nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-01 08:02:49 -05:00
Code Activity

[AC-1443] Update manager permission to only see collections they have access to (#3071)

Browse Source 
* [AC-1443] Changed CurrentContext.ViewAllCollections to only check if the user can edit or delete any collection

* [AC-1443] Renamed ICollectionService.GetOrganizationCollections to GetOrganizationCollectionsAsync

* [AC-1443] Changed CollectionService.GetOrganizationCollectionsAsync to first check CurrentContext.ViewAssignedCollections instead
Added unit tests

* [AC-1443] Added new unit test to check for Exception when user does not have permission
This commit is contained in:
Rui Tomé
2023-08-08 16:54:10 +01:00
committed by GitHub
parent 5275f22f12
commit 95b7652ca9
7 changed files with 63 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Api/Controllers/CollectionsController.cs
View File

@ -112,7 +112,7 @@ public class CollectionsController : Controller
[HttpGet("")]
public async Task<ListResponseModel<CollectionResponseModel>> Get(Guid orgId)
{
IEnumerable<Collection> orgCollections = await _collectionService.GetOrganizationCollections(orgId);
IEnumerable<Collection> orgCollections = await _collectionService.GetOrganizationCollectionsAsync(orgId);
var responses = orgCollections.Select(c => new CollectionResponseModel(c));
return new ListResponseModel<CollectionResponseModel>(responses);
@ -209,7 +209,7 @@ public class CollectionsController : Controller
throw new NotFoundException();
}
var userCollections = await _collectionService.GetOrganizationCollections(orgId);
var userCollections = await _collectionService.GetOrganizationCollectionsAsync(orgId);
var filteredCollections = userCollections.Where(c => collectionIds.Contains(c.Id) && c.OrganizationId == orgId);
if (!filteredCollections.Any())