permission checks for cipher crud operations

2025-07-01 08:02:49 -05:00 · 2017-03-24 09:27:15 -04:00
parent 0dae19bd4f
commit 10c72fafda
10 changed files with 78 additions and 11 deletions
--- a/src/Api/Controllers/CiphersController.cs
+++ b/src/Api/Controllers/CiphersController.cs
@ -127,7 +127,7 @@ namespace Bit.Api.Controllers
                throw new NotFoundException();
            }

-            await _cipherService.DeleteAsync(cipher);
+            await _cipherService.DeleteAsync(cipher, userId);
        }
    }
 }
--- a/src/Api/Controllers/LoginsController.cs
+++ b/src/Api/Controllers/LoginsController.cs
@ -59,7 +59,7 @@ namespace Bit.Api.Controllers
        {
            var userId = _userService.GetProperUserId(User).Value;
            var login = model.ToCipherDetails(userId);
-            await _cipherService.SaveAsync(login);
+            await _cipherService.SaveAsync(login, userId);

            var response = new LoginResponseModel(login);
            return response;
@ -76,7 +76,7 @@ namespace Bit.Api.Controllers
                throw new NotFoundException();
            }

-            await _cipherService.SaveAsync(model.ToCipherDetails(login));
+            await _cipherService.SaveAsync(model.ToCipherDetails(login), userId);

            var response = new LoginResponseModel(login);
            return response;
@ -86,13 +86,14 @@ namespace Bit.Api.Controllers
        [HttpPost("{id}/delete")]
        public async Task Delete(string id)
        {
-            var login = await _cipherRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value);
+            var userId = _userService.GetProperUserId(User).Value;
+            var login = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
            if(login == null || login.Type != Core.Enums.CipherType.Login)
            {
                throw new NotFoundException();
            }

-            await _cipherService.DeleteAsync(login);
+            await _cipherService.DeleteAsync(login, userId);
        }
    }
 }