From 990df5ef6aeeee49b960807508ddb423e00d4921 Mon Sep 17 00:00:00 2001
From: Jonas Hendrickx <jhendrickx@bitwarden.com>
Date: Wed, 26 Mar 2025 15:01:32 +0100
Subject: [PATCH] Wrong business logic checking for invalid permissions.

---
 .../CreateAdminInitiatedSponsorshipHandler.cs               | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/Core/OrganizationFeatures/OrganizationSponsorships/FamiliesForEnterprise/SponsorshipCreation/CreateAdminInitiatedSponsorshipHandler.cs b/src/Core/OrganizationFeatures/OrganizationSponsorships/FamiliesForEnterprise/SponsorshipCreation/CreateAdminInitiatedSponsorshipHandler.cs
index f36a3719f1..2ae1132b16 100644
--- a/src/Core/OrganizationFeatures/OrganizationSponsorships/FamiliesForEnterprise/SponsorshipCreation/CreateAdminInitiatedSponsorshipHandler.cs
+++ b/src/Core/OrganizationFeatures/OrganizationSponsorships/FamiliesForEnterprise/SponsorshipCreation/CreateAdminInitiatedSponsorshipHandler.cs
@@ -28,10 +28,10 @@ public class CreateAdminInitiatedSponsorshipHandler(
             OrganizationUserType[] allowedUserTypes =
             [
                 OrganizationUserType.Admin,
-                OrganizationUserType.Owner,
-                OrganizationUserType.Custom
+                OrganizationUserType.Owner
             ];
-            if (!organization.Permissions.ManageUsers || allowedUserTypes.All(x => x != organization.Type))
+
+            if (!organization.Permissions.ManageUsers && allowedUserTypes.All(x => x != organization.Type))
             {
                 throw new UnauthorizedAccessException("You do not have permissions to send sponsorships on behalf of the organization.");
             }