nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-19 08:30:59 -05:00
Code Activity

Wrong business logic checking for invalid permissions.

Browse Source
This commit is contained in:
Jonas Hendrickx
2025-03-26 15:01:32 +01:00
parent f6143b12d6
commit 990df5ef6a
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/Core/OrganizationFeatures/OrganizationSponsorships/FamiliesForEnterprise/SponsorshipCreation/CreateAdminInitiatedSponsorshipHandler.cs
View File

@ -28,10 +28,10 @@ public class CreateAdminInitiatedSponsorshipHandler(
OrganizationUserType[] allowedUserTypes =
[
OrganizationUserType.Admin,
OrganizationUserType.Owner,
OrganizationUserType.Custom
OrganizationUserType.Owner
];
if (!organization.Permissions.ManageUsers || allowedUserTypes.All(x => x != organization.Type))
if (!organization.Permissions.ManageUsers && allowedUserTypes.All(x => x != organization.Type))
{
throw new UnauthorizedAccessException("You do not have permissions to send sponsorships on behalf of the organization.");
}