nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-07 02:52:50 -05:00
Code Activity

Fix policy enforcement against invited users (#1680)

Browse Source
This commit is contained in:
Thomas Rittson
2021-11-03 07:08:13 +10:00
committed by GitHub
parent 07b8e2a946
commit e57bef6af4
4 changed files with 98 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/Sql/dbo/Functions/PolicyApplicableToUser.sql
View File

@ -23,7 +23,16 @@ LEFT JOIN
ON PUPO.UserId = OU.UserId
AND PUPO.OrganizationId = P.OrganizationId
WHERE
OU.[UserId] = @UserId
(
(
OU.[Status] > 0
AND OU.[UserId] = @UserId
)
OR (
OU.[Status] = 0 -- 'Invited' OrgUsers are not linked to a UserId yet, so we have to look up their email
AND OU.[Email] IN (SELECT U.Email FROM [dbo].[UserView] U WHERE U.Id = @UserId)
)
)
AND P.[Type] = @PolicyType
AND P.[Enabled] = 1
AND OU.[Status] >= @MinimumStatus