nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 21:18:13 -05:00
Code

[EC-276] Admin with custom permission is unable to manage all collections (#2143)

Browse Source 
* Updated CollectionService.GetOrganizationCollections to check if the user has permissions to view all collections

Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com>
This commit is contained in:
Rui Tomé 2022-07-28 17:23:43 +01:00 committed by GitHub
parent 169a4381dd
commit 038d5e7734
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Core/Services/Implementations/CollectionService.cs
View File

@ -124,9 +124,9 @@ namespace Bit.Core.Services
} }
IEnumerable<Collection> orgCollections; IEnumerable<Collection> orgCollections;
if (await _currentContext.OrganizationAdmin(organizationId)) if (await _currentContext.OrganizationAdmin(organizationId) || await _currentContext.ViewAllCollections(organizationId))
{ {
// Admins, Owners and Providers can access all items even if not assigned to them // Admins, Owners, Providers and Custom (with collection management permissions) can access all items even if not assigned to them
orgCollections = await _collectionRepository.GetManyByOrganizationIdAsync(organizationId); orgCollections = await _collectionRepository.GetManyByOrganizationIdAsync(organizationId);
} }
else else