From f602df2eb93b8520908cc235dd9700c81bea9e7e Mon Sep 17 00:00:00 2001 From: Thomas Rittson <31796059+eliykat@users.noreply.github.com> Date: Tue, 7 Jun 2022 10:33:39 +1000 Subject: [PATCH] [EC-235] Give Admins (and above) access to all items (#2036) --- src/Api/Controllers/CiphersController.cs | 5 ++--- src/Api/Controllers/CollectionsController.cs | 5 ++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/src/Api/Controllers/CiphersController.cs b/src/Api/Controllers/CiphersController.cs index 1a6b012c37..7cc45b9f06 100644 --- a/src/Api/Controllers/CiphersController.cs +++ b/src/Api/Controllers/CiphersController.cs @@ -225,10 +225,9 @@ namespace Bit.Api.Controllers } IEnumerable orgCiphers; - if (await _currentContext.OrganizationOwner(orgIdGuid)) + if (await _currentContext.OrganizationAdmin(orgIdGuid)) { - // User may be a Provider for the organization, in which case GetManyByUserIdAsync won't return any results - // But they have access to all organization ciphers, so we can safely get by orgId instead + // Admins, Owners and Providers can access all items even if not assigned to them orgCiphers = await _cipherRepository.GetManyByOrganizationIdAsync(orgIdGuid); } else diff --git a/src/Api/Controllers/CollectionsController.cs b/src/Api/Controllers/CollectionsController.cs index 6b65fc549b..2f0a48043a 100644 --- a/src/Api/Controllers/CollectionsController.cs +++ b/src/Api/Controllers/CollectionsController.cs @@ -88,10 +88,9 @@ namespace Bit.Api.Controllers } IEnumerable orgCollections; - if (await _currentContext.OrganizationOwner(orgIdGuid)) + if (await _currentContext.OrganizationAdmin(orgIdGuid)) { - // User may be a Provider for the organization, in which case GetManyByUserIdAsync won't return any results - // But they have access to all organization collections, so we can safely get by orgId instead + // Admins, Owners and Providers can access all items even if not assigned to them orgCollections = await _collectionRepository.GetManyByOrganizationIdAsync(orgIdGuid); } else