1
0
mirror of https://github.com/bitwarden/server.git synced 2025-07-04 01:22:50 -05:00

Admins are not limited by collection controls

This commit is contained in:
Kyle Spearrin
2017-09-06 13:01:22 -04:00
parent 06bdda5717
commit b06aae7cfd
8 changed files with 48 additions and 8 deletions

View File

@ -54,8 +54,7 @@ namespace Bit.Api.Controllers
[HttpGet("{id}/admin")]
public async Task<LoginResponseModel> GetAdmin(string id)
{
var userId = _userService.GetProperUserId(User).Value;
var login = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
var login = await _cipherRepository.GetDetailsByIdAsync(new Guid(id));
if(login == null || !login.OrganizationId.HasValue ||
!_currentContext.OrganizationAdmin(login.OrganizationId.Value))
{
@ -131,7 +130,7 @@ namespace Bit.Api.Controllers
public async Task<LoginResponseModel> PutAdmin(string id, [FromBody]LoginRequestModel model)
{
var userId = _userService.GetProperUserId(User).Value;
var login = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
var login = await _cipherRepository.GetDetailsByIdAsync(new Guid(id));
if(login == null || !login.OrganizationId.HasValue ||
!_currentContext.OrganizationAdmin(login.OrganizationId.Value))
{