nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 15:42:48 -05:00
Code Activity

[AC-2172] Member modal - limit admin access (#3934)

Browse Source 
* update OrganizationUsersController PUT and POST
* enforces new collection access checks when updating members
* refactor BulkCollectionAuthorizationHandler to avoid repeated db calls
This commit is contained in:
Thomas Rittson
2024-04-29 11:02:06 +10:00
committed by GitHub
parent 8142ba7bf2
commit ba36b2d26a
6 changed files with 463 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
util/Migrator/DbScripts/2024-04-05_00_OrganizationUserReadWithCollectionsById.sql Normal file
View File

@ -0,0 +1,21 @@
-- Update to add the Manage column
CREATE OR ALTER PROCEDURE [dbo].[OrganizationUser_ReadWithCollectionsById]
@Id UNIQUEIDENTIFIER
AS
BEGIN
SET NOCOUNT ON
EXEC [OrganizationUser_ReadById] @Id
SELECT
CU.[CollectionId] Id,
CU.[ReadOnly],
CU.[HidePasswords],
CU.[Manage]
FROM
[dbo].[OrganizationUser] OU
INNER JOIN
[dbo].[CollectionUser] CU ON OU.[AccessAll] = 0 AND CU.[OrganizationUserId] = [OU].[Id]
WHERE
[OrganizationUserId] = @Id
END