bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-19 01:33:33 +00:00
Code Issues Releases Wiki Activity

[PM-23181] - User can access card items in their personal vault if they belong to another org (#15462)

Browse Source 
* hide personal vault cards if any org has enabled restricted card item

* fix comment
This commit is contained in:
Jordan Aasen
2025-07-07 10:56:34 -07:00
committed by GitHub
parent 4d9516cd96
commit 0b1545264b
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
libs/common/src/vault/services/restricted-item-types.service.ts
View File

@@ -91,7 +91,6 @@ export class RestrictedItemTypesService {
* Restriction logic: * Restriction logic:
* - If cipher type is not restricted by any org → allowed * - If cipher type is not restricted by any org → allowed
* - If cipher belongs to an org that allows this type → allowed * - If cipher belongs to an org that allows this type → allowed
* - If cipher is personal vault and any org allows this type → allowed
* - Otherwise → restricted * - Otherwise → restricted
*/ */
isCipherRestricted(cipher: CipherLike, restrictedTypes: RestrictedCipherType[]): boolean { isCipherRestricted(cipher: CipherLike, restrictedTypes: RestrictedCipherType[]): boolean {
@@ -108,8 +107,8 @@ export class RestrictedItemTypesService {
return !restriction.allowViewOrgIds.includes(cipher.organizationId); return !restriction.allowViewOrgIds.includes(cipher.organizationId);
} }
// For personal vault ciphers: restricted only if NO organizations allow this type // Cipher is restricted by at least one organization, restrict it
return restriction.allowViewOrgIds.length === 0; return true;
} }
/** /**