mirror of
https://github.com/bitwarden/server.git
synced 2024-12-24 17:17:40 +01:00
Create collections allows view all access (#1653)
* Create collections allows view all access * Add missing permission to read users
This commit is contained in:
parent
033509745a
commit
216395f541
@ -61,7 +61,8 @@ namespace Bit.Api.Controllers
|
||||
public async Task<ListResponseModel<OrganizationUserUserDetailsResponseModel>> Get(string orgId)
|
||||
{
|
||||
var orgGuidId = new Guid(orgId);
|
||||
if (!await _currentContext.ViewAssignedCollections(orgGuidId) &&
|
||||
if (!await _currentContext.ViewAllCollections(orgGuidId) &&
|
||||
!await _currentContext.ViewAssignedCollections(orgGuidId) &&
|
||||
!await _currentContext.ManageGroups(orgGuidId) &&
|
||||
!await _currentContext.ManageUsers(orgGuidId))
|
||||
{
|
||||
|
@ -310,7 +310,7 @@ namespace Bit.Core.Context
|
||||
|
||||
public async Task<bool> ViewAllCollections(Guid orgId)
|
||||
{
|
||||
return await EditAnyCollection(orgId) || await DeleteAnyCollection(orgId);
|
||||
return await CreateNewCollections(orgId) || await EditAnyCollection(orgId) || await DeleteAnyCollection(orgId);
|
||||
}
|
||||
|
||||
public async Task<bool> EditAssignedCollections(Guid orgId)
|
||||
|
Loading…
Reference in New Issue
Block a user