server/OrganizationDomain_ReadByIdOrganizationId.sql at cd376bee7ff208d78bfc42d61348e91e5ac9d303 - server - Gaunt Gitea

bitwarden/server

mirror of https://github.com/bitwarden/server synced 2026-01-02 16:43:25 +00:00

Files

Rui Tomé 21219262a2 [PM-3779] idor allow the attacker to delete the victim domain (#3308 )

* [PM-3779] Added IOrganizationDomainRepository.GetDomainByIdAndOrganizationIdAsync and SQL stored procedure

* [PM-3779] Changed GetOrganizationDomainByIdQuery to also take OrgId as a parameter. Updated existing unit tests and added new. Updated controller to match command changes

* [PM-3779] Removed type from url routes

* [PM-3779] Renamed IGetOrganizationDomainByIdAndOrganizationIdQuery to IGetOrganizationDomainByIdOrganizationIdQuery

* [PM-3779] Renamed GetOrganizationDomainByIdOrganizationIdQueryTests file and added more tests

2023-10-18 11:57:59 +01:00

17 lines

278 B

Transact-SQL

Raw Blame History

 CREATE PROCEDURE [dbo].[OrganizationDomain_ReadByIdOrganizationId]
     @Id UNIQUEIDENTIFIER,
     @OrganizationId UNIQUEIDENTIFIER
 AS
 BEGIN
     SET NOCOUNT ON
 SELECT
     *
 FROM
     [dbo].[OrganizationDomain]
 WHERE
     [Id] = @Id
   AND
     [OrganizationId] = @OrganizationId
 END