[PM-10361] Remove Group.AccessAll from code (#4614)

* Remove Group.AccessAll from code

* Add shadow property config and migration

src/Core/AdminConsole/Entities/Group.cs

@@ -13,7 +13,6 @@ public class Group : ITableObject<Guid>, IExternal
     public Guid OrganizationId { get; set; }
     [MaxLength(100)]
     public string Name { get; set; } = null!;
-    public bool AccessAll { get; set; }
     [MaxLength(300)]
     public string? ExternalId { get; set; }
     public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;

src/Core/AdminConsole/OrganizationFeatures/Groups/CreateGroupCommand.cs

@@ -115,11 +115,6 @@ public class CreateGroupCommand : ICreateGroupCommand
             throw new BadRequestException("This organization cannot use groups.");
         }
 
-        if (group.AccessAll)
-        {
-            throw new BadRequestException("The AccessAll property has been deprecated by collection enhancements. Assign the group to collections instead.");
-        }
-
         var invalidAssociations = collections?.Where(cas => cas.Manage && (cas.ReadOnly || cas.HidePasswords));
         if (invalidAssociations?.Any() ?? false)
         {

src/Core/AdminConsole/OrganizationFeatures/Groups/UpdateGroupCommand.cs

@@ -136,11 +136,6 @@ public class UpdateGroupCommand : IUpdateGroupCommand
             await ValidateMemberAccessAsync(originalGroup, memberAccess.ToList());
         }
 
-        if (group.AccessAll)
-        {
-            throw new BadRequestException("The AccessAll property has been deprecated by collection enhancements. Assign the group to collections instead.");
-        }
-
         var invalidAssociations = collectionAccess?.Where(cas => cas.Manage && (cas.ReadOnly || cas.HidePasswords));
         if (invalidAssociations?.Any() ?? false)
         {

src/Infrastructure.EntityFramework/Repositories/DatabaseContext.cs

@@ -102,6 +102,9 @@ public class DatabaseContext : DbContext
         var eOrganizationDomain = builder.Entity<OrganizationDomain>();
         var aWebAuthnCredential = builder.Entity<WebAuthnCredential>();
 
+        // Shadow property configurations
+        eGroup.Property<bool>("AccessAll").HasDefaultValue(false);
+
         eCipher.Property(c => c.Id).ValueGeneratedNever();
         eCollection.Property(c => c.Id).ValueGeneratedNever();
         eEmergencyAccess.Property(c => c.Id).ValueGeneratedNever();

src/Infrastructure.EntityFramework/Repositories/Queries/CollectionsReadByOrganizationIdUserIdQuery.cs

@@ -3,6 +3,9 @@ using Bit.Infrastructure.EntityFramework.Models;
 
 namespace Bit.Infrastructure.EntityFramework.Repositories.Queries;
 
+/// <summary>
+/// Returns all Collections that a user is assigned to in an organization, either directly or via a group.
+/// </summary>
 public class CollectionsReadByOrganizationIdUserIdQuery : IQuery<Collection>
 {
     private readonly Guid? _organizationId;

src/Infrastructure.EntityFramework/Vault/Repositories/CipherRepository.cs

@@ -2,7 +2,6 @@
 using System.Text.Json.Nodes;
 using AutoMapper;
 using Bit.Core.Auth.UserFeatures.UserKey;
-using Bit.Core.Enums;
 using Bit.Core.Utilities;
 using Bit.Core.Vault.Enums;
 using Bit.Core.Vault.Models.Data;
@@ -544,32 +543,10 @@ public class CipherRepository : Repository<Core.Vault.Entities.Cipher, Cipher, G
         }
         else
         {
-            availableCollectionsQuery = from c in context.Collections
-                                        join o in context.Organizations
-                                            on c.OrganizationId equals o.Id
-                                        join ou in context.OrganizationUsers
-                                            on new { OrganizationId = o.Id, UserId = userId } equals
-                                            new { ou.OrganizationId, ou.UserId }
-                                        join cu in context.CollectionUsers
-                                            on new { ou.AccessAll, CollectionId = c.Id, OrganizationUserId = ou.Id } equals
-                                            new { AccessAll = false, cu.CollectionId, cu.OrganizationUserId } into cu_g
-                                        from cu in cu_g.DefaultIfEmpty()
-                                        join gu in context.GroupUsers
-                                            on new { CollectionId = (Guid?)cu.CollectionId, ou.AccessAll, OrganizationUserId = ou.Id } equals
-                                            new { CollectionId = (Guid?)null, AccessAll = false, gu.OrganizationUserId } into gu_g
-                                        from gu in gu_g.DefaultIfEmpty()
-                                        join g in context.Groups
-                                            on gu.GroupId equals g.Id into g_g
-                                        from g in g_g.DefaultIfEmpty()
-                                        join cg in context.CollectionGroups
-                                            on new { g.AccessAll, CollectionId = c.Id, gu.GroupId } equals
-                                            new { AccessAll = false, cg.CollectionId, cg.GroupId } into cg_g
-                                        from cg in cg_g.DefaultIfEmpty()
-                                        where o.Id == organizationId &&
-                                            o.Enabled &&
-                                            ou.Status == OrganizationUserStatusType.Confirmed &&
-                                            (ou.AccessAll || !cu.ReadOnly || g.AccessAll || !cg.ReadOnly)
-                                        select c.Id;
+            availableCollectionsQuery =
+                new CollectionsReadByOrganizationIdUserIdQuery(organizationId.Value, userId.Value)
+                    .Run(context)
+                    .Select(c => c.Id);
         }
 
         var availableCollections = await availableCollectionsQuery.ToListAsync();