nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 23:52:50 -05:00
Code Activity

[AC-1685] Add ViewAllCollections check to GetOrganizationCollectionsAsync method (#3323)

Browse Source
This commit is contained in:
Shane Melton
2023-10-24 11:30:08 -07:00
committed by GitHub
parent 9007aa6556
commit 2701321659
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/Core/Services/Implementations/CollectionService.cs
View File

@ -98,7 +98,13 @@ public class CollectionService : ICollectionService
public async Task<IEnumerable<Collection>> GetOrganizationCollectionsAsync(Guid organizationId)
{
if (!await _currentContext.ViewAssignedCollections(organizationId) && !await _currentContext.ManageUsers(organizationId) && !await _currentContext.ManageGroups(organizationId) && !await _currentContext.AccessImportExport(organizationId))
if (
!await _currentContext.ViewAssignedCollections(organizationId) &&
!await _currentContext.ViewAllCollections(organizationId) &&
!await _currentContext.ManageUsers(organizationId) &&
!await _currentContext.ManageGroups(organizationId) &&
!await _currentContext.AccessImportExport(organizationId)
)
{
throw new NotFoundException();
}