From 0b1545264bebb58bc12fe486503cffedc7e3d794 Mon Sep 17 00:00:00 2001
From: Jordan Aasen <166539328+jaasen-livefront@users.noreply.github.com>
Date: Mon, 7 Jul 2025 10:56:34 -0700
Subject: [PATCH] [PM-23181] - User can access card items in their personal
 vault if they belong to another org (#15462)

* hide personal vault cards if any org has enabled restricted card item

* fix comment
---
 .../src/vault/services/restricted-item-types.service.ts      | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/libs/common/src/vault/services/restricted-item-types.service.ts b/libs/common/src/vault/services/restricted-item-types.service.ts
index 7ec70831b22..6b848e6626b 100644
--- a/libs/common/src/vault/services/restricted-item-types.service.ts
+++ b/libs/common/src/vault/services/restricted-item-types.service.ts
@@ -91,7 +91,6 @@ export class RestrictedItemTypesService {
    * Restriction logic:
    * - If cipher type is not restricted by any org → allowed
    * - If cipher belongs to an org that allows this type → allowed
-   * - If cipher is personal vault and any org allows this type → allowed
    * - Otherwise → restricted
    */
   isCipherRestricted(cipher: CipherLike, restrictedTypes: RestrictedCipherType[]): boolean {
@@ -108,8 +107,8 @@ export class RestrictedItemTypesService {
       return !restriction.allowViewOrgIds.includes(cipher.organizationId);
     }
 
-    // For personal vault ciphers: restricted only if NO organizations allow this type
-    return restriction.allowViewOrgIds.length === 0;
+    // Cipher is restricted by at least one organization, restrict it
+    return true;
   }
 
   /**