mirror of
https://github.com/bitwarden/server.git
synced 2024-11-24 12:35:25 +01:00
Resolved an issue where the API required users to be organization owners when accessing the members page (#4534)
This commit is contained in:
parent
81477303e3
commit
9b9f202f79
@ -20,7 +20,7 @@ public class OrganizationBillingController(
|
||||
[HttpGet("metadata")]
|
||||
public async Task<IResult> GetMetadataAsync([FromRoute] Guid organizationId)
|
||||
{
|
||||
if (!await currentContext.ViewBillingHistory(organizationId))
|
||||
if (!await currentContext.AccessMembersTab(organizationId))
|
||||
{
|
||||
return TypedResults.Unauthorized();
|
||||
}
|
||||
|
@ -383,6 +383,11 @@ public class CurrentContext : ICurrentContext
|
||||
return await EditSubscription(orgId);
|
||||
}
|
||||
|
||||
public async Task<bool> AccessMembersTab(Guid orgId)
|
||||
{
|
||||
return await OrganizationAdmin(orgId) || await ManageUsers(orgId) || await ManageResetPassword(orgId);
|
||||
}
|
||||
|
||||
public bool ProviderProviderAdmin(Guid providerId)
|
||||
{
|
||||
return Providers?.Any(o => o.Id == providerId && o.Type == ProviderUserType.ProviderAdmin) ?? false;
|
||||
|
@ -48,6 +48,7 @@ public interface ICurrentContext
|
||||
Task<bool> ManagePolicies(Guid orgId);
|
||||
Task<bool> ManageSso(Guid orgId);
|
||||
Task<bool> ManageUsers(Guid orgId);
|
||||
Task<bool> AccessMembersTab(Guid orgId);
|
||||
Task<bool> ManageScim(Guid orgId);
|
||||
Task<bool> ManageResetPassword(Guid orgId);
|
||||
Task<bool> ViewSubscription(Guid orgId);
|
||||
|
@ -23,7 +23,7 @@ public class OrganizationBillingControllerTests
|
||||
Guid organizationId,
|
||||
SutProvider<OrganizationBillingController> sutProvider)
|
||||
{
|
||||
sutProvider.GetDependency<ICurrentContext>().ViewBillingHistory(organizationId).Returns(false);
|
||||
sutProvider.GetDependency<ICurrentContext>().AccessMembersTab(organizationId).Returns(false);
|
||||
|
||||
var result = await sutProvider.Sut.GetMetadataAsync(organizationId);
|
||||
|
||||
@ -35,7 +35,7 @@ public class OrganizationBillingControllerTests
|
||||
Guid organizationId,
|
||||
SutProvider<OrganizationBillingController> sutProvider)
|
||||
{
|
||||
sutProvider.GetDependency<ICurrentContext>().ViewBillingHistory(organizationId).Returns(true);
|
||||
sutProvider.GetDependency<ICurrentContext>().AccessMembersTab(organizationId).Returns(true);
|
||||
sutProvider.GetDependency<IOrganizationBillingService>().GetMetadata(organizationId).Returns((OrganizationMetadataDTO)null);
|
||||
|
||||
var result = await sutProvider.Sut.GetMetadataAsync(organizationId);
|
||||
@ -48,7 +48,7 @@ public class OrganizationBillingControllerTests
|
||||
Guid organizationId,
|
||||
SutProvider<OrganizationBillingController> sutProvider)
|
||||
{
|
||||
sutProvider.GetDependency<ICurrentContext>().ViewBillingHistory(organizationId).Returns(true);
|
||||
sutProvider.GetDependency<ICurrentContext>().AccessMembersTab(organizationId).Returns(true);
|
||||
sutProvider.GetDependency<IOrganizationBillingService>().GetMetadata(organizationId)
|
||||
.Returns(new OrganizationMetadataDTO(true));
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user