Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weโ€™ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PM-5450] Add check for admin/org access for events #4705

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
+19 โˆ’2
Open

[PM-5450] Add check for admin/org access for events #4705

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
db625c3
check to see if the org allows access to collections/ciphers to ownerโ€ฆ
nick-livefront Aug 26, 2024
8d41243
linter
nick-livefront Aug 27, 2024
9ec9682
Merge branch 'main' of https://github.com/bitwarden/server into vaultโ€ฆ
nick-livefront Aug 27, 2024
7fbd875
add check for organization value before attempting to use it
nick-livefront Aug 27, 2024
7c2d18a
refactor logic to check for org abilities
nick-livefront Aug 28, 2024
6e5532b
remove checks for organization abilities
nick-livefront Sep 13, 2024
50ce7a6
check for organization when recording an event from owner/admin
nick-livefront Sep 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 19 additions & 2 deletions src/Events/Controllers/CollectController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,19 +19,22 @@
private readonly ICipherRepository _cipherRepository;
private readonly IOrganizationRepository _organizationRepository;
private readonly IFeatureService _featureService;
private readonly IApplicationCacheService _applicationCacheService;

public CollectController(
ICurrentContext currentContext,
IEventService eventService,
ICipherRepository cipherRepository,
IOrganizationRepository organizationRepository,
IFeatureService featureService)
IFeatureService featureService,
IApplicationCacheService applicationCacheService)

Check warning on line 30 in src/Events/Controllers/CollectController.cs

View check run for this annotation

Codecov / codecov/patch

src/Events/Controllers/CollectController.cs#L29-L30 

Added lines #L29 - L30 were not covered by tests
{
_currentContext = currentContext;
_eventService = eventService;
_cipherRepository = cipherRepository;
_organizationRepository = organizationRepository;
_featureService = featureService;
_applicationCacheService = applicationCacheService;

Check warning on line 37 in src/Events/Controllers/CollectController.cs

View check run for this annotation

Codecov / codecov/patch

src/Events/Controllers/CollectController.cs#L37 

Added line #L37 was not covered by tests
}

[HttpPost]
Expand Down Expand Up @@ -77,7 +80,21 @@
}
if (cipher == null)
{
continue;
// When the user cannot access the cipher directly, check if the organization allows for
// admin/owners access to all collections and the user can access the cipher from that perspective.
if (!eventModel.OrganizationId.HasValue)
{
continue;

Check warning on line 87 in src/Events/Controllers/CollectController.cs

View check run for this annotation

Codecov / codecov/patch

src/Events/Controllers/CollectController.cs#L86-L87 

Added lines #L86 - L87 were not covered by tests
}

cipher = await _cipherRepository.GetByIdAsync(eventModel.CipherId.Value);

Check warning on line 90 in src/Events/Controllers/CollectController.cs

View check run for this annotation

Codecov / codecov/patch

src/Events/Controllers/CollectController.cs#L90 

Added line #L90 was not covered by tests
var cipherBelongsToOrg = cipher.OrganizationId == eventModel.OrganizationId;
var org = _currentContext.GetOrganization(eventModel.OrganizationId.Value);

Check warning on line 92 in src/Events/Controllers/CollectController.cs

View check run for this annotation

Codecov / codecov/patch

src/Events/Controllers/CollectController.cs#L92 

Added line #L92 was not covered by tests

if (!cipherBelongsToOrg || org == null || cipher == null)
{
continue;

Check warning on line 96 in src/Events/Controllers/CollectController.cs

View check run for this annotation

Codecov / codecov/patch

src/Events/Controllers/CollectController.cs#L95-L96 

Added lines #L95 - L96 were not covered by tests
}
}
if (!ciphersCache.ContainsKey(eventModel.CipherId.Value))
{
Expand Down
Loading