saret/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-10-31 02:08:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

improve permission check for collections (#6278)

Browse Source
This commit is contained in:
Stefan Melmuk
2025-10-13 21:14:53 +02:00
committed by GitHub
parent b1d84298cc
commit a79cd40ea9
2 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/api/core/ciphers.rs
View File

@@ -773,8 +773,8 @@ async fn post_collections_update(
err!("Cipher doesn't exist")
};
if !cipher.is_write_accessible_to_user(&headers.user.uuid, &mut conn).await {
err!("Cipher is not write accessible")
if !cipher.is_in_editable_collection_by_user(&headers.user.uuid, &mut conn).await {
err!("Collection cannot be changed")
}
let posted_collections = HashSet::<CollectionId>::from_iter(data.collection_ids);
@@ -850,8 +850,8 @@ async fn post_collections_admin(
err!("Cipher doesn't exist")
};
if !cipher.is_write_accessible_to_user(&headers.user.uuid, &mut conn).await {
err!("Cipher is not write accessible")
if !cipher.is_in_editable_collection_by_user(&headers.user.uuid, &mut conn).await {
err!("Collection cannot be changed")
}
let posted_collections = HashSet::<CollectionId>::from_iter(data.collection_ids);