mirror of
https://github.com/bitwarden/server.git
synced 2025-07-04 01:22:50 -05:00
Admins are not limited by collection controls
This commit is contained in:
@ -54,8 +54,7 @@ namespace Bit.Api.Controllers
|
||||
[HttpGet("{id}/admin")]
|
||||
public async Task<LoginResponseModel> GetAdmin(string id)
|
||||
{
|
||||
var userId = _userService.GetProperUserId(User).Value;
|
||||
var login = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
|
||||
var login = await _cipherRepository.GetDetailsByIdAsync(new Guid(id));
|
||||
if(login == null || !login.OrganizationId.HasValue ||
|
||||
!_currentContext.OrganizationAdmin(login.OrganizationId.Value))
|
||||
{
|
||||
@ -131,7 +130,7 @@ namespace Bit.Api.Controllers
|
||||
public async Task<LoginResponseModel> PutAdmin(string id, [FromBody]LoginRequestModel model)
|
||||
{
|
||||
var userId = _userService.GetProperUserId(User).Value;
|
||||
var login = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
|
||||
var login = await _cipherRepository.GetDetailsByIdAsync(new Guid(id));
|
||||
if(login == null || !login.OrganizationId.HasValue ||
|
||||
!_currentContext.OrganizationAdmin(login.OrganizationId.Value))
|
||||
{
|
||||
|
Reference in New Issue
Block a user