From 76ddcfa2dc4b6a3f93e35e97c690a1f02b2f208d Mon Sep 17 00:00:00 2001
From: Chad Scharf <3904944+cscharf@users.noreply.github.com>
Date: Mon, 14 Mar 2022 15:34:22 -0400
Subject: [PATCH] Fix org manager check on export (#1906)

* Fix org manager check on export

* Fix filter typo from collection to cipher
---
 src/Api/Controllers/CiphersController.cs     | 11 ++++++++---
 src/Api/Controllers/CollectionsController.cs |  5 +++--
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/Api/Controllers/CiphersController.cs b/src/Api/Controllers/CiphersController.cs
index f807553005..74eda1c324 100644
--- a/src/Api/Controllers/CiphersController.cs
+++ b/src/Api/Controllers/CiphersController.cs
@@ -224,12 +224,17 @@ namespace Bit.Api.Controllers
                 throw new NotFoundException();
             }
 
-            var ciphers = await _cipherRepository.GetManyByOrganizationIdAsync(orgIdGuid);
+            var ciphers = await _cipherRepository.GetManyByUserIdAsync(userId, true);
+            var orgCiphers = ciphers.Where(c => c.OrganizationId == orgIdGuid);
+            var orgCipherIds = orgCiphers.Select(c => c.Id);
 
             var collectionCiphers = await _collectionCipherRepository.GetManyByOrganizationIdAsync(orgIdGuid);
-            var collectionCiphersGroupDict = collectionCiphers.GroupBy(c => c.CipherId).ToDictionary(s => s.Key);
+            var collectionCiphersGroupDict = collectionCiphers
+                .Where(c => orgCipherIds.Contains(c.CipherId))
+                .GroupBy(c => c.CipherId).ToDictionary(s => s.Key);
 
-            var responses = ciphers.Select(c => new CipherMiniDetailsResponseModel(c, _globalSettings,
+
+            var responses = orgCiphers.Select(c => new CipherMiniDetailsResponseModel(c, _globalSettings,
                 collectionCiphersGroupDict));
 
             var providerId = await _currentContext.ProviderIdForOrg(orgIdGuid);
diff --git a/src/Api/Controllers/CollectionsController.cs b/src/Api/Controllers/CollectionsController.cs
index d1255fe261..3322e42262 100644
--- a/src/Api/Controllers/CollectionsController.cs
+++ b/src/Api/Controllers/CollectionsController.cs
@@ -87,8 +87,9 @@ namespace Bit.Api.Controllers
                 throw new NotFoundException();
             }
 
-            var collections = await _collectionRepository.GetManyByOrganizationIdAsync(orgIdGuid);
-            var responses = collections.Select(c => new CollectionResponseModel(c));
+            var collections = await _collectionRepository.GetManyByUserIdAsync(_currentContext.UserId.Value);
+            var orgCollections = collections.Where(c => c.OrganizationId == orgIdGuid);
+            var responses = orgCollections.Select(c => new CollectionResponseModel(c));
             return new ListResponseModel<CollectionResponseModel>(responses);
         }