Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-02-25 03:21:46 +01:00
Code Issues Projects Releases Wiki Activity

[EC-235] Give Admins (and above) access to all items (#2036)

Browse Source
This commit is contained in:
Thomas Rittson 2022-06-07 10:33:39 +10:00 committed by GitHub
parent b070e9a387
commit f602df2eb9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/Api/Controllers/CiphersController.cs
View File

@ -225,10 +225,9 @@ namespace Bit.Api.Controllers
}
IEnumerable<Cipher> orgCiphers;
if (await _currentContext.OrganizationOwner(orgIdGuid))
if (await _currentContext.OrganizationAdmin(orgIdGuid))
{
// User may be a Provider for the organization, in which case GetManyByUserIdAsync won't return any results
// But they have access to all organization ciphers, so we can safely get by orgId instead
// Admins, Owners and Providers can access all items even if not assigned to them
orgCiphers = await _cipherRepository.GetManyByOrganizationIdAsync(orgIdGuid);
}
else

5
src/Api/Controllers/CollectionsController.cs
View File

@ -88,10 +88,9 @@ namespace Bit.Api.Controllers
}
IEnumerable<Collection> orgCollections;
if (await _currentContext.OrganizationOwner(orgIdGuid))
if (await _currentContext.OrganizationAdmin(orgIdGuid))
{
// User may be a Provider for the organization, in which case GetManyByUserIdAsync won't return any results
// But they have access to all organization collections, so we can safely get by orgId instead
// Admins, Owners and Providers can access all items even if not assigned to them
orgCollections = await _collectionRepository.GetManyByOrganizationIdAsync(orgIdGuid);
}
else