Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-01-24 22:11:24 +01:00
Code Issues Projects Releases Wiki Activity

Let Manage Users permission see group membership (#1135)

Browse Source
This commit is contained in:
Thomas Rittson 2021-02-12 08:14:00 +10:00 committed by GitHub
parent f3bff938c4
commit 61ee3f1e45
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Api/Controllers/GroupsController.cs
View File

@ -60,7 +60,8 @@ namespace Bit.Api.Controllers
var orgIdGuid = new Guid(orgId);
var canAccess = _currentContext.ManageGroups(orgIdGuid) ||
_currentContext.ManageAssignedCollections(orgIdGuid) ||
_currentContext.ManageAllCollections(orgIdGuid);
_currentContext.ManageAllCollections(orgIdGuid) ||
_currentContext.ManageUsers(orgIdGuid);
if (!canAccess)
{

7
src/Api/Controllers/OrganizationUsersController.cs
View File

@ -59,7 +59,9 @@ namespace Bit.Api.Controllers
public async Task<ListResponseModel<OrganizationUserUserDetailsResponseModel>> Get(string orgId)
{
var orgGuidId = new Guid(orgId);
if (!_currentContext.ManageAssignedCollections(orgGuidId) && !_currentContext.ManageGroups(orgGuidId))
if (!_currentContext.ManageAssignedCollections(orgGuidId) &&
!_currentContext.ManageGroups(orgGuidId) &&
!_currentContext.ManageUsers(orgGuidId))
{
throw new NotFoundException();
}
@ -75,7 +77,8 @@ namespace Bit.Api.Controllers
public async Task<IEnumerable<string>> GetGroups(string orgId, string id)
{
var organizationUser = await _organizationUserRepository.GetByIdAsync(new Guid(id));
if (organizationUser == null || !_currentContext.ManageGroups(organizationUser.OrganizationId))
if (organizationUser == null || (!_currentContext.ManageGroups(organizationUser.OrganizationId) &&
!_currentContext.ManageUsers(organizationUser.OrganizationId)))
{
throw new NotFoundException();
}