[PM-23059] Provider Users who are also Organization Members cannot edit or delete items via Admin Console when admins can manage all items (#6573)

* removed providers check * Fixed lint issues
2025-12-10 13:23:27 +00:00 · 2025-11-12 17:56:17 -05:00
parent 7f04830f77
commit a836ada6a7
1 changed files with 6 additions and 4 deletions
--- a/src/Api/Vault/Controllers/CiphersController.cs
+++ b/src/Api/Vault/Controllers/CiphersController.cs
@@ -402,8 +402,9 @@ public class CiphersController : Controller
    {
        var org = _currentContext.GetOrganization(organizationId);
-        // If we're not an "admin" or if we're not a provider user we don't need to check the ciphers
+        // If we're not an "admin" we don't need to check the ciphers
-        if (org is not ({ Type: OrganizationUserType.Owner or OrganizationUserType.Admin } or { Permissions.EditAnyCollection: true }) || await _currentContext.ProviderUserForOrgAsync(organizationId))
+        if (org is not ({ Type: OrganizationUserType.Owner or OrganizationUserType.Admin } or
            { Permissions.EditAnyCollection: true }))
        {
            return false;
        }
@@ -416,8 +417,9 @@ public class CiphersController : Controller
    {
        var org = _currentContext.GetOrganization(organizationId);
-        // If we're not an "admin" or if we're a provider user we don't need to check the ciphers
+        // If we're not an "admin" we don't need to check the ciphers
-        if (org is not ({ Type: OrganizationUserType.Owner or OrganizationUserType.Admin } or { Permissions.EditAnyCollection: true }) || await _currentContext.ProviderUserForOrgAsync(organizationId))
+        if (org is not ({ Type: OrganizationUserType.Owner or OrganizationUserType.Admin } or
            { Permissions.EditAnyCollection: true }))
        {
            return false;
        }