nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 21:18:13 -05:00
Code

[bug] Adjust permissions logic for putting users to a collection (#1834)

Browse Source
This commit is contained in:
Addison Beck 2022-02-01 13:30:37 -05:00 committed by GitHub
parent b47c30d4f4
commit 1e68958b20
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/Api/Controllers/CollectionsController.cs
View File

@ -148,6 +148,11 @@ namespace Bit.Api.Controllers
[HttpPut("{id}/users")] [HttpPut("{id}/users")]
public async Task PutUsers(string orgId, string id, [FromBody] IEnumerable<SelectionReadOnlyRequestModel> model) public async Task PutUsers(string orgId, string id, [FromBody] IEnumerable<SelectionReadOnlyRequestModel> model)
{ {
if (!await CanEditCollectionAsync(orgId, id))
{
throw new NotFoundException();
}
var collection = await GetCollectionAsync(new Guid(id), new Guid(orgId)); var collection = await GetCollectionAsync(new Guid(id), new Guid(orgId));
await _collectionRepository.UpdateUsersAsync(collection.Id, model?.Select(g => g.ToSelectionReadOnly())); await _collectionRepository.UpdateUsersAsync(collection.Id, model?.Select(g => g.ToSelectionReadOnly()));
} }
@ -220,7 +225,7 @@ namespace Bit.Api.Controllers
if (await _currentContext.EditAssignedCollections(orgId)) if (await _currentContext.EditAssignedCollections(orgId))
{ {
return null != _collectionRepository.GetByIdAsync(collectionId, _currentContext.UserId.Value); return null != await _collectionRepository.GetByIdAsync(collectionId, _currentContext.UserId.Value);
} }
return false; return false;