nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 05:00:19 -05:00
Code

Wrong business logic checking for invalid permissions.

Browse Source
This commit is contained in:
Jonas Hendrickx 2025-03-26 15:01:32 +01:00
parent f6143b12d6
commit 990df5ef6a
No known key found for this signature in database
GPG Key ID: C4B27F601CE4317D
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Core/OrganizationFeatures/OrganizationSponsorships/FamiliesForEnterprise/SponsorshipCreation/CreateAdminInitiatedSponsorshipHandler.cs
View File

@ -28,10 +28,10 @@ public class CreateAdminInitiatedSponsorshipHandler(
OrganizationUserType[] allowedUserTypes =
[
OrganizationUserType.Admin,
OrganizationUserType.Owner,
OrganizationUserType.Custom
OrganizationUserType.Owner
];
if (!organization.Permissions.ManageUsers || allowedUserTypes.All(x => x != organization.Type))
if (!organization.Permissions.ManageUsers && allowedUserTypes.All(x => x != organization.Type))
{
throw new UnauthorizedAccessException("You do not have permissions to send sponsorships on behalf of the organization.");
}