1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-21 12:05:42 +01:00

[PM-5450] Add check for admin/org access for events (#4705)

* check to see if the org allows access to collections/ciphers to owners for events

* linter

* add check for organization value before attempting to use it

* refactor logic to check for org abilities

* remove checks for organization abilities

- The previous logic would block events from being collected when a cipher was unassigned

* check for organization when recording an event from owner/admin
This commit is contained in:
Nick Krantz 2024-09-30 08:59:18 -05:00 committed by GitHub
parent fa87c827fd
commit 7b1edb3d3f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -19,19 +19,22 @@ public class CollectController : Controller
private readonly ICipherRepository _cipherRepository;
private readonly IOrganizationRepository _organizationRepository;
private readonly IFeatureService _featureService;
private readonly IApplicationCacheService _applicationCacheService;
public CollectController(
ICurrentContext currentContext,
IEventService eventService,
ICipherRepository cipherRepository,
IOrganizationRepository organizationRepository,
IFeatureService featureService)
IFeatureService featureService,
IApplicationCacheService applicationCacheService)
{
_currentContext = currentContext;
_eventService = eventService;
_cipherRepository = cipherRepository;
_organizationRepository = organizationRepository;
_featureService = featureService;
_applicationCacheService = applicationCacheService;
}
[HttpPost]
@ -76,9 +79,23 @@ public class CollectController : Controller
_currentContext.UserId.Value);
}
if (cipher == null)
{
// When the user cannot access the cipher directly, check if the organization allows for
// admin/owners access to all collections and the user can access the cipher from that perspective.
if (!eventModel.OrganizationId.HasValue)
{
continue;
}
cipher = await _cipherRepository.GetByIdAsync(eventModel.CipherId.Value);
var cipherBelongsToOrg = cipher.OrganizationId == eventModel.OrganizationId;
var org = _currentContext.GetOrganization(eventModel.OrganizationId.Value);
if (!cipherBelongsToOrg || org == null || cipher == null)
{
continue;
}
}
if (!ciphersCache.ContainsKey(eventModel.CipherId.Value))
{
ciphersCache.Add(eventModel.CipherId.Value, cipher);