nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-12 08:38:13 -05:00
Code

[AC-1685] Add ViewAllCollections check to GetOrganizationCollectionsAsync method (#3323)

Browse Source
This commit is contained in:
Shane Melton 2023-10-24 11:30:08 -07:00 committed by GitHub
parent 9007aa6556
commit 2701321659
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/Core/Services/Implementations/CollectionService.cs
View File

@ -98,7 +98,13 @@ public class CollectionService : ICollectionService
public async Task<IEnumerable<Collection>> GetOrganizationCollectionsAsync(Guid organizationId)
{
if (!await _currentContext.ViewAssignedCollections(organizationId) && !await _currentContext.ManageUsers(organizationId) && !await _currentContext.ManageGroups(organizationId) && !await _currentContext.AccessImportExport(organizationId))
if (
!await _currentContext.ViewAssignedCollections(organizationId) &&
!await _currentContext.ViewAllCollections(organizationId) &&
!await _currentContext.ManageUsers(organizationId) &&
!await _currentContext.ManageGroups(organizationId) &&
!await _currentContext.AccessImportExport(organizationId)
)
{
throw new NotFoundException();
}