prevent managers from creating collections (#6890)

managers without the access_all flag should not be able to create collections. the manage all collections permission actually consists of three separate custom permissions that have not been implemented yet for more fine-grain access control.
2026-05-24 04:50:20 +03:00 · 2026-04-05 22:39:33 +02:00
parent 2811df2953
commit d29cd29f55
2 changed files with 6 additions and 5 deletions
@@ -514,7 +514,8 @@ impl Membership {
            "familySponsorshipValidUntil": null,
            "familySponsorshipToDelete": null,
            "accessSecretsManager": false,
-            "limitCollectionCreation": self.atype < MembershipType::Manager, // If less then a manager return true, to limit collection creations
+            // limit collection creation to managers with access_all permission to prevent issues
+            "limitCollectionCreation": self.atype < MembershipType::Manager || !self.access_all,
            "limitCollectionDeletion": true,
            "limitItemDeletion": false,
            "allowAdminAccessToAllCollectionItems": true,