[AC-1104] [AC-1265] Allow custom users with import/export permission to get export organization ciphers (#2837)

* [AC-1265] Allow users with custom import/export permission to get organization ciphers * [AC-1104] Fix to allow custom users with import/export permission to access all collections/ciphers in their organization * [AC-1104] Remove redundant OrganizationAdmin checks
3 years ago · 767993e266
2 changed files with 6 additions and 6 deletions
--- a/src/Core/Services/Implementations/CollectionService.cs
+++ b/src/Core/Services/Implementations/CollectionService.cs
@ -98,15 +98,15 @@ public class CollectionService : ICollectionService
				@@ -98,15 +98,15 @@ public class CollectionService : ICollectionService

    public async Task<IEnumerable<Collection>> GetOrganizationCollections(Guid organizationId)
    {
-        if (!await _currentContext.ViewAllCollections(organizationId) && !await _currentContext.ManageUsers(organizationId) && !await _currentContext.ManageGroups(organizationId))
+        if (!await _currentContext.ViewAllCollections(organizationId) && !await _currentContext.ManageUsers(organizationId) && !await _currentContext.ManageGroups(organizationId) && !await _currentContext.AccessImportExport(organizationId))
        {
            throw new NotFoundException();
        }

        IEnumerable<Collection> orgCollections;
-        if (await _currentContext.OrganizationAdmin(organizationId) || await _currentContext.ViewAllCollections(organizationId))
+        if (await _currentContext.ViewAllCollections(organizationId) || await _currentContext.AccessImportExport(organizationId))
        {
-            // Admins, Owners, Providers and Custom (with collection management permissions) can access all items even if not assigned to them
+            // Admins, Owners, Providers and Custom (with collection management or import/export permissions) can access all items even if not assigned to them
            orgCollections = await _collectionRepository.GetManyByOrganizationIdAsync(organizationId);
        }
        else
--- a/src/Core/Vault/Services/Implementations/CipherService.cs
+++ b/src/Core/Vault/Services/Implementations/CipherService.cs
@ -870,15 +870,15 @@ public class CipherService : ICipherService
				@@ -870,15 +870,15 @@ public class CipherService : ICipherService

    public async Task<(IEnumerable<CipherOrganizationDetails>, Dictionary<Guid, IGrouping<Guid, CollectionCipher>>)> GetOrganizationCiphers(Guid userId, Guid organizationId)
    {
-        if (!await _currentContext.ViewAllCollections(organizationId) && !await _currentContext.AccessReports(organizationId))
+        if (!await _currentContext.ViewAllCollections(organizationId) && !await _currentContext.AccessReports(organizationId) && !await _currentContext.AccessImportExport(organizationId))
        {
            throw new NotFoundException();
        }

        IEnumerable<CipherOrganizationDetails> orgCiphers;
-        if (await _currentContext.OrganizationAdmin(organizationId))
+        if (await _currentContext.AccessImportExport(organizationId))
        {
-            // Admins, Owners and Providers can access all items even if not assigned to them
+            // Admins, Owners, Providers and Custom (with import/export permission) can access all items even if not assigned to them
            orgCiphers = await _cipherRepository.GetManyOrganizationDetailsByOrganizationIdAsync(organizationId);
        }
        else