vaultwarden
/
bitwarden-estensione-browser
mirror of https://github.com/bitwarden/browser
1
0
Fork 0
Code Issues 1 Releases Wiki Activity

Validate permissions before API calls (#1098) 

Manage users is required to list provider users. If this permission is
missing the event is listed as done by the provider name
This commit is contained in:
Matt Gibson 2021-07-28 11:40:01 -05:00 committed by GitHub
parent 851a53ec31
commit 4119713ace
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/app/organizations/manage/events.component.ts
View File

@ -59,12 +59,19 @@ export class EventsComponent extends BaseEventsComponent implements OnInit {
this.orgUsersUserIdMap.set(u.userId, { name: name, email: u.email }); this.orgUsersUserIdMap.set(u.userId, { name: name, email: u.email });
}); });
if (this.organization.providerId != null && (await this.userService.getProvider(this.organization.providerId)) != null) { if (this.organization.providerId != null) {
const providerUsersResponse = await this.apiService.getProviderUsers(this.organization.providerId); try {
providerUsersResponse.data.forEach(u => { const provider = await this.userService.getProvider(this.organization.providerId);
const name = this.userNamePipe.transform(u); if (provider != null && (await this.userService.getProvider(this.organization.providerId)).canManageUsers) {
this.orgUsersUserIdMap.set(u.userId, { name: `${name} (${this.organization.providerName})`, email: u.email }); const providerUsersResponse = await this.apiService.getProviderUsers(this.organization.providerId);
}); providerUsersResponse.data.forEach(u => {
const name = this.userNamePipe.transform(u);
this.orgUsersUserIdMap.set(u.userId, { name: `${name} (${this.organization.providerName})`, email: u.email });
});
}
} catch (e) {
this.logService.warning(e);
}
} }
await this.loadEvents(true); await this.loadEvents(true);