bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2025-12-17 16:53:23 +00:00
Code Issues Releases Wiki Activity

Create collections allows view all access (#1653)

Browse Source 
* Create collections allows view all access

* Add missing permission to read users
This commit is contained in:
Matt Gibson
2021-10-20 10:31:17 -05:00
committed by GitHub
parent 033509745a
commit 216395f541
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/Api/Controllers/OrganizationUsersController.cs
View File

@@ -61,7 +61,8 @@ namespace Bit.Api.Controllers
public async Task<ListResponseModel<OrganizationUserUserDetailsResponseModel>> Get(string orgId)
{
var orgGuidId = new Guid(orgId);
if (!await _currentContext.ViewAssignedCollections(orgGuidId) &&
if (!await _currentContext.ViewAllCollections(orgGuidId) &&
!await _currentContext.ViewAssignedCollections(orgGuidId) &&
!await _currentContext.ManageGroups(orgGuidId) &&
!await _currentContext.ManageUsers(orgGuidId))
{

2
src/Core/Context/CurrentContext.cs
View File

@@ -310,7 +310,7 @@ namespace Bit.Core.Context
public async Task<bool> ViewAllCollections(Guid orgId)
{
return await EditAnyCollection(orgId) || await DeleteAnyCollection(orgId);
return await CreateNewCollections(orgId) || await EditAnyCollection(orgId) || await DeleteAnyCollection(orgId);
}
public async Task<bool> EditAssignedCollections(Guid orgId)