[PR #6017] [MERGED] fix: resolve group permission conflicts with multiple groups #3703

New issue

Closed

opened 2026-03-03 10:05:24 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 10:05:24 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/6017
Author: @DasCanard
Created: 7/3/2025
Status: ✅ Merged
Merged: 7/25/2025
Merged by: @BlackDex

Base: main ← Head: main

📝 Commits (5)

4bead95 fix: resolve group permission conflicts with multiple groups
518cc69 Update src/api/core/ciphers.rs
614c8be fix: format
3cffd0e fix: restrict collection manage permissions to managers only
f2a3bb7 refactor: cipher permission logic to prioritize user access

📊 Changes

3 files changed (+35 additions, -17 deletions)

View changed files

📝 src/api/core/ciphers.rs (+15 -5)
📝 src/db/models/cipher.rs (+15 -9)
📝 src/db/models/collection.rs (+5 -3)

📄 Description

When a user belonged to multiple groups with different permissions for the same collection, only the permissions from one group were applied instead of combining them properly. This caused users to see incorrect access levels when initially viewing collection items.

The fix combines permissions from all user groups by taking the most permissive settings:

read_only: false if ANY group allows write access
hide_passwords: false if ANY group allows password viewing
manage: true if ANY group allows management

This ensures users immediately see the correct permissions when opening collection entries, matching the behavior after editing and saving.

resolves #5590

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/6017 **Author:** [@DasCanard](https://github.com/DasCanard) **Created:** 7/3/2025 **Status:** ✅ Merged **Merged:** 7/25/2025 **Merged by:** [@BlackDex](https://github.com/BlackDex) **Base:** `main` ← **Head:** `main` --- ### 📝 Commits (5) - [`4bead95`](https://github.com/dani-garcia/vaultwarden/commit/4bead9586bc4c575ab15493a3e21cf94cb71c119) fix: resolve group permission conflicts with multiple groups - [`518cc69`](https://github.com/dani-garcia/vaultwarden/commit/518cc6906d1652777da5a4c794c158b0b3f6c318) Update src/api/core/ciphers.rs - [`614c8be`](https://github.com/dani-garcia/vaultwarden/commit/614c8be53bb01fc2df5e974eb26582a00da9d41f) fix: format - [`3cffd0e`](https://github.com/dani-garcia/vaultwarden/commit/3cffd0e31a47ca9fc8fdf9f184a442ddc709c1d5) fix: restrict collection manage permissions to managers only - [`f2a3bb7`](https://github.com/dani-garcia/vaultwarden/commit/f2a3bb705936c1499f5a72af749d416e573df971) refactor: cipher permission logic to prioritize user access ### 📊 Changes **3 files changed** (+35 additions, -17 deletions) <details> <summary>View changed files</summary> 📝 `src/api/core/ciphers.rs` (+15 -5) 📝 `src/db/models/cipher.rs` (+15 -9) 📝 `src/db/models/collection.rs` (+5 -3) </details> ### 📄 Description When a user belonged to multiple groups with different permissions for the same collection, only the permissions from one group were applied instead of combining them properly. This caused users to see incorrect access levels when initially viewing collection items. The fix combines permissions from all user groups by taking the most permissive settings: - read_only: false if ANY group allows write access - hide_passwords: false if ANY group allows password viewing - manage: true if ANY group allows management This ensures users immediately see the correct permissions when opening collection entries, matching the behavior after editing and saving. resolves #5590 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>