nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 05:00:19 -05:00
Code

[EC-235] Give Admins (and above) access to all items (#2036)

Browse Source
This commit is contained in:
Thomas Rittson 2022-06-07 10:33:39 +10:00 committed by GitHub
parent b070e9a387
commit f602df2eb9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/Api/Controllers/CiphersController.cs
View File

@ -225,10 +225,9 @@ namespace Bit.Api.Controllers
} }
IEnumerable<Cipher> orgCiphers; IEnumerable<Cipher> orgCiphers;
if (await _currentContext.OrganizationOwner(orgIdGuid)) if (await _currentContext.OrganizationAdmin(orgIdGuid))
{ {
// User may be a Provider for the organization, in which case GetManyByUserIdAsync won't return any results // Admins, Owners and Providers can access all items even if not assigned to them
// But they have access to all organization ciphers, so we can safely get by orgId instead
orgCiphers = await _cipherRepository.GetManyByOrganizationIdAsync(orgIdGuid); orgCiphers = await _cipherRepository.GetManyByOrganizationIdAsync(orgIdGuid);
} }
else else

5
src/Api/Controllers/CollectionsController.cs
View File

@ -88,10 +88,9 @@ namespace Bit.Api.Controllers
} }
IEnumerable<Collection> orgCollections; IEnumerable<Collection> orgCollections;
if (await _currentContext.OrganizationOwner(orgIdGuid)) if (await _currentContext.OrganizationAdmin(orgIdGuid))
{ {
// User may be a Provider for the organization, in which case GetManyByUserIdAsync won't return any results // Admins, Owners and Providers can access all items even if not assigned to them
// But they have access to all organization collections, so we can safely get by orgId instead
orgCollections = await _collectionRepository.GetManyByOrganizationIdAsync(orgIdGuid); orgCollections = await _collectionRepository.GetManyByOrganizationIdAsync(orgIdGuid);
} }
else else