nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-01 08:02:49 -05:00
Code Activity

[AC-1443] Update manager permission to only see collections they have access to (#3071)

Browse Source 
* [AC-1443] Changed CurrentContext.ViewAllCollections to only check if the user can edit or delete any collection

* [AC-1443] Renamed ICollectionService.GetOrganizationCollections to GetOrganizationCollectionsAsync

* [AC-1443] Changed CollectionService.GetOrganizationCollectionsAsync to first check CurrentContext.ViewAssignedCollections instead
Added unit tests

* [AC-1443] Added new unit test to check for Exception when user does not have permission
This commit is contained in:
Rui Tomé
2023-08-08 16:54:10 +01:00
committed by GitHub
parent 5275f22f12
commit 95b7652ca9
7 changed files with 63 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Core/Services/ICollectionService.cs
View File

@ -7,5 +7,5 @@ public interface ICollectionService
{
Task SaveAsync(Collection collection, IEnumerable<CollectionAccessSelection> groups = null, IEnumerable<CollectionAccessSelection> users = null, Guid? assignUserId = null);
Task DeleteUserAsync(Collection collection, Guid organizationUserId);
Task<IEnumerable<Collection>> GetOrganizationCollections(Guid organizationId);
Task<IEnumerable<Collection>> GetOrganizationCollectionsAsync(Guid organizationId);
}

4
src/Core/Services/Implementations/CollectionService.cs
View File

@ -96,9 +96,9 @@ public class CollectionService : ICollectionService
await _eventService.LogOrganizationUserEventAsync(orgUser, Enums.EventType.OrganizationUser_Updated);
}
public async Task<IEnumerable<Collection>> GetOrganizationCollections(Guid organizationId)
public async Task<IEnumerable<Collection>> GetOrganizationCollectionsAsync(Guid organizationId)
{
if (!await _currentContext.ViewAllCollections(organizationId) && !await _currentContext.ManageUsers(organizationId) && !await _currentContext.ManageGroups(organizationId) && !await _currentContext.AccessImportExport(organizationId))
if (!await _currentContext.ViewAssignedCollections(organizationId) && !await _currentContext.ManageUsers(organizationId) && !await _currentContext.ManageGroups(organizationId) && !await _currentContext.AccessImportExport(organizationId))
{
throw new NotFoundException();
}