diff --git a/src/Api/Controllers/CollectionsController.cs b/src/Api/Controllers/CollectionsController.cs
index 3a8d819bf..d1255fe26 100644
--- a/src/Api/Controllers/CollectionsController.cs
+++ b/src/Api/Controllers/CollectionsController.cs
@@ -148,6 +148,11 @@ namespace Bit.Api.Controllers
         [HttpPut("{id}/users")]
         public async Task PutUsers(string orgId, string id, [FromBody] IEnumerable<SelectionReadOnlyRequestModel> model)
         {
+            if (!await CanEditCollectionAsync(orgId, id))
+            {
+                throw new NotFoundException();
+            }
+
             var collection = await GetCollectionAsync(new Guid(id), new Guid(orgId));
             await _collectionRepository.UpdateUsersAsync(collection.Id, model?.Select(g => g.ToSelectionReadOnly()));
         }
@@ -220,7 +225,7 @@ namespace Bit.Api.Controllers
 
             if (await _currentContext.EditAssignedCollections(orgId))
             {
-                return null != _collectionRepository.GetByIdAsync(collectionId, _currentContext.UserId.Value);
+                return null != await _collectionRepository.GetByIdAsync(collectionId, _currentContext.UserId.Value);
             }
 
             return false;