Add validation to DeleteCollectionCommand to prevent deletion of DefaultUserCollection type

* Implemented checks in DeleteAsync and DeleteManyAsync methods to throw a BadRequestException if a collection of type DefaultUserCollection is attempted to be deleted. * Added unit tests to verify that the exceptions are thrown with the correct messages when attempting to delete collections of this type.
2025-06-27 14:16:19 -05:00 · 2025-06-13 14:49:10 +01:00 · 2025-06-13 14:49:10 +01:00 · bf9f7709ae
commit bf9f7709ae
parent 4ef64db486
2 changed files with 52 additions and 2 deletions
--- a/src/Core/OrganizationFeatures/OrganizationCollections/DeleteCollectionCommand.cs
+++ b/src/Core/OrganizationFeatures/OrganizationCollections/DeleteCollectionCommand.cs
@ -1,4 +1,6 @@
 using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
 using Bit.Core.OrganizationFeatures.OrganizationCollections.Interfaces;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
@ -20,6 +22,11 @@ public class DeleteCollectionCommand : IDeleteCollectionCommand

    public async Task DeleteAsync(Collection collection)
    {
+        if (collection.Type == CollectionType.DefaultUserCollection)
+        {
+            throw new BadRequestException("You cannot delete a collection with the type as DefaultUserCollection.");
+        }
+
        await _collectionRepository.DeleteAsync(collection);
        await _eventService.LogCollectionEventAsync(collection, Enums.EventType.Collection_Deleted, DateTime.UtcNow);
    }
@ -33,6 +40,11 @@ public class DeleteCollectionCommand : IDeleteCollectionCommand

    public async Task DeleteManyAsync(IEnumerable<Collection> collections)
    {
+        if (collections.Any(c => c.Type == Enums.CollectionType.DefaultUserCollection))
+        {
+            throw new BadRequestException("You cannot delete collections with the type as DefaultUserCollection.");
+        }
+
        await _collectionRepository.DeleteManyAsync(collections.Select(c => c.Id));
        await _eventService.LogCollectionEventsAsync(collections.Select(c => (c, Enums.EventType.Collection_Deleted, (DateTime?)DateTime.UtcNow)));
    }
--- a/test/Core.Test/OrganizationFeatures/OrganizationCollections/DeleteCollectionCommandTests.cs
+++ b/test/Core.Test/OrganizationFeatures/OrganizationCollections/DeleteCollectionCommandTests.cs
@ -1,6 +1,6 @@
-
-using Bit.Core.Entities;
+using Bit.Core.Entities;
 using Bit.Core.Enums;
+using Bit.Core.Exceptions;
 using Bit.Core.OrganizationFeatures.OrganizationCollections;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
@ -34,6 +34,7 @@ public class DeleteCollectionCommandTests
    {
        // Arrange
        var collectionIds = new[] { collection.Id, collection2.Id };
+        collection.Type = collection2.Type = CollectionType.SharedCollection;

        sutProvider.GetDependency<ICollectionRepository>()
            .GetManyByManyIdsAsync(collectionIds)
@ -51,5 +52,42 @@ public class DeleteCollectionCommandTests
            a.All(c => collectionIds.Contains(c.Item1.Id) && c.Item2 == EventType.Collection_Deleted)));
    }

+    [Theory, BitAutoData]
+    [OrganizationCustomize]
+    public async Task DeleteAsync_WithDefaultUserCollectionType_ThrowsBadRequest(Collection collection, SutProvider<DeleteCollectionCommand> sutProvider)
+    {
+        // Arrange
+        collection.Type = CollectionType.DefaultUserCollection;
+
+        // Act & Assert
+        var ex = await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.DeleteAsync(collection));
+        Assert.Contains("You cannot delete a collection with the type as DefaultUserCollection.", ex.Message);
+        await sutProvider.GetDependency<ICollectionRepository>()
+            .DidNotReceiveWithAnyArgs()
+            .DeleteAsync(default);
+        await sutProvider.GetDependency<IEventService>()
+            .DidNotReceiveWithAnyArgs()
+            .LogCollectionEventAsync(default, default, default);
+    }
+
+    [Theory, BitAutoData]
+    [OrganizationCustomize]
+    public async Task DeleteManyAsync_WithDefaultUserCollectionType_ThrowsBadRequest(Collection collection, Collection collection2, SutProvider<DeleteCollectionCommand> sutProvider)
+    {
+        // Arrange
+        collection.Type = CollectionType.DefaultUserCollection;
+        collection2.Type = CollectionType.SharedCollection;
+        var collections = new List<Collection> { collection, collection2 };
+
+        // Act & Assert
+        var ex = await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.DeleteManyAsync(collections));
+        Assert.Contains("You cannot delete collections with the type as DefaultUserCollection.", ex.Message);
+        await sutProvider.GetDependency<ICollectionRepository>()
+            .DidNotReceiveWithAnyArgs()
+            .DeleteManyAsync(default);
+        await sutProvider.GetDependency<IEventService>()
+            .DidNotReceiveWithAnyArgs()
+            .LogCollectionEventsAsync(default);
+    }

 }