Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-02-02 23:41:21 +01:00
Code Issues Projects Releases Wiki Activity

check user access permissions on collections edit

Browse Source
This commit is contained in:
Kyle Spearrin 2018-08-23 23:04:44 -04:00
parent 68c349f72f
commit 0816c609db
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Api/Controllers/CiphersController.cs
View File

@ -10,7 +10,6 @@ using Bit.Core.Services;
using Bit.Core; using Bit.Core;
using Bit.Api.Utilities; using Bit.Api.Utilities;
using Bit.Core.Utilities; using Bit.Core.Utilities;
using Core.Models.Data;
using System.Collections.Generic; using System.Collections.Generic;
using Bit.Core.Models.Table; using Bit.Core.Models.Table;

4
src/Core/Services/Implementations/CipherService.cs
View File

@ -478,6 +478,10 @@ namespace Bit.Core.Services
} }
else else
{ {
if(!(await UserCanEditAsync(cipher, savingUserId)))
{
throw new BadRequestException("You do not have permissions to edit this.");
}
await _collectionCipherRepository.UpdateCollectionsAsync(cipher.Id, savingUserId, collectionIds); await _collectionCipherRepository.UpdateCollectionsAsync(cipher.Id, savingUserId, collectionIds);
} }