[PM-22101] Enforce restrictions on collections with DefaultUserCollection type (#5968)

* Add CreateCollectionCommand and associated interface with validation logic

* Implement CreateCollectionCommand to handle collection creation with organization checks and access permissions.
* Introduce ICreateCollectionCommand interface for defining the collection creation contract.
* Add unit tests for CreateCollectionCommand to validate various scenarios including permission checks and error handling.

* Add UpdateCollectionCommand and associated interface with validation logic

* Implement UpdateCollectionCommand to handle collection updates with organization checks and access permissions.
* Introduce IUpdateCollectionCommand interface for defining the collection update contract.
* Add unit tests for UpdateCollectionCommand to validate various scenarios including permission checks and error handling.

* Add scoped services for collection commands

* Register ICreateCollectionCommand and IUpdateCollectionCommand in the service collection for handling collection creation and updates.

* Refactor CollectionsController to use command interfaces for collection creation and updates

* Updated CollectionsController to utilize ICreateCollectionCommand and IUpdateCollectionCommand for handling collection creation and updates, replacing calls to ICollectionService.
* Adjusted related unit tests to verify the new command implementations.

* Refactor ICollectionService and CollectionService to remove SaveAsync method

* Removed the SaveAsync method from ICollectionService and its implementation in CollectionService.
* Updated related tests in CollectionServiceTests to reflect the removal of SaveAsync, ensuring existing functionality remains intact.

* Remove unused organization repository dependency from CollectionServiceTests

* Add validation to CreateCollectionCommand to prevent creation of DefaultUserCollection type

* Implemented a check in CreateCollectionCommand to throw a BadRequestException if a collection of type DefaultUserCollection is attempted to be created.
* Added a unit test to verify that the exception is thrown with the correct message when attempting to create a collection of this type.

* Add validation to DeleteCollectionCommand to prevent deletion of DefaultUserCollection type

* Implemented checks in DeleteAsync and DeleteManyAsync methods to throw a BadRequestException if a collection of type DefaultUserCollection is attempted to be deleted.
* Added unit tests to verify that the exceptions are thrown with the correct messages when attempting to delete collections of this type.

* Add validation in UpdateCollectionCommand to prevent editing DefaultUserCollection type

* Implemented a check in UpdateAsync to throw a BadRequestException if a collection of type DefaultUserCollection is attempted to be updated.
* Added a unit test to verify that the exception is thrown with the correct message when attempting to update a collection of this type.

* Add validation in UpdateOrganizationUserCommand to prevent modification of DefaultUserCollection type

* Implemented a check to throw a BadRequestException if an attempt is made to modify member access for collections of type DefaultUserCollection.
* Added a unit test to ensure the exception is thrown with the correct message when this condition is met.

* Add validation in UpdateGroupCommand to prevent modification of DefaultUserCollection type

* Implemented a check to throw a BadRequestException if an attempt is made to modify group access for collections of type DefaultUserCollection.
* Added a unit test to ensure the exception is thrown with the correct message when this condition is met.

* Add validation in BulkAddCollectionAccessCommand to prevent addition of collections of DefaultUserCollection type

* Implemented a check to throw a BadRequestException if an attempt is made to add access to collections of type DefaultUserCollection.
* Added a unit test to ensure the exception is thrown with the correct message when this condition is met.

* Add validation in CollectionService to prevent modification of DefaultUserCollection type

* Implemented a check in DeleteUserAsync to throw a BadRequestException if an attempt is made to modify member access for collections of type DefaultUserCollection.
* Added a unit test to ensure the exception is thrown with the correct message when this condition is met.

* Implement a check to throw a BadRequestException if an attempt is made to modify member access for collections of type DefaultUserCollection.

* Add validation in CollectionsController to prevent deletion of DefaultUserCollection type

* Implemented a check to return a BadRequestObjectResult if an attempt is made to delete a collection of type DefaultUserCollection.

* Remove unused test method for handling DefaultUserCollection in CollectionsControllerTests

* Update UpdateOrganizationUserCommandTests to use OrganizationUserType for user updates

src/Core/AdminConsole/OrganizationFeatures/Groups/UpdateGroupCommand.cs

@@ -163,6 +163,11 @@ public class UpdateGroupCommand : IUpdateGroupCommand
             // Use generic error message to avoid enumeration
             throw new NotFoundException();
         }
+
+        if (collections.Any(c => c.Type == CollectionType.DefaultUserCollection))
+        {
+            throw new BadRequestException("You cannot modify group access for collections with the type as DefaultUserCollection.");
+        }
     }
 
     private async Task ValidateMemberAccessAsync(Group originalGroup,

src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/UpdateOrganizationUserCommand.cs

@@ -199,6 +199,11 @@ public class UpdateOrganizationUserCommand : IUpdateOrganizationUserCommand
             // Use generic error message to avoid enumeration
             throw new NotFoundException();
         }
+
+        if (collections.Any(c => c.Type == CollectionType.DefaultUserCollection))
+        {
+            throw new BadRequestException("You cannot modify member access for collections with the type as DefaultUserCollection.");
+        }
     }
 
     private async Task ValidateGroupAccessAsync(OrganizationUser originalUser,

src/Core/OrganizationFeatures/OrganizationCollections/BulkAddCollectionAccessCommand.cs

@@ -52,6 +52,11 @@ public class BulkAddCollectionAccessCommand : IBulkAddCollectionAccessCommand
             throw new BadRequestException("No collections were provided.");
         }
 
+        if (collections.Any(c => c.Type == CollectionType.DefaultUserCollection))
+        {
+            throw new BadRequestException("You cannot add access to collections with the type as DefaultUserCollection.");
+        }
+
         var orgId = collections.First().OrganizationId;
 
         if (collections.Any(c => c.OrganizationId != orgId))

src/Core/OrganizationFeatures/OrganizationCollections/CreateCollectionCommand.cs

@@ -1,4 +1,5 @@
 using Bit.Core.Entities;
+using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Data;
 using Bit.Core.OrganizationFeatures.OrganizationCollections.Interfaces;
@@ -26,6 +27,11 @@ public class CreateCollectionCommand : ICreateCollectionCommand
     public async Task<Collection> CreateAsync(Collection collection, IEnumerable<CollectionAccessSelection> groups = null,
         IEnumerable<CollectionAccessSelection> users = null)
     {
+        if (collection.Type == CollectionType.DefaultUserCollection)
+        {
+            throw new BadRequestException("You cannot create a collection with the type as DefaultUserCollection.");
+        }
+
         var org = await _organizationRepository.GetByIdAsync(collection.OrganizationId);
         if (org == null)
         {

src/Core/OrganizationFeatures/OrganizationCollections/DeleteCollectionCommand.cs

@@ -1,4 +1,6 @@
 using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
 using Bit.Core.OrganizationFeatures.OrganizationCollections.Interfaces;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
@@ -20,6 +22,11 @@ public class DeleteCollectionCommand : IDeleteCollectionCommand
 
     public async Task DeleteAsync(Collection collection)
     {
+        if (collection.Type == CollectionType.DefaultUserCollection)
+        {
+            throw new BadRequestException("You cannot delete a collection with the type as DefaultUserCollection.");
+        }
+
         await _collectionRepository.DeleteAsync(collection);
         await _eventService.LogCollectionEventAsync(collection, Enums.EventType.Collection_Deleted, DateTime.UtcNow);
     }
@@ -33,6 +40,11 @@ public class DeleteCollectionCommand : IDeleteCollectionCommand
 
     public async Task DeleteManyAsync(IEnumerable<Collection> collections)
     {
+        if (collections.Any(c => c.Type == Enums.CollectionType.DefaultUserCollection))
+        {
+            throw new BadRequestException("You cannot delete collections with the type as DefaultUserCollection.");
+        }
+
         await _collectionRepository.DeleteManyAsync(collections.Select(c => c.Id));
         await _eventService.LogCollectionEventsAsync(collections.Select(c => (c, Enums.EventType.Collection_Deleted, (DateTime?)DateTime.UtcNow)));
     }

src/Core/OrganizationFeatures/OrganizationCollections/UpdateCollectionCommand.cs

@@ -1,4 +1,5 @@
 using Bit.Core.Entities;
+using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Data;
 using Bit.Core.OrganizationFeatures.OrganizationCollections.Interfaces;
@@ -26,6 +27,11 @@ public class UpdateCollectionCommand : IUpdateCollectionCommand
     public async Task<Collection> UpdateAsync(Collection collection, IEnumerable<CollectionAccessSelection> groups = null,
         IEnumerable<CollectionAccessSelection> users = null)
     {
+        if (collection.Type == CollectionType.DefaultUserCollection)
+        {
+            throw new BadRequestException("You cannot edit a collection with the type as DefaultUserCollection.");
+        }
+
         var org = await _organizationRepository.GetByIdAsync(collection.OrganizationId);
         if (org == null)
         {

src/Core/Services/Implementations/CollectionService.cs

@@ -22,10 +22,13 @@ public class CollectionService : ICollectionService
         _collectionRepository = collectionRepository;
     }
 
-
-
     public async Task DeleteUserAsync(Collection collection, Guid organizationUserId)
     {
+        if (collection.Type == Enums.CollectionType.DefaultUserCollection)
+        {
+            throw new BadRequestException("You cannot modify member access for collections with the type as DefaultUserCollection.");
+        }
+
         var orgUser = await _organizationUserRepository.GetByIdAsync(organizationUserId);
         if (orgUser == null || orgUser.OrganizationId != collection.OrganizationId)
         {