mirror of
https://github.com/bitwarden/server.git
synced 2025-02-01 23:31:41 +01:00
[EC-235] Reapply permissions fix for Admin cipher endpoint (#2061)
* Reapply fix from PR 2036, accidentally clobbered by PR 2022
This commit is contained in:
parent
8e110b5c41
commit
b39a43210d
@ -225,10 +225,9 @@ namespace Bit.Api.Controllers
|
||||
}
|
||||
|
||||
IEnumerable<CipherOrganizationDetails> orgCiphers;
|
||||
if (await _currentContext.OrganizationOwner(orgIdGuid))
|
||||
if (await _currentContext.OrganizationAdmin(orgIdGuid))
|
||||
{
|
||||
// User may be a Provider for the organization, in which case GetManyByUserIdAsync won't return any results
|
||||
// But they have access to all organization ciphers, so we can safely get by orgId instead
|
||||
// Admins, Owners and Providers can access all items even if not assigned to them
|
||||
orgCiphers = await _cipherRepository.GetManyOrganizationDetailsByOrganizationIdAsync(orgIdGuid);
|
||||
}
|
||||
else
|
||||
|
Loading…
Reference in New Issue
Block a user