You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add another user "U" (any name is fine) to the organisation (as a regular user)
Create(or use existing) collection "C" (any name is fine : in my screenshot collection is named PASSWORD_RO)
Create(or use existing) group "G" (any name is fine : in my test named GRP_RO)
4.1. Give permission of that collection "C" to the group "G" with Read Only access
4.2. Assign the user "U" to the group "G"
4.3. Make sure that the user "U" does not have direct permission on the collection "C". In other words: the permission should be configured via the group only!
Login as user "U"
5.1. Add a new entry to the collection "C", "C" is shown even if the group is in RO access
5.2 Save the entry -> Error message No rights to modify the collection
5.3 A blanck entry is created automatically with nothing inside in the user "U" vault (see screenshot)
Expected behaviour
User can't select the collection "C" with rights read only (assign by a group)
This is already working for rights directly applied on user (user can't select collection with read only access)
Actual behaviour
User "U" can select a collection "C" with rights read only (assign by a group) and create automatically a trash entry in his personnal vault
Troubleshooting data
Vaultwarden Log :
vaultwarden | [2023-02-16 10:15:48.252][request][INFO] POST /api/ciphers/create
vaultwarden | [2023-02-16 10:15:48.279][vaultwarden::api::core::ciphers][ERROR] No rights to modify the collection
vaultwarden | [2023-02-16 10:15:48.279][response][INFO] (post_ciphers_create) POST /api/ciphers/create => 400 Bad Request
Trash entry created :
Collection available list when creating entry with rights applied on groups
Collection available list when creating entry with right applied directly to user (Expected behaviour with group)
The text was updated successfully, but these errors were encountered:
Subject of the issue
Read Only rights issue with Groups generating trash entry on user vault (with the groups beta feature enabled).
Deployment environment
Install method: Custom Built with docker with last allow editing/unhiding by group #3108 Merge (same issue with docker vaultwarden/server:testing )
Clients used: web vault
Reverse proxy and version: No
MySQL/MariaDB or PostgreSQL version: MariaDB 10.10.2 , Same issue with Sqlite
Environment settings:
Steps to reproduce
4.1. Give permission of that collection "C" to the group "G" with Read Only access
4.2. Assign the user "U" to the group "G"
4.3. Make sure that the user "U" does not have direct permission on the collection "C". In other words: the permission should be configured via the group only!
5.1. Add a new entry to the collection "C", "C" is shown even if the group is in RO access
5.2 Save the entry -> Error message
No rights to modify the collection
5.3 A blanck entry is created automatically with nothing inside in the user "U" vault (see screenshot)
Expected behaviour
User can't select the collection "C" with rights read only (assign by a group)
This is already working for rights directly applied on user (user can't select collection with read only access)
Actual behaviour
User "U" can select a collection "C" with rights read only (assign by a group) and create automatically a trash entry in his personnal vault
Troubleshooting data
Trash entry created :
Collection available list when creating entry with rights applied on groups
Collection available list when creating entry with right applied directly to user (Expected behaviour with group)
The text was updated successfully, but these errors were encountered: