From b39a43210d0311e020c873567320ff08bbc2b5d6 Mon Sep 17 00:00:00 2001
From: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Date: Wed, 15 Jun 2022 12:47:36 +1000
Subject: [PATCH] [EC-235] Reapply permissions fix for Admin cipher endpoint
 (#2061)

* Reapply fix from PR 2036, accidentally clobbered by PR 2022
---
 src/Api/Controllers/CiphersController.cs | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/Api/Controllers/CiphersController.cs b/src/Api/Controllers/CiphersController.cs
index 495f940a89..c72b8ea270 100644
--- a/src/Api/Controllers/CiphersController.cs
+++ b/src/Api/Controllers/CiphersController.cs
@@ -225,10 +225,9 @@ namespace Bit.Api.Controllers
             }
 
             IEnumerable<CipherOrganizationDetails> orgCiphers;
-            if (await _currentContext.OrganizationOwner(orgIdGuid))
+            if (await _currentContext.OrganizationAdmin(orgIdGuid))
             {
-                // User may be a Provider for the organization, in which case GetManyByUserIdAsync won't return any results
-                // But they have access to all organization ciphers, so we can safely get by orgId instead
+                // Admins, Owners and Providers can access all items even if not assigned to them
                 orgCiphers = await _cipherRepository.GetManyOrganizationDetailsByOrganizationIdAsync(orgIdGuid);
             }
             else