From 3f319aee64874102f91f4f57303947fa0161ddf0 Mon Sep 17 00:00:00 2001
From: Kyle Spearrin <kyle.spearrin@gmail.com>
Date: Mon, 22 Oct 2018 10:16:56 -0400
Subject: [PATCH] userid set only when creating with collection ids

---
 src/Core/Services/Implementations/CipherService.cs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Core/Services/Implementations/CipherService.cs b/src/Core/Services/Implementations/CipherService.cs
index fb825670ff..046a2b7fed 100644
--- a/src/Core/Services/Implementations/CipherService.cs
+++ b/src/Core/Services/Implementations/CipherService.cs
@@ -63,11 +63,12 @@ namespace Bit.Core.Services
                 throw new BadRequestException("You do not have permissions to edit this.");
             }
 
-            cipher.UserId = savingUserId;
             if(cipher.Id == default(Guid))
             {
                 if(cipher.OrganizationId.HasValue && collectionIds != null)
                 {
+                    // Set user ID to limit scope of collection ids in the create sproc
+                    cipher.UserId = savingUserId;
                     await _cipherRepository.CreateAsync(cipher, collectionIds);
                 }
                 else