Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-21 12:05:42 +01:00
Code Issues Projects Releases Wiki Activity

[EC-276] Admin with custom permission is unable to manage all collections (#2143)

Browse Source 
* Updated CollectionService.GetOrganizationCollections to check if the user has permissions to view all collections

Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com>
This commit is contained in:
Rui Tomé 2022-07-28 17:23:43 +01:00 committed by GitHub
parent 169a4381dd
commit 038d5e7734
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Core/Services/Implementations/CollectionService.cs
View File

@ -124,9 +124,9 @@ namespace Bit.Core.Services
}
IEnumerable<Collection> orgCollections;
if (await _currentContext.OrganizationAdmin(organizationId))
if (await _currentContext.OrganizationAdmin(organizationId) || await _currentContext.ViewAllCollections(organizationId))
{
// Admins, Owners and Providers can access all items even if not assigned to them
// Admins, Owners, Providers and Custom (with collection management permissions) can access all items even if not assigned to them
orgCollections = await _collectionRepository.GetManyByOrganizationIdAsync(organizationId);
}
else