Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-02-09 00:41:37 +01:00
Code Issues Projects Releases Wiki Activity

[EC-235] Reapply permissions fix for Admin cipher endpoint (#2061)

Browse Source 
* Reapply fix from PR 2036, accidentally clobbered by PR 2022
This commit is contained in:
Thomas Rittson 2022-06-15 12:47:36 +10:00 committed by GitHub
parent 8e110b5c41
commit b39a43210d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/Api/Controllers/CiphersController.cs
View File

@ -225,10 +225,9 @@ namespace Bit.Api.Controllers
} }
IEnumerable<CipherOrganizationDetails> orgCiphers; IEnumerable<CipherOrganizationDetails> orgCiphers;
if (await _currentContext.OrganizationOwner(orgIdGuid)) if (await _currentContext.OrganizationAdmin(orgIdGuid))
{ {
// User may be a Provider for the organization, in which case GetManyByUserIdAsync won't return any results // Admins, Owners and Providers can access all items even if not assigned to them
// But they have access to all organization ciphers, so we can safely get by orgId instead
orgCiphers = await _cipherRepository.GetManyOrganizationDetailsByOrganizationIdAsync(orgIdGuid); orgCiphers = await _cipherRepository.GetManyOrganizationDetailsByOrganizationIdAsync(orgIdGuid);
} }
else else