[EC-276] Admin with custom permission is unable to manage all collections (#2143)

* Updated CollectionService.GetOrganizationCollections to check if the user has permissions to view all collections

Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com>
pull/2154/head
Rui Tomé 2 years ago committed by GitHub
parent 169a4381dd
commit 038d5e7734
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -124,9 +124,9 @@ namespace Bit.Core.Services
}
IEnumerable<Collection> orgCollections;
if (await _currentContext.OrganizationAdmin(organizationId))
if (await _currentContext.OrganizationAdmin(organizationId) || await _currentContext.ViewAllCollections(organizationId))
{
// Admins, Owners and Providers can access all items even if not assigned to them
// Admins, Owners, Providers and Custom (with collection management permissions) can access all items even if not assigned to them
orgCollections = await _collectionRepository.GetManyByOrganizationIdAsync(organizationId);
}
else

Loading…
Cancel
Save