From b20e6f5e856411df061d9ecc6c7504532e59e556 Mon Sep 17 00:00:00 2001
From: Thomas Rittson <trittson@bitwarden.com>
Date: Fri, 5 Feb 2021 16:22:30 +1000
Subject: [PATCH] Only return policy in TakeoverResponse if Owner

---
 .../Models/Api/Response/EmergencyAccessResponseModel.cs   | 2 +-
 .../Services/Implementations/EmergencyAccessService.cs    | 8 ++++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/Core/Models/Api/Response/EmergencyAccessResponseModel.cs b/src/Core/Models/Api/Response/EmergencyAccessResponseModel.cs
index 0b728073a..6515d1023 100644
--- a/src/Core/Models/Api/Response/EmergencyAccessResponseModel.cs
+++ b/src/Core/Models/Api/Response/EmergencyAccessResponseModel.cs
@@ -94,7 +94,7 @@ namespace Bit.Core.Models.Api.Response
             KeyEncrypted = emergencyAccess.KeyEncrypted;
             Kdf = grantor.Kdf;
             KdfIterations = grantor.KdfIterations;
-            Policy = policy.Select<Policy, PolicyResponseModel>(policy => new PolicyResponseModel(policy));
+            Policy = policy?.Select<Policy, PolicyResponseModel>(policy => new PolicyResponseModel(policy));
         }
 
         public int KdfIterations { get; private set; }
diff --git a/src/Core/Services/Implementations/EmergencyAccessService.cs b/src/Core/Services/Implementations/EmergencyAccessService.cs
index a7bc439c7..7afd5654a 100644
--- a/src/Core/Services/Implementations/EmergencyAccessService.cs
+++ b/src/Core/Services/Implementations/EmergencyAccessService.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Linq;
 using System.Threading.Tasks;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
@@ -249,8 +250,11 @@ namespace Bit.Core.Services
             }
 
             var grantor = await _userRepository.GetByIdAsync(emergencyAccess.GrantorId);
-            var policy = await _policyRepository.GetManyByUserIdAsync(grantor.Id);
-            
+
+            var grantorOrganizations = await _organizationUserRepository.GetManyByUserAsync(grantor.Id);
+            var isOrganizationOwner = grantorOrganizations.Any<OrganizationUser>(organization => organization.Type == OrganizationUserType.Owner);
+            var policy = isOrganizationOwner ? await _policyRepository.GetManyByUserIdAsync(grantor.Id) : null;
+
             return (emergencyAccess, grantor, policy);
         }