diff --git a/src/Core/Vault/Authorization/Permissions/NormalCipherPermissions.cs b/src/Core/Vault/Authorization/Permissions/NormalCipherPermissions.cs index fbd553d772..bb3bafb230 100644 --- a/src/Core/Vault/Authorization/Permissions/NormalCipherPermissions.cs +++ b/src/Core/Vault/Authorization/Permissions/NormalCipherPermissions.cs @@ -14,7 +14,7 @@ public class NormalCipherPermissions throw new Exception("Cipher needs to belong to a user or an organization."); } - if (user.Id == cipherDetails.UserId) + if (cipherDetails.OrganizationId == null && user.Id == cipherDetails.UserId) { return true; } diff --git a/test/Api.Test/Vault/Controllers/CiphersControllerTests.cs b/test/Api.Test/Vault/Controllers/CiphersControllerTests.cs index 416b92f841..f689124abd 100644 --- a/test/Api.Test/Vault/Controllers/CiphersControllerTests.cs +++ b/test/Api.Test/Vault/Controllers/CiphersControllerTests.cs @@ -79,7 +79,7 @@ public class CiphersControllerTests sutProvider.GetDependency().GetByIdAsync(id, userId).ReturnsForAnyArgs(cipherDetails); sutProvider.GetDependency().GetManyByUserIdCipherIdAsync(userId, id).Returns((ICollection)new List()); - sutProvider.GetDependency().GetOrganizationAbilitiesAsync().Returns(new Dictionary { { cipherDetails.OrganizationId.Value, new OrganizationAbility() } }); + sutProvider.GetDependency().GetOrganizationAbilitiesAsync().Returns(new Dictionary { { cipherDetails.OrganizationId.Value, new OrganizationAbility { Id = cipherDetails.OrganizationId.Value } } }); var cipherService = sutProvider.GetDependency(); await sutProvider.Sut.PutCollections_vNext(id, model); @@ -95,7 +95,7 @@ public class CiphersControllerTests sutProvider.GetDependency().GetByIdAsync(id, userId).ReturnsForAnyArgs(cipherDetails); sutProvider.GetDependency().GetManyByUserIdCipherIdAsync(userId, id).Returns((ICollection)new List()); - sutProvider.GetDependency().GetOrganizationAbilitiesAsync().Returns(new Dictionary { { cipherDetails.OrganizationId.Value, new OrganizationAbility() } }); + sutProvider.GetDependency().GetOrganizationAbilitiesAsync().Returns(new Dictionary { { cipherDetails.OrganizationId.Value, new OrganizationAbility { Id = cipherDetails.OrganizationId.Value } } }); var result = await sutProvider.Sut.PutCollections_vNext(id, model); diff --git a/test/Core.Test/Vault/Authorization/Permissions/NormalCipherPermissionTests.cs b/test/Core.Test/Vault/Authorization/Permissions/NormalCipherPermissionTests.cs index 9d18adc3a6..6e1bc847fe 100644 --- a/test/Core.Test/Vault/Authorization/Permissions/NormalCipherPermissionTests.cs +++ b/test/Core.Test/Vault/Authorization/Permissions/NormalCipherPermissionTests.cs @@ -74,7 +74,7 @@ public class NormalCipherPermissionTests var cipherDetails = new CipherDetails { UserId = null, OrganizationId = Guid.NewGuid() }; // Act - var exception = Assert.Throws(() => NormalCipherPermissions.CanDelete(user, cipherDetails, organizationAbility)); + var exception = Assert.Throws(() => NormalCipherPermissions.CanRestore(user, cipherDetails, organizationAbility)); // Assert Assert.Equal("Cipher does not belong to the input organization.", exception.Message); @@ -92,11 +92,11 @@ public class NormalCipherPermissionTests // Arrange var user = new User { Id = Guid.Empty }; var organizationId = Guid.NewGuid(); - var cipherDetails = new CipherDetails { Manage = manage, Edit = edit, UserId = null, OrganizationId = organizationId }; + var cipherDetails = new CipherDetails { Manage = manage, Edit = edit, UserId = user.Id, OrganizationId = organizationId }; var organizationAbility = new OrganizationAbility { Id = organizationId, LimitItemDeletion = limitItemDeletion }; // Act - var result = NormalCipherPermissions.CanRestore(user, cipherDetails, organizationAbility); + var result = NormalCipherPermissions.CanDelete(user, cipherDetails, organizationAbility); // Assert Assert.Equal(result, expectedResult);