nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 15:42:48 -05:00
Code Activity

[SM-567] Change how project permission is resolved (#2791)

Browse Source 
* Change how project permission is resolved

* Fix tests

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
This commit is contained in:
Oscar Hinton
2023-03-09 18:23:50 +01:00
committed by GitHub
parent 15954fb679
commit 6a6b15fada
4 changed files with 45 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/Api/SecretsManager/Controllers/ProjectsController.cs
View File

@ -82,8 +82,7 @@ public class ProjectsController : Controller
[HttpGet("projects/{id}")]
public async Task<ProjectPermissionDetailsResponseModel> GetAsync([FromRoute] Guid id)
{
var userId = _userService.GetProperUserId(User).Value;
var project = await _projectRepository.GetPermissionDetailsByIdAsync(id, userId);
var project = await _projectRepository.GetByIdAsync(id);
if (project == null)
{
throw new NotFoundException();
@ -94,34 +93,18 @@ public class ProjectsController : Controller
throw new NotFoundException();
}
var userId = _userService.GetProperUserId(User).Value;
var orgAdmin = await _currentContext.OrganizationAdmin(project.OrganizationId);
var accessClient = AccessClientHelper.ToAccessClient(_currentContext.ClientType, orgAdmin);
bool hasAccess;
var read = project.Read;
var write = project.Write;
var access = await _projectRepository.AccessToProjectAsync(id, userId, accessClient);
switch (accessClient)
{
case AccessClientType.NoAccessCheck:
hasAccess = true;
write = true;
read = true;
break;
case AccessClientType.User:
hasAccess = project.Read;
break;
default:
hasAccess = false;
break;
}
if (!hasAccess)
if (!access.Read)
{
throw new NotFoundException();
}
return new ProjectPermissionDetailsResponseModel(project, read, write);
return new ProjectPermissionDetailsResponseModel(project, access.Read, access.Write);
}
[HttpPost("projects/delete")]