From 767993e2667c977b8f93e4a7b46f9f877b1e430a Mon Sep 17 00:00:00 2001 From: Shane Melton Date: Tue, 30 May 2023 16:30:19 -0700 Subject: [PATCH] [AC-1104] [AC-1265] Allow custom users with import/export permission to get export organization ciphers (#2837) * [AC-1265] Allow users with custom import/export permission to get organization ciphers * [AC-1104] Fix to allow custom users with import/export permission to access all collections/ciphers in their organization * [AC-1104] Remove redundant OrganizationAdmin checks --- src/Core/Services/Implementations/CollectionService.cs | 6 +++--- src/Core/Vault/Services/Implementations/CipherService.cs | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/Core/Services/Implementations/CollectionService.cs b/src/Core/Services/Implementations/CollectionService.cs index d5f6507054..16698a77aa 100644 --- a/src/Core/Services/Implementations/CollectionService.cs +++ b/src/Core/Services/Implementations/CollectionService.cs @@ -98,15 +98,15 @@ public class CollectionService : ICollectionService public async Task> GetOrganizationCollections(Guid organizationId) { - if (!await _currentContext.ViewAllCollections(organizationId) && !await _currentContext.ManageUsers(organizationId) && !await _currentContext.ManageGroups(organizationId)) + if (!await _currentContext.ViewAllCollections(organizationId) && !await _currentContext.ManageUsers(organizationId) && !await _currentContext.ManageGroups(organizationId) && !await _currentContext.AccessImportExport(organizationId)) { throw new NotFoundException(); } IEnumerable orgCollections; - if (await _currentContext.OrganizationAdmin(organizationId) || await _currentContext.ViewAllCollections(organizationId)) + if (await _currentContext.ViewAllCollections(organizationId) || await _currentContext.AccessImportExport(organizationId)) { - // Admins, Owners, Providers and Custom (with collection management permissions) can access all items even if not assigned to them + // Admins, Owners, Providers and Custom (with collection management or import/export permissions) can access all items even if not assigned to them orgCollections = await _collectionRepository.GetManyByOrganizationIdAsync(organizationId); } else diff --git a/src/Core/Vault/Services/Implementations/CipherService.cs b/src/Core/Vault/Services/Implementations/CipherService.cs index 868a13a7f8..f0e84eb634 100644 --- a/src/Core/Vault/Services/Implementations/CipherService.cs +++ b/src/Core/Vault/Services/Implementations/CipherService.cs @@ -870,15 +870,15 @@ public class CipherService : ICipherService public async Task<(IEnumerable, Dictionary>)> GetOrganizationCiphers(Guid userId, Guid organizationId) { - if (!await _currentContext.ViewAllCollections(organizationId) && !await _currentContext.AccessReports(organizationId)) + if (!await _currentContext.ViewAllCollections(organizationId) && !await _currentContext.AccessReports(organizationId) && !await _currentContext.AccessImportExport(organizationId)) { throw new NotFoundException(); } IEnumerable orgCiphers; - if (await _currentContext.OrganizationAdmin(organizationId)) + if (await _currentContext.AccessImportExport(organizationId)) { - // Admins, Owners and Providers can access all items even if not assigned to them + // Admins, Owners, Providers and Custom (with import/export permission) can access all items even if not assigned to them orgCiphers = await _cipherRepository.GetManyOrganizationDetailsByOrganizationIdAsync(organizationId); } else