nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 13:08:17 -05:00
Code

make sure user has access to cipher

Browse Source
This commit is contained in:
Kyle Spearrin 2017-12-18 10:41:44 -05:00
parent f2deff99a7
commit 043de76aa8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Api/Controllers/EventsController.cs
View File

@ -54,7 +54,7 @@ namespace Bit.Api.Controllers
{
var userId = _userService.GetProperUserId(User).Value;
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
if(cipher == null ||
if(cipher == null || (cipher.UserId.HasValue && userId != cipher.UserId) ||
(cipher.OrganizationId.HasValue && !_currentContext.OrganizationAdmin(cipher.OrganizationId.Value)))
{
throw new NotFoundException();