Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PM-17732] initial thoughts on how to determine if the user has actual can manage… #5416

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

[PM-17732] initial thoughts on how to determine if the user has actual can manage… #5416

wants to merge 1 commit into from

Conversation

cd-bitwarden
Copy link
Contributor

… permissions on a cipher they are trying to delete

🎟️ Tracking

📔 Objective

📸 Screenshots

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

@cd-bitwarden
inital thoughts on how to determine if the user has actual can manage…
7cccb5f 
… permissions on a cipher they are trying to delete
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-actions GitHub Actions
Copy link
Contributor

Logo
Checkmarx One – Scan Summary & Details4f32e9a4-8704-4bf3-86ab-d719f817b1b7

Fixed Issues (228)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
MEDIUM CSRF /src/Billing/Controllers/StripeController.cs: 176
MEDIUM CSRF /src/Api/Tools/Controllers/OrganizationExportController.cs: 53
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 982
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 989
MEDIUM CSRF /src/Billing/Controllers/StripeController.cs: 164
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 649
MEDIUM CSRF /src/Api/Auth/Controllers/TwoFactorController.cs: 108
MEDIUM CSRF /src/Api/Auth/Controllers/TwoFactorController.cs: 406
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 764
MEDIUM CSRF /src/Billing/Controllers/RecoveryController.cs: 38
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 914
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 513
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 236
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 366
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 497
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 493
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 937
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 261
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 320
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 391
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 163
MEDIUM CSRF /src/Api/Controllers/SettingsController.cs: 36
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 545
MEDIUM CSRF /src/Api/Billing/Controllers/InvoicesController.cs: 16
MEDIUM CSRF /src/Api/Controllers/LicensesController.cs: 44
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 659
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 659
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 659
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 659
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1153
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1153
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1153
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 563
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 106
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1050
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1076
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1099
MEDIUM CSRF /src/Api/Billing/Controllers/OrganizationsController.cs: 110
MEDIUM CSRF /src/Api/Billing/Controllers/OrganizationsController.cs: 52
MEDIUM CSRF /src/Identity/Controllers/SsoController.cs: 41
MEDIUM CSRF /src/Api/SecretsManager/Controllers/AccessPoliciesController.cs: 266
MEDIUM CSRF /src/Api/Public/Controllers/CollectionsController.cs: 64
MEDIUM CSRF /src/Api/Controllers/SelfHosted/SelfHostedOrganizationLicensesController.cs: 51
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 247
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 128
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 119
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 99
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 61
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: 42
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: 142
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: 126
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: 114
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: 75
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProvidersController.cs: 72
MEDIUM CSRF /bitwarden_license/src/Sso/Controllers/AccountController.cs: 240
MEDIUM CSRF /bitwarden_license/src/Sso/Controllers/AccountController.cs: 167
MEDIUM CSRF /bitwarden_license/src/Sso/Controllers/AccountController.cs: 100
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 143
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 171
MEDIUM CSRF /src/Api/Public/Controllers/CollectionsController.cs: 87
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 630
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 609
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 609
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 630
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 630
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 630
MEDIUM CSRF /src/Api/SecretsManager/Controllers/AccessPoliciesController.cs: 266
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProvidersController.cs: 72
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 609
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 609
MEDIUM CSRF /src/Admin/AdminConsole/Controllers/ProvidersController.cs: 450
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 164
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 238
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 392
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 392
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 625
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 696
MEDIUM CSRF /src/Api/Controllers/SelfHosted/SelfHostedOrganizationLicensesController.cs: 51
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: 42
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: 142
MEDIUM CSRF /src/Api/Public/Controllers/CollectionsController.cs: 64
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 124
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 127
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 128
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 119
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 264
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 360
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 377
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 99
MEDIUM CSRF /bitwarden_license/src/Scim/Controllers/v2/UsersController.cs: 47
MEDIUM CSRF /bitwarden_license/src/Sso/Controllers/AccountController.cs: 100
MEDIUM CSRF /bitwarden_license/src/Sso/Controllers/AccountController.cs: 167
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 110
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 480
MEDIUM CSRF /src/Admin/AdminConsole/Controllers/OrganizationsController.cs: 375
MEDIUM CSRF /src/Admin/AdminConsole/Controllers/ProvidersController.cs: 375
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 347
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 347
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 173
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1099
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1099
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 586
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1076
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1076
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 220
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 997
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 959
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 361
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 854
MEDIUM CSRF /bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 104
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1133
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 209
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 855
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 192
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 777
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 840
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1050
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1050
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: 175
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: 188
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 220
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 573
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 573
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 586
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 173
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 158
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 143
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 173
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 927
MEDIUM CSRF /bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 94
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 133
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 292
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 192
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 815
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 751
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 292
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 708
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 247
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 392
MEDIUM CSRF /src/Identity/Controllers/SsoController.cs: 41
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 737
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 192
MEDIUM CSRF /bitwarden_license/src/Sso/Controllers/AccountController.cs: 240
MEDIUM CSRF /src/Admin/AdminConsole/Controllers/ProvidersController.cs: 408
MEDIUM CSRF /src/Admin/AdminConsole/Controllers/ProvidersController.cs: 432
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 61
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 204
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 271
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 344
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 407
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 474
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 306
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: 75
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: 114
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: 126
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 545
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 579
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 723
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 746

More results are available on the CxOne platform

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@cd-bitwarden