nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 21:18:13 -05:00
Code

Wrong business logic checking for invalid permissions.

Browse Source
This commit is contained in:
Jonas Hendrickx 2025-03-26 15:01:32 +01:00
parent f6143b12d6
commit 990df5ef6a
No known key found for this signature in database
GPG Key ID: C4B27F601CE4317D
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Core/OrganizationFeatures/OrganizationSponsorships/FamiliesForEnterprise/SponsorshipCreation/CreateAdminInitiatedSponsorshipHandler.cs
View File

@ -28,10 +28,10 @@ public class CreateAdminInitiatedSponsorshipHandler(
OrganizationUserType[] allowedUserTypes = OrganizationUserType[] allowedUserTypes =
[ [
OrganizationUserType.Admin, OrganizationUserType.Admin,
OrganizationUserType.Owner, OrganizationUserType.Owner
OrganizationUserType.Custom
]; ];
if (!organization.Permissions.ManageUsers || allowedUserTypes.All(x => x != organization.Type))
if (!organization.Permissions.ManageUsers && allowedUserTypes.All(x => x != organization.Type))
{ {
throw new UnauthorizedAccessException("You do not have permissions to send sponsorships on behalf of the organization."); throw new UnauthorizedAccessException("You do not have permissions to send sponsorships on behalf of the organization.");
} }