Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PM-11162] Assign to Collection Permission Update #4844

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

[PM-11162] Assign to Collection Permission Update #4844

wants to merge 4 commits into from
+56 −2

Conversation

Jingo88
Copy link
Contributor

@Jingo88 Jingo88 commented Oct 2, 2024
edited by jira bot
Loading

🎟️ Tracking

PM-11162

📔 Objective

Users with Can Edit Except Password will not be allowed to assign collections to ciphers

📸 Screenshots

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

@Jingo88 Jingo88 requested a review from a team as a code owner October 2, 2024 20:27
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 2, 2024
edited
Loading

Logo
Checkmarx One – Scan Summary & Detailsd4122b94-34bc-4330-bd9c-9985fb7b372b

New Issues

Severity Issue Source File / Package Checkmarx Insight
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1138 Attack Vector
MEDIUM Privacy_Violation /src/Api/Vault/Controllers/CiphersController.cs: 959 Attack Vector
LOW Log_Forging /src/Api/Vault/Controllers/CiphersController.cs: 951 Attack Vector

Fixed Issues

Severity Issue Source File / Package
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 189
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 140
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 121
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 107
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 107
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 121
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 929
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 530
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1085
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 647
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 676
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 189
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 140
MEDIUM Privacy_Violation /src/Api/Vault/Models/Request/CipherRequestModel.cs: 198
MEDIUM Privacy_Violation /src/Api/Vault/Models/Request/CipherRequestModel.cs: 198
LOW Log_Forging /src/Api/Vault/Controllers/CiphersController.cs: 170
LOW Log_Forging /src/Api/Vault/Controllers/CiphersController.cs: 155
LOW Log_Forging /src/Api/Vault/Controllers/CiphersController.cs: 574
LOW Log_Forging /src/Api/Vault/Controllers/CiphersController.cs: 553
LOW Log_Forging /src/Api/Vault/Controllers/CiphersController.cs: 530
LOW Log_Forging /src/Api/Vault/Controllers/CiphersController.cs: 155
LOW Log_Forging /src/Api/Vault/Controllers/CiphersController.cs: 170
LOW Log_Forging /src/Api/Vault/Controllers/CiphersController.cs: 603

shane-melton
shane-melton requested changes Oct 3, 2024
View reviewed changes
Copy link
Member

@shane-melton shane-melton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good, but looks like we need to update CipherController tests.

@codecov Codecov
Copy link

codecov bot commented Oct 4, 2024

Codecov Report

Attention: Patch coverage is 3.33333% with 29 lines in your changes missing coverage. Please review.

Project coverage is 41.55%. Comparing base (f3f81de) to head (0df254a).
Report is 6 commits behind head on main.

Files with missing lines Patch % Lines
src/Api/Vault/Controllers/CiphersController.cs 3.33% 29 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4844      +/-   ##
==========================================
- Coverage   42.01%   41.55%   -0.46%     
==========================================
  Files        1337     1357      +20     
  Lines       63273    64084     +811     
  Branches     5836     5895      +59     
==========================================
+ Hits        26585    26631      +46     
- Misses      35471    36236     +765     
  Partials     1217     1217

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cd-bitwarden cd-bitwarden Awaiting requested review from cd-bitwarden cd-bitwarden is a code owner automatically assigned from bitwarden/team-vault-dev

@shane-melton shane-melton Awaiting requested review from shane-melton

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
needs-qa
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Jingo88 @shane-melton