bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2025-12-21 10:43:44 +00:00
Code Issues Releases Wiki Activity

[AC-2887] Added Billing Authorization Where Missing (#4525)

Browse Source 
* Added missing authorization validation to OrganizationBillingController endpoints

* Moved authorization validation to top of each method

* Resolved broken unit tests and added some new ones
This commit is contained in:
Conner Turnbull
2024-07-17 16:15:28 -04:00
committed by GitHub
parent 88d5a97a86
commit 45ec57f81b
3 changed files with 85 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/Api/Billing/Controllers/OrganizationsController.cs
View File

@@ -162,13 +162,13 @@ public class OrganizationsController(
[SelfHosted(NotSelfHostedOnly = true)]
public async Task PostSmSubscription(Guid id, [FromBody] SecretsManagerSubscriptionUpdateRequestModel model)
{
var organization = await organizationRepository.GetByIdAsync(id);
if (organization == null)
if (!await currentContext.EditSubscription(id))
{
throw new NotFoundException();
}
if (!await currentContext.EditSubscription(id))
var organization = await organizationRepository.GetByIdAsync(id);
if (organization == null)
{
throw new NotFoundException();
}
@@ -195,13 +195,13 @@ public class OrganizationsController(
[SelfHosted(NotSelfHostedOnly = true)]
public async Task<ProfileOrganizationResponseModel> PostSubscribeSecretsManagerAsync(Guid id, [FromBody] SecretsManagerSubscribeRequestModel model)
{
var organization = await organizationRepository.GetByIdAsync(id);
if (organization == null)
if (!await currentContext.EditSubscription(id))
{
throw new NotFoundException();
}
if (!await currentContext.EditSubscription(id))
var organization = await organizationRepository.GetByIdAsync(id);
if (organization == null)
{
throw new NotFoundException();
}