From 2b5981ab75a1fade4cfa173a6bb64bc09f4a9878 Mon Sep 17 00:00:00 2001
From: Oscar Hinton <oscar@oscarhinton.com>
Date: Tue, 31 Aug 2021 19:01:29 +0200
Subject: [PATCH] [Provider] Verify user is owner of organization (#1167)

(cherry picked from commit e69e85d8b3341325a2ccee3dd077c55f4cf92446)
---
 .../src/app/providers/clients/clients.component.ts              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bitwarden_license/src/app/providers/clients/clients.component.ts b/bitwarden_license/src/app/providers/clients/clients.component.ts
index 91e1edda..0b65fe58 100644
--- a/bitwarden_license/src/app/providers/clients/clients.component.ts
+++ b/bitwarden_license/src/app/providers/clients/clients.component.ts
@@ -82,7 +82,7 @@ export class ClientsComponent implements OnInit {
         const response = await this.apiService.getProviderClients(this.providerId);
         this.clients = response.data != null && response.data.length > 0 ? response.data : [];
         this.manageOrganizations = (await this.userService.getProvider(this.providerId)).type === ProviderUserType.ProviderAdmin;
-        const candidateOrgs = (await this.userService.getAllOrganizations()).filter(o => o.providerId == null);
+        const candidateOrgs = (await this.userService.getAllOrganizations()).filter(o => o.isOwner && o.providerId == null);
         const allowedOrgsIds = await Promise.all(candidateOrgs.map(o => this.apiService.getOrganization(o.id))).then(orgs =>
             orgs.filter(o => !DisallowedPlanTypes.includes(o.planType))
                 .map(o => o.id));