From 61ee3f1e45e8b711bb7dd10ad662a6b869ce7546 Mon Sep 17 00:00:00 2001
From: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Date: Fri, 12 Feb 2021 08:14:00 +1000
Subject: [PATCH] Let Manage Users permission see group membership (#1135)

---
 src/Api/Controllers/GroupsController.cs            | 3 ++-
 src/Api/Controllers/OrganizationUsersController.cs | 7 +++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/Api/Controllers/GroupsController.cs b/src/Api/Controllers/GroupsController.cs
index 0ba2eeaf40..73fc9aebed 100644
--- a/src/Api/Controllers/GroupsController.cs
+++ b/src/Api/Controllers/GroupsController.cs
@@ -60,7 +60,8 @@ namespace Bit.Api.Controllers
             var orgIdGuid = new Guid(orgId);
             var canAccess = _currentContext.ManageGroups(orgIdGuid) ||
                 _currentContext.ManageAssignedCollections(orgIdGuid) ||
-                _currentContext.ManageAllCollections(orgIdGuid);
+                _currentContext.ManageAllCollections(orgIdGuid) ||
+                _currentContext.ManageUsers(orgIdGuid);
 
             if (!canAccess)
             {
diff --git a/src/Api/Controllers/OrganizationUsersController.cs b/src/Api/Controllers/OrganizationUsersController.cs
index c00653a610..bbeb1c921f 100644
--- a/src/Api/Controllers/OrganizationUsersController.cs
+++ b/src/Api/Controllers/OrganizationUsersController.cs
@@ -59,7 +59,9 @@ namespace Bit.Api.Controllers
         public async Task<ListResponseModel<OrganizationUserUserDetailsResponseModel>> Get(string orgId)
         {
             var orgGuidId = new Guid(orgId);
-            if (!_currentContext.ManageAssignedCollections(orgGuidId) && !_currentContext.ManageGroups(orgGuidId))
+            if (!_currentContext.ManageAssignedCollections(orgGuidId) &&
+                !_currentContext.ManageGroups(orgGuidId) &&
+                !_currentContext.ManageUsers(orgGuidId))
             {
                 throw new NotFoundException();
             }
@@ -75,7 +77,8 @@ namespace Bit.Api.Controllers
         public async Task<IEnumerable<string>> GetGroups(string orgId, string id)
         {
             var organizationUser = await _organizationUserRepository.GetByIdAsync(new Guid(id));
-            if (organizationUser == null || !_currentContext.ManageGroups(organizationUser.OrganizationId))
+            if (organizationUser == null || (!_currentContext.ManageGroups(organizationUser.OrganizationId) &&
+                                             !_currentContext.ManageUsers(organizationUser.OrganizationId)))
             {
                 throw new NotFoundException();
             }