nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-06 05:28:15 -05:00
Code

[AC-1104] [AC-1265] Allow custom users with import/export permission to get export organization ciphers (#2837)

Browse Source 
* [AC-1265] Allow users with custom import/export permission to get organization ciphers

* [AC-1104] Fix to allow custom users with import/export permission to access all collections/ciphers in their organization

* [AC-1104] Remove redundant OrganizationAdmin checks
This commit is contained in:
Shane Melton 2023-05-30 16:30:19 -07:00 committed by GitHub
parent ab1204e859
commit 767993e266
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Core/Services/Implementations/CollectionService.cs
View File

@ -98,15 +98,15 @@ public class CollectionService : ICollectionService
public async Task<IEnumerable<Collection>> GetOrganizationCollections(Guid organizationId) public async Task<IEnumerable<Collection>> GetOrganizationCollections(Guid organizationId)
{ {
if (!await _currentContext.ViewAllCollections(organizationId) && !await _currentContext.ManageUsers(organizationId) && !await _currentContext.ManageGroups(organizationId)) if (!await _currentContext.ViewAllCollections(organizationId) && !await _currentContext.ManageUsers(organizationId) && !await _currentContext.ManageGroups(organizationId) && !await _currentContext.AccessImportExport(organizationId))
{ {
throw new NotFoundException(); throw new NotFoundException();
} }
IEnumerable<Collection> orgCollections; IEnumerable<Collection> orgCollections;
if (await _currentContext.OrganizationAdmin(organizationId) || await _currentContext.ViewAllCollections(organizationId)) if (await _currentContext.ViewAllCollections(organizationId) || await _currentContext.AccessImportExport(organizationId))
{ {
// Admins, Owners, Providers and Custom (with collection management permissions) can access all items even if not assigned to them // Admins, Owners, Providers and Custom (with collection management or import/export permissions) can access all items even if not assigned to them
orgCollections = await _collectionRepository.GetManyByOrganizationIdAsync(organizationId); orgCollections = await _collectionRepository.GetManyByOrganizationIdAsync(organizationId);
} }
else else

6
src/Core/Vault/Services/Implementations/CipherService.cs
View File

@ -870,15 +870,15 @@ public class CipherService : ICipherService
public async Task<(IEnumerable<CipherOrganizationDetails>, Dictionary<Guid, IGrouping<Guid, CollectionCipher>>)> GetOrganizationCiphers(Guid userId, Guid organizationId) public async Task<(IEnumerable<CipherOrganizationDetails>, Dictionary<Guid, IGrouping<Guid, CollectionCipher>>)> GetOrganizationCiphers(Guid userId, Guid organizationId)
{ {
if (!await _currentContext.ViewAllCollections(organizationId) && !await _currentContext.AccessReports(organizationId)) if (!await _currentContext.ViewAllCollections(organizationId) && !await _currentContext.AccessReports(organizationId) && !await _currentContext.AccessImportExport(organizationId))
{ {
throw new NotFoundException(); throw new NotFoundException();
} }
IEnumerable<CipherOrganizationDetails> orgCiphers; IEnumerable<CipherOrganizationDetails> orgCiphers;
if (await _currentContext.OrganizationAdmin(organizationId)) if (await _currentContext.AccessImportExport(organizationId))
{ {
// Admins, Owners and Providers can access all items even if not assigned to them // Admins, Owners, Providers and Custom (with import/export permission) can access all items even if not assigned to them
orgCiphers = await _cipherRepository.GetManyOrganizationDetailsByOrganizationIdAsync(organizationId); orgCiphers = await _cipherRepository.GetManyOrganizationDetailsByOrganizationIdAsync(organizationId);
} }
else else