From 308e8f4d72be54caace6b53837a0f652fff9866a Mon Sep 17 00:00:00 2001
From: Rui Tome <rtome@bitwarden.com>
Date: Mon, 16 Jun 2025 13:15:12 +0100
Subject: [PATCH] Add validation in CollectionsController to prevent deletion
 of DefaultUserCollection type

* Implemented a check to return a BadRequestObjectResult if an attempt is made to delete a collection of type DefaultUserCollection.
---
 src/Api/Public/Controllers/CollectionsController.cs | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/Api/Public/Controllers/CollectionsController.cs b/src/Api/Public/Controllers/CollectionsController.cs
index d4e0932caa..ec282a0e4d 100644
--- a/src/Api/Public/Controllers/CollectionsController.cs
+++ b/src/Api/Public/Controllers/CollectionsController.cs
@@ -2,6 +2,7 @@
 using Bit.Api.Models.Public.Request;
 using Bit.Api.Models.Public.Response;
 using Bit.Core.Context;
+using Bit.Core.Enums;
 using Bit.Core.OrganizationFeatures.OrganizationCollections.Interfaces;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
@@ -116,6 +117,12 @@ public class CollectionsController : Controller
         {
             return new NotFoundResult();
         }
+
+        if (collection.Type == CollectionType.DefaultUserCollection)
+        {
+            return new BadRequestObjectResult(new ErrorResponseModel("You cannot delete a collection with the type as DefaultUserCollection."));
+        }
+
         await _collectionRepository.DeleteAsync(collection);
         return new OkResult();
     }