1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-24 17:17:40 +01:00

Create collections allows view all access (#1653)

* Create collections allows view all access

* Add missing permission to read users
This commit is contained in:
Matt Gibson 2021-10-20 10:31:17 -05:00 committed by GitHub
parent 033509745a
commit 216395f541
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 2 deletions

View File

@ -61,7 +61,8 @@ namespace Bit.Api.Controllers
public async Task<ListResponseModel<OrganizationUserUserDetailsResponseModel>> Get(string orgId) public async Task<ListResponseModel<OrganizationUserUserDetailsResponseModel>> Get(string orgId)
{ {
var orgGuidId = new Guid(orgId); var orgGuidId = new Guid(orgId);
if (!await _currentContext.ViewAssignedCollections(orgGuidId) && if (!await _currentContext.ViewAllCollections(orgGuidId) &&
!await _currentContext.ViewAssignedCollections(orgGuidId) &&
!await _currentContext.ManageGroups(orgGuidId) && !await _currentContext.ManageGroups(orgGuidId) &&
!await _currentContext.ManageUsers(orgGuidId)) !await _currentContext.ManageUsers(orgGuidId))
{ {

View File

@ -310,7 +310,7 @@ namespace Bit.Core.Context
public async Task<bool> ViewAllCollections(Guid orgId) public async Task<bool> ViewAllCollections(Guid orgId)
{ {
return await EditAnyCollection(orgId) || await DeleteAnyCollection(orgId); return await CreateNewCollections(orgId) || await EditAnyCollection(orgId) || await DeleteAnyCollection(orgId);
} }
public async Task<bool> EditAssignedCollections(Guid orgId) public async Task<bool> EditAssignedCollections(Guid orgId)