mirror of
https://github.com/bitwarden/server.git
synced 2025-01-11 20:10:38 +01:00
[EC-160] Give Provider Users access to all org ciphers and collections (#1959)
This commit is contained in:
parent
e3b0196611
commit
ec9dd8e16b
@ -224,8 +224,19 @@ namespace Bit.Api.Controllers
|
||||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
var ciphers = await _cipherRepository.GetManyByUserIdAsync(userId, true);
|
||||
var orgCiphers = ciphers.Where(c => c.OrganizationId == orgIdGuid);
|
||||
IEnumerable<Cipher> orgCiphers;
|
||||
if (await _currentContext.OrganizationOwner(orgIdGuid))
|
||||
{
|
||||
// User may be a Provider for the organization, in which case GetManyByUserIdAsync won't return any results
|
||||
// But they have access to all organization ciphers, so we can safely get by orgId instead
|
||||
orgCiphers = await _cipherRepository.GetManyByOrganizationIdAsync(orgIdGuid);
|
||||
}
|
||||
else
|
||||
{
|
||||
var ciphers = await _cipherRepository.GetManyByUserIdAsync(userId, true);
|
||||
orgCiphers = ciphers.Where(c => c.OrganizationId == orgIdGuid);
|
||||
}
|
||||
|
||||
var orgCipherIds = orgCiphers.Select(c => c.Id);
|
||||
|
||||
var collectionCiphers = await _collectionCipherRepository.GetManyByOrganizationIdAsync(orgIdGuid);
|
||||
|
@ -87,8 +87,19 @@ namespace Bit.Api.Controllers
|
||||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
var collections = await _collectionRepository.GetManyByUserIdAsync(_currentContext.UserId.Value);
|
||||
var orgCollections = collections.Where(c => c.OrganizationId == orgIdGuid);
|
||||
IEnumerable<Collection> orgCollections;
|
||||
if (await _currentContext.OrganizationOwner(orgIdGuid))
|
||||
{
|
||||
// User may be a Provider for the organization, in which case GetManyByUserIdAsync won't return any results
|
||||
// But they have access to all organization collections, so we can safely get by orgId instead
|
||||
orgCollections = await _collectionRepository.GetManyByOrganizationIdAsync(orgIdGuid);
|
||||
}
|
||||
else
|
||||
{
|
||||
var collections = await _collectionRepository.GetManyByUserIdAsync(_currentContext.UserId.Value);
|
||||
orgCollections = collections.Where(c => c.OrganizationId == orgIdGuid);
|
||||
}
|
||||
|
||||
var responses = orgCollections.Select(c => new CollectionResponseModel(c));
|
||||
return new ListResponseModel<CollectionResponseModel>(responses);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user