starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-12-10 01:10:09 +03:00
Code Issues 429 Packages Projects Releases 10 Wiki Activity

User with readonly access to collection entry can edit entry #2269

New Issue
Closed
opened 2025-10-09 17:54:17 +03:00 by OVERLORD · 2 comments
OVERLORD commented 2025-10-09 17:54:17 +03:00
Owner
Copy Link

Originally created by @0xERR0R on GitHub.

Environment: last docker version

Given: User A creates an item and shares it to the default collection of organization. User B has only readonly access to this Collection

When: User B opens the shared item, he can edit it (in web vault), which is wrong. The item should apper as read only item. User B can click on save and gets error "an unexpected error is occured". Server log: "ERROR: Cipher is not write accessible".

So this is only a UIproblem, the item can't be changed

Originally created by @0xERR0R on GitHub. Environment: last docker version Given: User A creates an item and shares it to the default collection of organization. User B has only readonly access to this Collection When: User B opens the shared item, he can edit it (in web vault), which is wrong. The item should apper as read only item. User B can click on save and gets error "an unexpected error is occured". Server log: "ERROR: Cipher is not write accessible". So this is only a UIproblem, the item can't be changed
OVERLORD added the bug label 2025-10-09 17:54:17 +03:00
OVERLORD commented 2025-10-09 17:54:20 +03:00
Author
Owner
Copy Link

@dani-garcia commented on GitHub:

So, I made a quick test in the official web vault and the ui acts the same way. The server sends a field edit which is true when the cipher is editable, but the ui doesn't seem to reflect it.

For now, I fixed the errors in the latest beta so they show less generic messages in the clients.

@dani-garcia commented on GitHub: So, I made a quick test in the official web vault and the ui acts the same way. The server sends a field `edit` which is true when the cipher is editable, but the ui doesn't seem to reflect it. For now, I fixed the errors in the latest beta so they show less generic messages in the clients.
OVERLORD commented 2025-10-09 17:54:20 +03:00
Author
Owner
Copy Link

@mprasil commented on GitHub:

I think we can close this as one part of the problem is upstream and the other was fixed in beta.

@mprasil commented on GitHub: I think we can close this as one part of the problem is upstream and the other was fixed in beta.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
bug
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
troubleshooting
wontfix
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#2269
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?