, new[] { cipher.Id }))
        {
            throw new NotFoundException();
        }

-        await _cipherService.RestoreAsync(cipher, userId, true);
+        await _cipherService.RestoreAsync(new CipherDetails(cipher), userId, true);
        return new CipherMiniResponseModel(cipher, _globalSettings, cipher.OrganizationUseTotp);
    }

@ -1412,6 +1412,11 @@ public class CiphersController : Controller
        }
    }

+    private async Task<CipherOrganizationDetails> GetByIdAsyncAdmin(Guid cipherId)
+    {
+        return await _cipherRepository.GetOrganizationDetailsByIdAsync(cipherId);
+    }
+
    private async Task<CipherDetails> GetByIdAsync(Guid cipherId, Guid userId)
    {
        return await _cipherRepository.GetByIdAsync(cipherId, userId);
--- a/test/Api.Test/Vault/Controllers/CiphersControllerTests.cs
+++ b/test/Api.Test/Vault/Controllers/CiphersControllerTests.cs
@ -590,11 +590,13 @@ public class CiphersControllerTests
    [BitAutoData(OrganizationUserType.Owner)]
    [BitAutoData(OrganizationUserType.Admin)]
    public async Task PutDeleteAdmin_WithOwnerOrAdmin_WithManagePermission_SoftDeletesCipher(
-        OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId,
+        OrganizationUserType organizationUserType, CipherOrganizationDetails cipherOrgDetails, Guid userId,
        CurrentContextOrganization organization, SutProvider<CiphersController> sutProvider)
    {
-        cipherDetails.UserId = null;
-        cipherDetails.OrganizationId = organization.Id;
+        cipherOrgDetails.UserId = null;
+        cipherOrgDetails.OrganizationId = organization.Id;
+
+        var cipherDetails = new CipherDetails(cipherOrgDetails);
        cipherDetails.Edit = true;
        cipherDetails.Manage = true;

@ -603,7 +605,7 @@ public class CiphersControllerTests
        sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(userId);
        sutProvider.GetDependency<IUserService>().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(new User { Id = userId });
        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
-        sutProvider.GetDependency<ICipherRepository>().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails);
+        sutProvider.GetDependency<ICipherRepository>().GetOrganizationDetailsByIdAsync(cipherDetails.Id).Returns(cipherDetails);
        sutProvider.GetDependency<ICipherRepository>()
            .GetManyByUserIdAsync(userId)
            .Returns(new List<CipherDetails>
@ -620,7 +622,8 @@ public class CiphersControllerTests

        await sutProvider.Sut.PutDeleteAdmin(cipherDetails.Id);

-        await sutProvider.GetDependency<ICipherService>().Received(1).SoftDeleteAsync(cipherDetails, userId, true);
+        await sutProvider.GetDependency<ICipherService>().Received(1).SoftDeleteAsync(
+                Arg.Is<CipherDetails>(c => c.OrganizationId.Equals(cipherOrgDetails.OrganizationId)), userId, true);
    }

    [Theory]
@ -665,20 +668,20 @@ public class CiphersControllerTests
    [BitAutoData(OrganizationUserType.Owner)]
    [BitAutoData(OrganizationUserType.Admin)]
    public async Task PutDeleteAdmin_WithOwnerOrAdmin_WithAccessToUnassignedCipher_SoftDeletesCipher(
-        OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId,
+        OrganizationUserType organizationUserType, CipherOrganizationDetails cipherOrgDetails, Guid userId,
        CurrentContextOrganization organization, SutProvider<CiphersController> sutProvider)
    {
-        cipherDetails.OrganizationId = organization.Id;
+        cipherOrgDetails.OrganizationId = organization.Id;
        organization.Type = organizationUserType;

        sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(userId);
        sutProvider.GetDependency<IUserService>().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(new User { Id = userId });
-        sutProvider.GetDependency<ICipherRepository>().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails);
+        sutProvider.GetDependency<ICipherRepository>().GetOrganizationDetailsByIdAsync(cipherOrgDetails.Id).Returns(cipherOrgDetails);
        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);

        sutProvider.GetDependency<ICipherRepository>()
            .GetManyUnassignedOrganizationDetailsByOrganizationIdAsync(organization.Id)
-            .Returns(new List<CipherOrganizationDetails> { new() { Id = cipherDetails.Id, OrganizationId = organization.Id } });
+            .Returns(new List<CipherOrganizationDetails> { new() { Id = cipherOrgDetails.Id, OrganizationId = organization.Id } });
        sutProvider.GetDependency<IApplicationCacheService>()
            .GetOrganizationAbilityAsync(organization.Id)
            .Returns(new OrganizationAbility
@ -687,74 +690,80 @@ public class CiphersControllerTests
                LimitItemDeletion = true
            });

-        await sutProvider.Sut.PutDeleteAdmin(cipherDetails.Id);
+        await sutProvider.Sut.PutDeleteAdmin(cipherOrgDetails.Id);

-        await sutProvider.GetDependency<ICipherService>().Received(1).SoftDeleteAsync(cipherDetails, userId, true);
+        await sutProvider.GetDependency<ICipherService>().Received(1).SoftDeleteAsync(
+                Arg.Is<CipherDetails>(c => c.OrganizationId.Equals(cipherOrgDetails.OrganizationId)), userId, true);
    }

    [Theory]
    [BitAutoData(OrganizationUserType.Owner)]
    [BitAutoData(OrganizationUserType.Admin)]
    public async Task PutDeleteAdmin_WithOwnerOrAdmin_WithAccessToAllCollectionItems_SoftDeletesCipher(
-        OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId,
+        OrganizationUserType organizationUserType, CipherOrganizationDetails cipherOrgDetails, Guid userId,
        CurrentContextOrganization organization, SutProvider<CiphersController> sutProvider)
    {
-        cipherDetails.OrganizationId = organization.Id;
+        cipherOrgDetails.OrganizationId = organization.Id;
        organization.Type = organizationUserType;

        sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(userId);
        sutProvider.GetDependency<IUserService>().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(new User { Id = userId });
-        sutProvider.GetDependency<ICipherRepository>().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails);
+        sutProvider.GetDependency<ICipherRepository>().GetOrganizationDetailsByIdAsync(cipherOrgDetails.Id).Returns(cipherOrgDetails);
        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
-        sutProvider.GetDependency<ICipherRepository>().GetManyByOrganizationIdAsync(organization.Id).Returns(new List<Cipher> { cipherDetails });
+        sutProvider.GetDependency<ICipherRepository>().GetManyByOrganizationIdAsync(organization.Id).Returns(new List<Cipher> { cipherOrgDetails });
        sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organization.Id).Returns(new OrganizationAbility
        {
            Id = organization.Id,
            AllowAdminAccessToAllCollectionItems = true
        });

-        await sutProvider.Sut.PutDeleteAdmin(cipherDetails.Id);
+        await sutProvider.Sut.PutDeleteAdmin(cipherOrgDetails.Id);

-        await sutProvider.GetDependency<ICipherService>().Received(1).SoftDeleteAsync(cipherDetails, userId, true);
+        await sutProvider.GetDependency<ICipherService>().Received(1).SoftDeleteAsync(
+                Arg.Is<CipherDetails>(c => c.OrganizationId.Equals(cipherOrgDetails.OrganizationId)), userId, true);
    }

    [Theory]
    [BitAutoData]
    public async Task PutDeleteAdmin_WithCustomUser_WithEditAnyCollectionTrue_SoftDeletesCipher(
-        CipherDetails cipherDetails, Guid userId,
+        CipherOrganizationDetails cipherOrgDetails, Guid userId,
        CurrentContextOrganization organization, SutProvider<CiphersController> sutProvider)
    {
-        cipherDetails.OrganizationId = organization.Id;
+        cipherOrgDetails.OrganizationId = organization.Id;
        organization.Type = OrganizationUserType.Custom;
        organization.Permissions.EditAnyCollection = true;

        sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(userId);
-        sutProvider.GetDependency<ICipherRepository>().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails);
+        sutProvider.GetDependency<ICipherRepository>().GetOrganizationDetailsByIdAsync(cipherOrgDetails.Id).Returns(cipherOrgDetails);
        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
-        sutProvider.GetDependency<ICipherRepository>().GetManyByOrganizationIdAsync(organization.Id).Returns(new List<Cipher> { cipherDetails });
+        sutProvider.GetDependency<ICipherRepository>().GetManyByOrganizationIdAsync(organization.Id).Returns(new List<Cipher> { cipherOrgDetails });

-        await sutProvider.Sut.PutDeleteAdmin(cipherDetails.Id);
+        await sutProvider.Sut.PutDeleteAdmin(cipherOrgDetails.Id);

-        await sutProvider.GetDependency<ICipherService>().Received(1).SoftDeleteAsync(cipherDetails, userId, true);
+        await sutProvider.GetDependency<ICipherService>().Received(1).SoftDeleteAsync(
+                Arg.Is<CipherDetails>(c => c.OrganizationId.Equals(cipherOrgDetails.OrganizationId)), userId, true);
    }

    [Theory]
    [BitAutoData(OrganizationUserType.Owner)]
    [BitAutoData(OrganizationUserType.Admin)]
    public async Task PutDeleteAdmin_WithOwnerOrAdmin_WithEditPermission_WithLimitItemDeletionFalse_SoftDeletesCipher(
-        OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId,
+        OrganizationUserType organizationUserType, CipherOrganizationDetails cipherOrgDetails, Guid userId,
        CurrentContextOrganization organization, SutProvider<CiphersController> sutProvider)
    {
-        cipherDetails.UserId = null;
-        cipherDetails.OrganizationId = organization.Id;
+        cipherOrgDetails.UserId = null;
+        cipherOrgDetails.OrganizationId = organization.Id;
+
+        var cipherDetails = new CipherDetails(cipherOrgDetails);
        cipherDetails.Edit = true;
        cipherDetails.Manage = false; // Only Edit permission, not Manage
+
        organization.Type = organizationUserType;

        sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(userId);
        sutProvider.GetDependency<IUserService>().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(new User { Id = userId });
        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
-        sutProvider.GetDependency<ICipherRepository>().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails);
+        sutProvider.GetDependency<ICipherRepository>().GetOrganizationDetailsByIdAsync(cipherDetails.Id).Returns(cipherDetails);
        sutProvider.GetDependency<ICipherRepository>()
            .GetManyByUserIdAsync(userId)
            .Returns(new List<CipherDetails> { cipherDetails });
@ -768,7 +777,8 @@ public class CiphersControllerTests

        await sutProvider.Sut.PutDeleteAdmin(cipherDetails.Id);

-        await sutProvider.GetDependency<ICipherService>().Received(1).SoftDeleteAsync(cipherDetails, userId, true);
+        await sutProvider.GetDependency<ICipherService>().Received(1).SoftDeleteAsync(
+                Arg.Is<CipherDetails>(c => c.OrganizationId.Equals(cipherOrgDetails.OrganizationId)), userId, true);
    }

    [Theory]
@ -787,7 +797,7 @@ public class CiphersControllerTests
        sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(userId);
        sutProvider.GetDependency<IUserService>().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(new User { Id = userId });
        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
-        sutProvider.GetDependency<ICipherRepository>().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails);
+        sutProvider.GetDependency<ICipherRepository>().GetOrganizationDetailsByIdAsync(cipherDetails.Id).Returns(cipherDetails);
        sutProvider.GetDependency<ICipherRepository>()
            .GetManyByUserIdAsync(userId)
            .Returns(new List<CipherDetails> { cipherDetails });
@ -1061,13 +1071,15 @@ public class CiphersControllerTests
    [BitAutoData(OrganizationUserType.Owner)]
    [BitAutoData(OrganizationUserType.Admin)]
    public async Task PutRestoreAdmin_WithOwnerOrAdmin_WithManagePermission_RestoresCipher(
-        OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId,
+        OrganizationUserType organizationUserType, CipherOrganizationDetails cipherOrgDetails, Guid userId,
        CurrentContextOrganization organization, SutProvider<CiphersController> sutProvider)
    {
-        cipherDetails.UserId = null;
-        cipherDetails.OrganizationId = organization.Id;
-        cipherDetails.Type = CipherType.Login;
-        cipherDetails.Data = JsonSerializer.Serialize(new CipherLoginData());
+        cipherOrgDetails.UserId = null;
+        cipherOrgDetails.OrganizationId = organization.Id;
+        cipherOrgDetails.Type = CipherType.Login;
+        cipherOrgDetails.Data = JsonSerializer.Serialize(new CipherLoginData());
+
+        var cipherDetails = new CipherDetails(cipherOrgDetails);
        cipherDetails.Edit = true;
        cipherDetails.Manage = true;

@ -1076,13 +1088,10 @@ public class CiphersControllerTests
        sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(userId);
        sutProvider.GetDependency<IUserService>().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(new User { Id = userId });
        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
-        sutProvider.GetDependency<ICipherRepository>().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails);
+        sutProvider.GetDependency<ICipherRepository>().GetOrganizationDetailsByIdAsync(cipherOrgDetails.Id).Returns(cipherOrgDetails);
        sutProvider.GetDependency<ICipherRepository>()
            .GetManyByUserIdAsync(userId)
-            .Returns(new List<CipherDetails>
-            {
-                cipherDetails
-            });
+            .Returns(new List<CipherDetails> { cipherDetails });
        sutProvider.GetDependency<IApplicationCacheService>()
            .GetOrganizationAbilityAsync(organization.Id)
            .Returns(new OrganizationAbility
@ -1091,21 +1100,24 @@ public class CiphersControllerTests
                LimitItemDeletion = true
            });

-        var result = await sutProvider.Sut.PutRestoreAdmin(cipherDetails.Id);
+        var result = await sutProvider.Sut.PutRestoreAdmin(cipherOrgDetails.Id);

        Assert.IsType<CipherMiniResponseModel>(result);
-        await sutProvider.GetDependency<ICipherService>().Received(1).RestoreAsync(cipherDetails, userId, true);
+        await sutProvider.GetDependency<ICipherService>().Received(1).RestoreAsync(Arg.Is<CipherDetails>(
+                    (cd) => cd.OrganizationId.Equals(cipherOrgDetails.OrganizationId)), userId, true);
    }

    [Theory]
    [BitAutoData(OrganizationUserType.Owner)]
    [BitAutoData(OrganizationUserType.Admin)]
    public async Task PutRestoreAdmin_WithOwnerOrAdmin_WithoutManagePermission_ThrowsNotFoundException(
-        OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId,
+        OrganizationUserType organizationUserType, CipherOrganizationDetails cipherOrgDetails, Guid userId,
        CurrentContextOrganization organization, SutProvider<CiphersController> sutProvider)
    {
-        cipherDetails.UserId = null;
-        cipherDetails.OrganizationId = organization.Id;
+        cipherOrgDetails.UserId = null;
+        cipherOrgDetails.OrganizationId = organization.Id;
+
+        var cipherDetails = new CipherDetails(cipherOrgDetails);
        cipherDetails.Edit = true;
        cipherDetails.Manage = false;

@ -1114,13 +1126,10 @@ public class CiphersControllerTests
        sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(userId);
        sutProvider.GetDependency<IUserService>().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(new User { Id = userId });
        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
-        sutProvider.GetDependency<ICipherRepository>().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails);
+        sutProvider.GetDependency<ICipherRepository>().GetOrganizationDetailsByIdAsync(cipherOrgDetails.Id).Returns(cipherOrgDetails);
        sutProvider.GetDependency<ICipherRepository>()
            .GetManyByUserIdAsync(userId)
-            .Returns(new List<CipherDetails>
-            {
-                cipherDetails
-            });
+            .Returns(new List<CipherDetails> { cipherDetails });
        sutProvider.GetDependency<IApplicationCacheService>()
            .GetOrganizationAbilityAsync(organization.Id)
            .Returns(new OrganizationAbility
@ -1136,21 +1145,22 @@ public class CiphersControllerTests
    [BitAutoData(OrganizationUserType.Owner)]
    [BitAutoData(OrganizationUserType.Admin)]
    public async Task PutRestoreAdmin_WithOwnerOrAdmin_WithAccessToUnassignedCipher_RestoresCipher(
-        OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId,
+        OrganizationUserType organizationUserType, CipherOrganizationDetails cipherOrgDetails, Guid userId,
        CurrentContextOrganization organization, SutProvider<CiphersController> sutProvider)
    {
-        cipherDetails.OrganizationId = organization.Id;
-        cipherDetails.Type = CipherType.Login;
-        cipherDetails.Data = JsonSerializer.Serialize(new CipherLoginData());
+        cipherOrgDetails.OrganizationId = organization.Id;
+        cipherOrgDetails.Type = CipherType.Login;
+        cipherOrgDetails.Data = JsonSerializer.Serialize(new CipherLoginData());
+
        organization.Type = organizationUserType;

        sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(userId);
        sutProvider.GetDependency<IUserService>().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(new User { Id = userId });
-        sutProvider.GetDependency<ICipherRepository>().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails);
+        sutProvider.GetDependency<ICipherRepository>().GetOrganizationDetailsByIdAsync(cipherOrgDetails.Id).Returns(cipherOrgDetails);
        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
        sutProvider.GetDependency<ICipherRepository>()
            .GetManyUnassignedOrganizationDetailsByOrganizationIdAsync(organization.Id)
-            .Returns(new List<CipherOrganizationDetails> { new() { Id = cipherDetails.Id, OrganizationId = organization.Id } });
+            .Returns(new List<CipherOrganizationDetails> { new() { Id = cipherOrgDetails.Id, OrganizationId = organization.Id } });
        sutProvider.GetDependency<IApplicationCacheService>()
            .GetOrganizationAbilityAsync(organization.Id)
            .Returns(new OrganizationAbility
@ -1159,82 +1169,88 @@ public class CiphersControllerTests
                LimitItemDeletion = true
            });

-        var result = await sutProvider.Sut.PutRestoreAdmin(cipherDetails.Id);
+        var result = await sutProvider.Sut.PutRestoreAdmin(cipherOrgDetails.Id);

        Assert.IsType<CipherMiniResponseModel>(result);
-        await sutProvider.GetDependency<ICipherService>().Received(1).RestoreAsync(cipherDetails, userId, true);
+        await sutProvider.GetDependency<ICipherService>().Received(1).RestoreAsync(Arg.Is<CipherDetails>(
+                    (cd) => cd.OrganizationId.Equals(cipherOrgDetails.OrganizationId)), userId, true);
    }

    [Theory]
    [BitAutoData(OrganizationUserType.Owner)]
    [BitAutoData(OrganizationUserType.Admin)]
    public async Task PutRestoreAdmin_WithOwnerOrAdmin_WithAccessToAllCollectionItems_RestoresCipher(
-        OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId,
+        OrganizationUserType organizationUserType, CipherOrganizationDetails cipherOrgDetails, Guid userId,
        CurrentContextOrganization organization, SutProvider<CiphersController> sutProvider)
    {
-        cipherDetails.OrganizationId = organization.Id;
-        cipherDetails.Type = CipherType.Login;
-        cipherDetails.Data = JsonSerializer.Serialize(new CipherLoginData());
+        cipherOrgDetails.OrganizationId = organization.Id;
+        cipherOrgDetails.Type = CipherType.Login;
+        cipherOrgDetails.Data = JsonSerializer.Serialize(new CipherLoginData());
        organization.Type = organizationUserType;

        sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(userId);
-        sutProvider.GetDependency<ICipherRepository>().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails);
+        sutProvider.GetDependency<ICipherRepository>().GetOrganizationDetailsByIdAsync(cipherOrgDetails.Id).Returns(cipherOrgDetails);
        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
-        sutProvider.GetDependency<ICipherRepository>().GetManyByOrganizationIdAsync(organization.Id).Returns(new List<Cipher> { cipherDetails });
+        sutProvider.GetDependency<ICipherRepository>().GetManyByOrganizationIdAsync(organization.Id).Returns(new List<Cipher> { cipherOrgDetails });
        sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilityAsync(organization.Id).Returns(new OrganizationAbility
        {
            Id = organization.Id,
            AllowAdminAccessToAllCollectionItems = true
        });

-        var result = await sutProvider.Sut.PutRestoreAdmin(cipherDetails.Id);
+        var result = await sutProvider.Sut.PutRestoreAdmin(cipherOrgDetails.Id);

        Assert.IsType<CipherMiniResponseModel>(result);
-        await sutProvider.GetDependency<ICipherService>().Received(1).RestoreAsync(cipherDetails, userId, true);
+        await sutProvider.GetDependency<ICipherService>().Received(1).RestoreAsync(Arg.Is<CipherDetails>(
+                    (cd) => cd.OrganizationId.Equals(cipherOrgDetails.OrganizationId)), userId, true);
    }

    [Theory]
    [BitAutoData]
    public async Task PutRestoreAdmin_WithCustomUser_WithEditAnyCollectionTrue_RestoresCipher(
-        CipherDetails cipherDetails, Guid userId,
+        CipherOrganizationDetails cipherOrgDetails, Guid userId,
        CurrentContextOrganization organization, SutProvider<CiphersController> sutProvider)
    {
-        cipherDetails.OrganizationId = organization.Id;
-        cipherDetails.Type = CipherType.Login;
-        cipherDetails.Data = JsonSerializer.Serialize(new CipherLoginData());
+        cipherOrgDetails.OrganizationId = organization.Id;
+        cipherOrgDetails.Type = CipherType.Login;
+        cipherOrgDetails.Data = JsonSerializer.Serialize(new CipherLoginData());
        organization.Type = OrganizationUserType.Custom;
        organization.Permissions.EditAnyCollection = true;

        sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(userId);
-        sutProvider.GetDependency<ICipherRepository>().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails);
+        sutProvider.GetDependency<ICipherRepository>().GetOrganizationDetailsByIdAsync(cipherOrgDetails.Id).Returns(cipherOrgDetails);
        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
-        sutProvider.GetDependency<ICipherRepository>().GetManyByOrganizationIdAsync(organization.Id).Returns(new List<Cipher> { cipherDetails });
+        sutProvider.GetDependency<ICipherRepository>().GetManyByOrganizationIdAsync(organization.Id).Returns(new List<Cipher> { cipherOrgDetails });

-        var result = await sutProvider.Sut.PutRestoreAdmin(cipherDetails.Id);
+        var result = await sutProvider.Sut.PutRestoreAdmin(cipherOrgDetails.Id);

        Assert.IsType<CipherMiniResponseModel>(result);
-        await sutProvider.GetDependency<ICipherService>().Received(1).RestoreAsync(cipherDetails, userId, true);
+        await sutProvider.GetDependency<ICipherService>().Received(1).RestoreAsync(Arg.Is<CipherDetails>(
+                    (cd) => cd.OrganizationId.Equals(cipherOrgDetails.OrganizationId)), userId, true);
    }

    [Theory]
    [BitAutoData(OrganizationUserType.Owner)]
    [BitAutoData(OrganizationUserType.Admin)]
    public async Task PutRestoreAdmin_WithOwnerOrAdmin_WithEditPermission_LimitItemDeletionFalse_RestoresCipher(
-        OrganizationUserType organizationUserType, CipherDetails cipherDetails, Guid userId,
+        OrganizationUserType organizationUserType, CipherOrganizationDetails cipherOrgDetails, Guid userId,
        CurrentContextOrganization organization, SutProvider<CiphersController> sutProvider)
    {
-        cipherDetails.UserId = null;
-        cipherDetails.OrganizationId = organization.Id;
-        cipherDetails.Type = CipherType.Login;
-        cipherDetails.Data = JsonSerializer.Serialize(new CipherLoginData());
+        cipherOrgDetails.UserId = null;
+        cipherOrgDetails.OrganizationId = organization.Id;
+        cipherOrgDetails.Type = CipherType.Login;
+        cipherOrgDetails.Data = JsonSerializer.Serialize(new CipherLoginData());
+
+        var cipherDetails = new CipherDetails(cipherOrgDetails);
        cipherDetails.Edit = true;
        cipherDetails.Manage = false; // Only Edit permission, not Manage
+
        organization.Type = organizationUserType;

        sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(userId);
        sutProvider.GetDependency<IUserService>().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(new User { Id = userId });
        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
-        sutProvider.GetDependency<ICipherRepository>().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails);
+        sutProvider.GetDependency<ICipherRepository>().GetOrganizationDetailsByIdAsync(cipherDetails.Id).Returns(cipherDetails);
        sutProvider.GetDependency<ICipherRepository>()
            .GetManyByUserIdAsync(userId)
            .Returns(new List<CipherDetails> { cipherDetails });
@ -1249,7 +1265,8 @@ public class CiphersControllerTests
        var result = await sutProvider.Sut.PutRestoreAdmin(cipherDetails.Id);

        Assert.IsType<CipherMiniResponseModel>(result);
-        await sutProvider.GetDependency<ICipherService>().Received(1).RestoreAsync(cipherDetails, userId, true);
+        await sutProvider.GetDependency<ICipherService>().Received(1).RestoreAsync(Arg.Is<CipherDetails>(
+                    (cd) => cd.OrganizationId.Equals(cipherOrgDetails.OrganizationId)), userId, true);
    }

    [Theory]
@ -1270,7 +1287,7 @@ public class CiphersControllerTests
        sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(userId);
        sutProvider.GetDependency<IUserService>().GetUserByPrincipalAsync(default).ReturnsForAnyArgs(new User { Id = userId });
        sutProvider.GetDependency<ICurrentContext>().GetOrganization(organization.Id).Returns(organization);
-        sutProvider.GetDependency<ICipherRepository>().GetByIdAsync(cipherDetails.Id, userId).Returns(cipherDetails);
+        sutProvider.GetDependency<ICipherRepository>().GetOrganizationDetailsByIdAsync(cipherDetails.Id).Returns(cipherDetails);
        sutProvider.GetDependency<ICipherRepository>()
            .GetManyByUserIdAsync(userId)
            .Returns(new List<CipherDetails> { cipherDetails });
@ -1319,10 +1336,6 @@ public class CiphersControllerTests
        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.PutRestoreAdmin(cipherDetails.Id));
    }

-
-
-
-
    [Theory]
    [BitAutoData(OrganizationUserType.Owner)]
    [BitAutoData(OrganizationUserType.Admin)]