Admins are not limited by collection controls

2025-12-20 02:03:46 +00:00 · 2017-09-06 13:01:22 -04:00
parent 06bdda5717
commit b06aae7cfd
8 changed files with 48 additions and 8 deletions
--- a/src/Api/Controllers/LoginsController.cs
+++ b/src/Api/Controllers/LoginsController.cs
@@ -54,8 +54,7 @@ namespace Bit.Api.Controllers
        [HttpGet("{id}/admin")]
        public async Task<LoginResponseModel> GetAdmin(string id)
        {
-            var userId = _userService.GetProperUserId(User).Value;
-            var login = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
+            var login = await _cipherRepository.GetDetailsByIdAsync(new Guid(id));
            if(login == null || !login.OrganizationId.HasValue ||
                !_currentContext.OrganizationAdmin(login.OrganizationId.Value))
            {
@@ -131,7 +130,7 @@ namespace Bit.Api.Controllers
        public async Task<LoginResponseModel> PutAdmin(string id, [FromBody]LoginRequestModel model)
        {
            var userId = _userService.GetProperUserId(User).Value;
-            var login = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
+            var login = await _cipherRepository.GetDetailsByIdAsync(new Guid(id));
            if(login == null || !login.OrganizationId.HasValue ||
                !_currentContext.OrganizationAdmin(login.OrganizationId.Value))
            {