User with readonly access to collection entry can edit entry #145

New Issue

Closed

opened 2026-02-04 17:54:43 +03:00 by OVERLORD · 2 comments

OVERLORD commented 2026-02-04 17:54:43 +03:00

Owner

Copy Link

Originally created by @0xERR0R on GitHub (Dec 7, 2018).

Environment: last docker version

Given: User A creates an item and shares it to the default collection of organization. User B has only readonly access to this Collection

When: User B opens the shared item, he can edit it (in web vault), which is wrong. The item should apper as read only item. User B can click on save and gets error "an unexpected error is occured". Server log: "ERROR: Cipher is not write accessible".

So this is only a UIproblem, the item can't be changed

Originally created by @0xERR0R on GitHub (Dec 7, 2018). Environment: last docker version Given: User A creates an item and shares it to the default collection of organization. User B has only readonly access to this Collection When: User B opens the shared item, he can edit it (in web vault), which is wrong. The item should apper as read only item. User B can click on save and gets error "an unexpected error is occured". Server log: "ERROR: Cipher is not write accessible". So this is only a UIproblem, the item can't be changed

OVERLORD added the bug label 2026-02-04 17:54:43 +03:00

OVERLORD closed this issue 2026-02-04 17:54:46 +03:00

OVERLORD commented 2026-02-04 17:54:52 +03:00

Author

Owner

Copy Link

@dani-garcia commented on GitHub (Dec 9, 2018):

So, I made a quick test in the official web vault and the ui acts the same way. The server sends a field edit which is true when the cipher is editable, but the ui doesn't seem to reflect it.

For now, I fixed the errors in the latest beta so they show less generic messages in the clients.

@dani-garcia commented on GitHub (Dec 9, 2018): So, I made a quick test in the official web vault and the ui acts the same way. The server sends a field `edit` which is true when the cipher is editable, but the ui doesn't seem to reflect it. For now, I fixed the errors in the latest beta so they show less generic messages in the clients.

OVERLORD commented 2026-02-04 17:55:10 +03:00

Author

Owner

Copy Link

@mprasil commented on GitHub (Dec 10, 2018):

I think we can close this as one part of the problem is upstream and the other was fixed in beta.

@mprasil commented on GitHub (Dec 10, 2018): I think we can close this as one part of the problem is upstream and the other was fixed in beta.

OVERLORD referenced this issue 2026-02-05 04:49:48 +03:00

[PR #145] [MERGED] Organization update improvements #2604

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

troubleshooting

wontfix

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#145