[PR #1333] [MERGED] Fix collection access issues for owner/admin users #2948

New issue

Closed

opened 2026-03-03 09:09:04 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 09:09:04 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/1333
Author: @jjlin
Created: 1/27/2021
Status: ✅ Merged
Merged: 1/27/2021
Merged by: @BlackDex

Base: master ← Head: fix-manager-access

📝 Commits (1)

67c6570 Fix collection access issues for owner/admin users

📊 Changes

1 file changed (+7 additions, -7 deletions)

View changed files

📝 src/auth.rs (+7 -7)

📄 Description

The implementation of the Manager user type (#1242) introduced a regression
whereby owner/admin users are incorrectly denied access to certain collection
APIs if their access control for collections isn't set to "access all".

Owner/admin users should always have full access to collection APIs, per
https://bitwarden.com/help/article/user-types-access-control/#access-control:

Assigning Admins and Owners to Collections via Access Control will only
impact which Collections appear readily in the Filters section of their
Vault. Admins and Owners will always be able to access "un-assigned"
Collections via the Organization view.

Fixes #1307.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/1333 **Author:** [@jjlin](https://github.com/jjlin) **Created:** 1/27/2021 **Status:** ✅ Merged **Merged:** 1/27/2021 **Merged by:** [@BlackDex](https://github.com/BlackDex) **Base:** `master` ← **Head:** `fix-manager-access` --- ### 📝 Commits (1) - [`67c6570`](https://github.com/dani-garcia/vaultwarden/commit/67c657003df89c6005de0c4180d93ddfa792ba40) Fix collection access issues for owner/admin users ### 📊 Changes **1 file changed** (+7 additions, -7 deletions) <details> <summary>View changed files</summary> 📝 `src/auth.rs` (+7 -7) </details> ### 📄 Description The implementation of the `Manager` user type (#1242) introduced a regression whereby owner/admin users are incorrectly denied access to certain collection APIs if their access control for collections isn't set to "access all". Owner/admin users should always have full access to collection APIs, per https://bitwarden.com/help/article/user-types-access-control/#access-control: > Assigning Admins and Owners to Collections via Access Control will only > impact which Collections appear readily in the Filters section of their > Vault. Admins and Owners will always be able to access "un-assigned" > Collections via the Organization view. Fixes #1307. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>