1
0
mirror of https://github.com/bitwarden/server.git synced 2025-02-01 23:31:41 +01:00

[EC-235] Reapply permissions fix for Admin cipher endpoint (#2061)

* Reapply fix from PR 2036, accidentally clobbered by PR 2022
This commit is contained in:
Thomas Rittson 2022-06-15 12:47:36 +10:00 committed by GitHub
parent 8e110b5c41
commit b39a43210d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -225,10 +225,9 @@ namespace Bit.Api.Controllers
}
IEnumerable<CipherOrganizationDetails> orgCiphers;
if (await _currentContext.OrganizationOwner(orgIdGuid))
if (await _currentContext.OrganizationAdmin(orgIdGuid))
{
// User may be a Provider for the organization, in which case GetManyByUserIdAsync won't return any results
// But they have access to all organization ciphers, so we can safely get by orgId instead
// Admins, Owners and Providers can access all items even if not assigned to them
orgCiphers = await _cipherRepository.GetManyOrganizationDetailsByOrganizationIdAsync(orgIdGuid);
}
else