Add validation in UpdateCollectionCommand to prevent editing DefaultUserCollection type

* Implemented a check in UpdateAsync to throw a BadRequestException if a collection of type DefaultUserCollection is attempted to be updated. * Added a unit test to verify that the exception is thrown with the correct message when attempting to update a collection of this type.
2025-06-27 14:16:19 -05:00 · 2025-06-13 14:49:56 +01:00 · 2025-06-13 14:49:56 +01:00 · 6ec844a7a6
commit 6ec844a7a6
parent bf9f7709ae
2 changed files with 28 additions and 0 deletions
--- a/src/Core/OrganizationFeatures/OrganizationCollections/UpdateCollectionCommand.cs
+++ b/src/Core/OrganizationFeatures/OrganizationCollections/UpdateCollectionCommand.cs
@ -1,4 +1,5 @@
 using Bit.Core.Entities;
+using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Data;
 using Bit.Core.OrganizationFeatures.OrganizationCollections.Interfaces;
@ -26,6 +27,11 @@ public class UpdateCollectionCommand : IUpdateCollectionCommand
    public async Task<Collection> UpdateAsync(Collection collection, IEnumerable<CollectionAccessSelection> groups = null,
        IEnumerable<CollectionAccessSelection> users = null)
    {
+        if (collection.Type == CollectionType.DefaultUserCollection)
+        {
+            throw new BadRequestException("You cannot edit a collection with the type as DefaultUserCollection.");
+        }
+
        var org = await _organizationRepository.GetByIdAsync(collection.OrganizationId);
        if (org == null)
        {
--- a/test/Core.Test/OrganizationFeatures/OrganizationCollections/UpdateCollectionCommandTests.cs
+++ b/test/Core.Test/OrganizationFeatures/OrganizationCollections/UpdateCollectionCommandTests.cs
@ -166,4 +166,26 @@ public class UpdateCollectionCommandTests
            .DidNotReceiveWithAnyArgs()
            .LogCollectionEventAsync(default, default);
    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_WithDefaultUserCollectionType_ThrowsBadRequest(
+        Organization organization, Collection collection, SutProvider<UpdateCollectionCommand> sutProvider)
+    {
+        collection.Type = CollectionType.DefaultUserCollection;
+        sutProvider.GetDependency<IOrganizationRepository>()
+            .GetByIdAsync(organization.Id)
+            .Returns(organization);
+
+        var ex = await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.UpdateAsync(collection));
+        Assert.Contains("You cannot edit a collection with the type as DefaultUserCollection.", ex.Message);
+        await sutProvider.GetDependency<ICollectionRepository>()
+            .DidNotReceiveWithAnyArgs()
+            .ReplaceAsync(default);
+        await sutProvider.GetDependency<ICollectionRepository>()
+            .DidNotReceiveWithAnyArgs()
+            .ReplaceAsync(default, default, default);
+        await sutProvider.GetDependency<IEventService>()
+            .DidNotReceiveWithAnyArgs()
+            .LogCollectionEventAsync(default, default);
+    }
 }