From b726b08ea14c6aca45a9584584462d920f918b68 Mon Sep 17 00:00:00 2001
From: Addison Beck <abeck@bitwarden.com>
Date: Tue, 10 Aug 2021 06:59:54 -0400
Subject: [PATCH] added a status check to the read by minimum role proc (#1498)

---
 .../EntityFramework/OrganizationUserRepository.cs             | 4 +++-
 .../Stored Procedures/OrganizationUser_ReadByMinimumRole.sql  | 1 +
 .../2021-07-15_00_OrganizationUserReadByMinimumRole.sql       | 1 +
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/Core/Repositories/EntityFramework/OrganizationUserRepository.cs b/src/Core/Repositories/EntityFramework/OrganizationUserRepository.cs
index 52f67a2de..eca35b6b9 100644
--- a/src/Core/Repositories/EntityFramework/OrganizationUserRepository.cs
+++ b/src/Core/Repositories/EntityFramework/OrganizationUserRepository.cs
@@ -397,7 +397,9 @@ namespace Bit.Core.Repositories.EntityFramework
                 var dbContext = GetDatabaseContext(scope);
                 var query = dbContext.OrganizationUsers
                     .Include(e => e.User)
-                    .Where(e => e.OrganizationId.Equals(organizationId) && e.Type <= minRole)
+                    .Where(e => e.OrganizationId.Equals(organizationId) && 
+                        e.Type <= minRole &&
+                        e.Status == OrganizationUserStatusType.Confirmed)
                     .Select(e => new OrganizationUserUserDetails() {
                         Id = e.Id,
                         Email = e.Email ?? e.User.Email
diff --git a/src/Sql/dbo/Stored Procedures/OrganizationUser_ReadByMinimumRole.sql b/src/Sql/dbo/Stored Procedures/OrganizationUser_ReadByMinimumRole.sql
index cd5889d6e..316217476 100644
--- a/src/Sql/dbo/Stored Procedures/OrganizationUser_ReadByMinimumRole.sql	
+++ b/src/Sql/dbo/Stored Procedures/OrganizationUser_ReadByMinimumRole.sql	
@@ -11,5 +11,6 @@ BEGIN
         [dbo].[OrganizationUserUserDetailsView]
     WHERE
         OrganizationId = @OrganizationId 
+        AND Status = 2 -- 2 = Confirmed 
         AND [Type] <= @MinRole
 END
diff --git a/util/Migrator/DbScripts/2021-07-15_00_OrganizationUserReadByMinimumRole.sql b/util/Migrator/DbScripts/2021-07-15_00_OrganizationUserReadByMinimumRole.sql
index 77779ec59..e5f22420f 100644
--- a/util/Migrator/DbScripts/2021-07-15_00_OrganizationUserReadByMinimumRole.sql
+++ b/util/Migrator/DbScripts/2021-07-15_00_OrganizationUserReadByMinimumRole.sql
@@ -17,5 +17,6 @@ BEGIN
         [dbo].[OrganizationUserUserDetailsView]
     WHERE
         OrganizationId = @OrganizationId 
+        AND Status = 2
         AND [Type] <= @MinRole
 END