nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-08 14:38:15 -05:00
Code

Let Manage Users permission see group membership (#1135)

Browse Source
This commit is contained in:
Thomas Rittson 2021-02-12 08:14:00 +10:00 committed by GitHub
parent f3bff938c4
commit 61ee3f1e45
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Api/Controllers/GroupsController.cs
View File

@ -60,7 +60,8 @@ namespace Bit.Api.Controllers
var orgIdGuid = new Guid(orgId); var orgIdGuid = new Guid(orgId);
var canAccess = _currentContext.ManageGroups(orgIdGuid) || var canAccess = _currentContext.ManageGroups(orgIdGuid) ||
_currentContext.ManageAssignedCollections(orgIdGuid) || _currentContext.ManageAssignedCollections(orgIdGuid) ||
_currentContext.ManageAllCollections(orgIdGuid); _currentContext.ManageAllCollections(orgIdGuid) ||
_currentContext.ManageUsers(orgIdGuid);
if (!canAccess) if (!canAccess)
{ {

7
src/Api/Controllers/OrganizationUsersController.cs
View File

@ -59,7 +59,9 @@ namespace Bit.Api.Controllers
public async Task<ListResponseModel<OrganizationUserUserDetailsResponseModel>> Get(string orgId) public async Task<ListResponseModel<OrganizationUserUserDetailsResponseModel>> Get(string orgId)
{ {
var orgGuidId = new Guid(orgId); var orgGuidId = new Guid(orgId);
if (!_currentContext.ManageAssignedCollections(orgGuidId) && !_currentContext.ManageGroups(orgGuidId)) if (!_currentContext.ManageAssignedCollections(orgGuidId) &&
!_currentContext.ManageGroups(orgGuidId) &&
!_currentContext.ManageUsers(orgGuidId))
{ {
throw new NotFoundException(); throw new NotFoundException();
} }
@ -75,7 +77,8 @@ namespace Bit.Api.Controllers
public async Task<IEnumerable<string>> GetGroups(string orgId, string id) public async Task<IEnumerable<string>> GetGroups(string orgId, string id)
{ {
var organizationUser = await _organizationUserRepository.GetByIdAsync(new Guid(id)); var organizationUser = await _organizationUserRepository.GetByIdAsync(new Guid(id));
if (organizationUser == null || !_currentContext.ManageGroups(organizationUser.OrganizationId)) if (organizationUser == null || (!_currentContext.ManageGroups(organizationUser.OrganizationId) &&
!_currentContext.ManageUsers(organizationUser.OrganizationId)))
{ {
throw new NotFoundException(); throw new NotFoundException();
} }