nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-06 05:28:15 -05:00
Code

[AC-1105] allow users with manage groups permission to access collections (#2780)

Browse Source
This commit is contained in:
Jake Fink 2023-03-13 11:09:44 -04:00 committed by GitHub
parent 24d227d075
commit 2f6e463012
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Api/Controllers/CollectionsController.cs
View File

@ -79,7 +79,7 @@ public class CollectionsController : Controller
[HttpGet("details")] [HttpGet("details")]
public async Task<ListResponseModel<CollectionAccessDetailsResponseModel>> GetManyWithDetails(Guid orgId) public async Task<ListResponseModel<CollectionAccessDetailsResponseModel>> GetManyWithDetails(Guid orgId)
{ {
if (!await ViewAtLeastOneCollectionAsync(orgId) && !await _currentContext.ManageUsers(orgId)) if (!await ViewAtLeastOneCollectionAsync(orgId) && !await _currentContext.ManageUsers(orgId) && !await _currentContext.ManageGroups(orgId))
{ {
throw new NotFoundException(); throw new NotFoundException();
} }

2
src/Core/Services/Implementations/CollectionService.cs
View File

@ -97,7 +97,7 @@ public class CollectionService : ICollectionService
public async Task<IEnumerable<Collection>> GetOrganizationCollections(Guid organizationId) public async Task<IEnumerable<Collection>> GetOrganizationCollections(Guid organizationId)
{ {
if (!await _currentContext.ViewAllCollections(organizationId) && !await _currentContext.ManageUsers(organizationId)) if (!await _currentContext.ViewAllCollections(organizationId) && !await _currentContext.ManageUsers(organizationId) && !await _currentContext.ManageGroups(organizationId))
{ {
throw new NotFoundException(); throw new NotFoundException();
} }