Add entry to read-only collection: No error message #2138

New Issue

OVERLORD · 2025-10-09T17:47:15+03:00

OVERLORD commented

2025-10-09 17:47:15 +03:00

Originally created by @SebastianS90 on GitHub.

When I have read-only access to a collection and attempt to edit an entry, then I get an error message on save (which is fine).
But when I add an entry then it reports that it has been saved successfully, even in the log it says Outcome: Success for the /api/ciphers/create query. After reloading the vault, the entry disappears.

Server: mprasil/bitwarden:1.8.0-alpine

PS: Thank you so much for this amazing server implementation!

Originally created by @SebastianS90 on GitHub. When I have read-only access to a collection and attempt to edit an entry, then I get an error message on save (which is fine). But when I add an entry then it reports that it has been saved successfully, even in the log it says `Outcome: Success` for the `/api/ciphers/create` query. After reloading the vault, the entry disappears. Server: `mprasil/bitwarden:1.8.0-alpine` PS: Thank you so much for this amazing server implementation!

OVERLORD added the troubleshooting label 2025-10-09 17:47:15 +03:00

OVERLORD closed this issue

2025-10-09 17:47:16 +03:00

OVERLORD commented

2025-10-09 17:47:18 +03:00

@janost commented on GitHub:

I'm not able to reproduce this issue.

As a user who has RO access to the collection, attempting to add an item into the collection results in these log entries:

[2019-04-14 22:34:37][rocket::rocket][INFO] POST /api/ciphers/create application/json; charset=utf-8:
[2019-04-14 22:34:37][_][INFO] Matched: POST /api/ciphers/create (post_ciphers_create)
[2019-04-14 22:34:37][bitwarden_rs::error][ERROR] No rights to modify the collection. No rights to modify the collection
[2019-04-14 22:34:37][_][INFO] Outcome: Success
[2019-04-14 22:34:37][_][INFO] Response succeeded.

The web vault displays an error message ("No rights to modify the collection") and the item doesn't seem to be saved.

Can you please try the latest master build and if the problem still persists, can you please post reproduction steps?

@janost commented on GitHub: I'm not able to reproduce this issue. As a user who has RO access to the collection, attempting to add an item into the collection results in these log entries: ``` [2019-04-14 22:34:37][rocket::rocket][INFO] POST /api/ciphers/create application/json; charset=utf-8: [2019-04-14 22:34:37][_][INFO] Matched: POST /api/ciphers/create (post_ciphers_create) [2019-04-14 22:34:37][bitwarden_rs::error][ERROR] No rights to modify the collection. No rights to modify the collection [2019-04-14 22:34:37][_][INFO] Outcome: Success [2019-04-14 22:34:37][_][INFO] Response succeeded. ``` The web vault displays an error message ("No rights to modify the collection") and the item doesn't seem to be saved. Can you please try the latest master build and if the problem still persists, can you please post reproduction steps?

OVERLORD commented

2025-10-09 17:47:18 +03:00

@SebastianS90 commented on GitHub:

The new entries are saved, but not in any collection and therefore the user cannot see it. You might still want to fail the save action in that case (user has read-only access) to avoid confusion.

@SebastianS90 commented on GitHub: The new entries are saved, but not in any collection and therefore the user cannot see it. You might still want to fail the save action in that case (user has read-only access) to avoid confusion.

OVERLORD commented

2025-10-09 17:47:18 +03:00

@SebastianS90 commented on GitHub:

I cannot reproduce it with master anymore. So it probably has been fixed somewhere between the 1.8.0 release and current master.

@SebastianS90 commented on GitHub: I cannot reproduce it with master anymore. So it probably has been fixed somewhere between the `1.8.0` release and current master.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#2138