[GH-ISSUE #276] User with readonly access to collection entry can edit entry #145

New issue

Closed

opened 2026-03-03 01:25:48 +03:00 by kerem · 2 comments

kerem commented

2026-03-03 01:25:48 +03:00

Owner

Originally created by @0xERR0R on GitHub (Dec 7, 2018).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/276

Environment: last docker version

Given: User A creates an item and shares it to the default collection of organization. User B has only readonly access to this Collection

When: User B opens the shared item, he can edit it (in web vault), which is wrong. The item should apper as read only item. User B can click on save and gets error "an unexpected error is occured". Server log: "ERROR: Cipher is not write accessible".

So this is only a UIproblem, the item can't be changed

Originally created by @0xERR0R on GitHub (Dec 7, 2018). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/276 Environment: last docker version Given: User A creates an item and shares it to the default collection of organization. User B has only readonly access to this Collection When: User B opens the shared item, he can edit it (in web vault), which is wrong. The item should apper as read only item. User B can click on save and gets error "an unexpected error is occured". Server log: "ERROR: Cipher is not write accessible". So this is only a UIproblem, the item can't be changed

kerem

2026-03-03 01:25:48 +03:00

closed this issue
added the
bug
label

kerem commented

2026-03-03 01:25:49 +03:00

Author

Owner

@dani-garcia commented on GitHub (Dec 9, 2018):

So, I made a quick test in the official web vault and the ui acts the same way. The server sends a field edit which is true when the cipher is editable, but the ui doesn't seem to reflect it.

For now, I fixed the errors in the latest beta so they show less generic messages in the clients.

@dani-garcia commented on GitHub (Dec 9, 2018): So, I made a quick test in the official web vault and the ui acts the same way. The server sends a field `edit` which is true when the cipher is editable, but the ui doesn't seem to reflect it. For now, I fixed the errors in the latest beta so they show less generic messages in the clients.

kerem commented

2026-03-03 01:25:49 +03:00

Author

Owner

@mprasil commented on GitHub (Dec 10, 2018):

I think we can close this as one part of the problem is upstream and the other was fixed in beta.

@mprasil commented on GitHub (Dec 10, 2018): I think we can close this as one part of the problem is upstream and the other was fixed in beta.

kerem referenced this issue

2026-03-03 02:20:08 +03:00

[PR #145] [MERGED] Organization update improvements #2634