Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-21 12:05:42 +01:00
Code Issues Projects Releases Wiki Activity

[PM-5450] Add check for admin/org access for events (#4705)

Browse Source 
* check to see if the org allows access to collections/ciphers to owners for events

* linter

* add check for organization value before attempting to use it

* refactor logic to check for org abilities

* remove checks for organization abilities

- The previous logic would block events from being collected when a cipher was unassigned

* check for organization when recording an event from owner/admin
This commit is contained in:
Nick Krantz 2024-09-30 08:59:18 -05:00 committed by GitHub
parent fa87c827fd
commit 7b1edb3d3f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/Events/Controllers/CollectController.cs
View File

@ -19,19 +19,22 @@ public class CollectController : Controller
private readonly ICipherRepository _cipherRepository; private readonly ICipherRepository _cipherRepository;
private readonly IOrganizationRepository _organizationRepository; private readonly IOrganizationRepository _organizationRepository;
private readonly IFeatureService _featureService; private readonly IFeatureService _featureService;
private readonly IApplicationCacheService _applicationCacheService;
public CollectController( public CollectController(
ICurrentContext currentContext, ICurrentContext currentContext,
IEventService eventService, IEventService eventService,
ICipherRepository cipherRepository, ICipherRepository cipherRepository,
IOrganizationRepository organizationRepository, IOrganizationRepository organizationRepository,
IFeatureService featureService) IFeatureService featureService,
IApplicationCacheService applicationCacheService)
{ {
_currentContext = currentContext; _currentContext = currentContext;
_eventService = eventService; _eventService = eventService;
_cipherRepository = cipherRepository; _cipherRepository = cipherRepository;
_organizationRepository = organizationRepository; _organizationRepository = organizationRepository;
_featureService = featureService; _featureService = featureService;
_applicationCacheService = applicationCacheService;
} }
[HttpPost] [HttpPost]
@ -76,9 +79,23 @@ public class CollectController : Controller
_currentContext.UserId.Value); _currentContext.UserId.Value);
} }
if (cipher == null) if (cipher == null)
{
// When the user cannot access the cipher directly, check if the organization allows for
// admin/owners access to all collections and the user can access the cipher from that perspective.
if (!eventModel.OrganizationId.HasValue)
{ {
continue; continue;
} }
cipher = await _cipherRepository.GetByIdAsync(eventModel.CipherId.Value);
var cipherBelongsToOrg = cipher.OrganizationId == eventModel.OrganizationId;
var org = _currentContext.GetOrganization(eventModel.OrganizationId.Value);
if (!cipherBelongsToOrg || org == null || cipher == null)
{
continue;
}
}
if (!ciphersCache.ContainsKey(eventModel.CipherId.Value)) if (!ciphersCache.ContainsKey(eventModel.CipherId.Value))
{ {
ciphersCache.Add(eventModel.CipherId.Value, cipher); ciphersCache.Add(eventModel.CipherId.Value, cipher);