diff options
| author | Daniel GarcĂa <[email protected]> | 2018-08-30 16:47:08 +0200 |
|---|---|---|
| committer | GitHub <[email protected]> | 2018-08-30 16:47:08 +0200 |
| commit | 0a3b84b81563361f8ab6a4b4b74693c7d0132ea5 (patch) | |
| tree | 1c6ad020b5a67a3f462c3f6f8bb499e21f15b28b | |
| parent | fe473b9e75342c76a2002f9a24bff4b218e91aae (diff) | |
| parent | d336d89b83906ed33c8774e9b191ca4b3c47b643 (diff) | |
| download | vaultwarden-0a3b84b81563361f8ab6a4b4b74693c7d0132ea5.tar.gz vaultwarden-0a3b84b81563361f8ab6a4b4b74693c7d0132ea5.zip | |
Merge pull request #165 from mprasil/shared_edit_fix
Fix editing shared cipher (fixes #164)
| -rw-r--r-- | src/api/core/ciphers.rs | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs index f7d74d86..f9e090cc 100644 --- a/src/api/core/ciphers.rs +++ b/src/api/core/ciphers.rs @@ -136,7 +136,9 @@ fn update_cipher_from_data(cipher: &mut Cipher, data: CipherData, headers: &Head if let Some(org_id) = data.OrganizationId { match UserOrganization::find_by_user_and_org(&headers.user.uuid, &org_id, &conn) { None => err!("You don't have permission to add item to organization"), - Some(org_user) => if shared_to_collection || org_user.has_full_access() { + Some(org_user) => if shared_to_collection + || org_user.has_full_access() + || cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) { cipher.organization_uuid = Some(org_id); cipher.user_uuid = None; } else { |