check user access permissions on collections edit

2025-12-12 06:13:43 +00:00 · 2018-08-23 23:04:44 -04:00
parent 68c349f72f
commit 0816c609db
2 changed files with 4 additions and 1 deletions
--- a/src/Core/Services/Implementations/CipherService.cs
+++ b/src/Core/Services/Implementations/CipherService.cs
@@ -478,6 +478,10 @@ namespace Bit.Core.Services
            }
            else
            {
+                if(!(await UserCanEditAsync(cipher, savingUserId)))
+                {
+                    throw new BadRequestException("You do not have permissions to edit this.");
+                }
                await _collectionCipherRepository.UpdateCollectionsAsync(cipher.Id, savingUserId, collectionIds);
            }