Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-21 12:05:42 +01:00
Code Issues Projects Releases Wiki Activity

[bug] Adjust permissions logic for putting users to a collection (#1834)

Browse Source
This commit is contained in:
Addison Beck 2022-02-01 13:30:37 -05:00 committed by GitHub
parent b47c30d4f4
commit 1e68958b20
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/Api/Controllers/CollectionsController.cs
View File

@ -148,6 +148,11 @@ namespace Bit.Api.Controllers
[HttpPut("{id}/users")]
public async Task PutUsers(string orgId, string id, [FromBody] IEnumerable<SelectionReadOnlyRequestModel> model)
{
if (!await CanEditCollectionAsync(orgId, id))
{
throw new NotFoundException();
}
var collection = await GetCollectionAsync(new Guid(id), new Guid(orgId));
await _collectionRepository.UpdateUsersAsync(collection.Id, model?.Select(g => g.ToSelectionReadOnly()));
}
@ -220,7 +225,7 @@ namespace Bit.Api.Controllers
if (await _currentContext.EditAssignedCollections(orgId))
{
return null != _collectionRepository.GetByIdAsync(collectionId, _currentContext.UserId.Value);
return null != await _collectionRepository.GetByIdAsync(collectionId, _currentContext.UserId.Value);
}
return false;