“Can edit” becomes ”Can manage” #227

New Issue

AtHeartEngineer · 2025-07-08T08:43:33-04:00

AtHeartEngineer commented

2025-07-08 08:43:33 -04:00

Originally created by @sbdiun on 1/29/2025

Vaultwarden Support String

Your environment (Generated via diagnostics page)

Vaultwarden version: v1.33.0
Web-vault version: v2025.1.1
OS/Arch: linux/x86_64
Running within a container: true (Base: Alpine)
Database type: MySQL
Database version: 8.0.36
Environment settings overridden!: true
Uses a reverse proxy: true
IP Header check: false (X-Forwarded-For)
Internet access: true
Internet access via a proxy: false
DNS Check: true
Browser/Server Time Check: true
Server/NTP Time Check: true
Domain Configuration Check: true
HTTPS Check: true
Websocket Check: false
HTTP Response Checks: true

Config & Details (Generated via diagnostics page)

Show Config & Details

Environment settings which are overridden: DOMAIN, TRASH_AUTO_DELETE_DAYS, SIGNUPS_ALLOWED, ORG_CREATION_USERS, YUBICO_CLIENT_ID, YUBICO_SECRET_KEY, SMTP_HOST, SMTP_PORT, SMTP_FROM, SMTP_FROM_NAME

Config:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": true,
  "_enable_smtp": false,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "***:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "*****://*******************************************************************************************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://**********************************",
  "domain_origin": "*****://**********************************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": 30,
  "experimental_client_feature_flags": "fido2-vault-credentials",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "http_request_block_non_global_ips": true,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 720,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "*****************************,******************************",
  "org_events_enabled": true,
  "org_groups_enabled": true,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "push_enabled": false,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "*************************",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "",
  "smtp_password": null,
  "smtp_port": 25,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": null,
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": 30,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": "105067",
  "yubico_secret_key": "***",
  "yubico_server": null
}

Vaultwarden Build Version

1.33.0

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

Apache 2.4.62-1.el9_5.2

Host/Server Operating System

Linux

Operating System Version

AlmaLinux 9.5 (Teal Serval)

Clients

Web Vault

Client Version

v2025.1.1

Steps To Reproduce

Select a collection
Open the "Access" page
Ensure a User/group is configured
Set permission to "Can edit"
Click on "Save"
Re-Open the "Access" page

Expected Result

It is expected that the “Can edit” right is still displayed for the user/group.

Actual Result

“Can manage” is written as permission.

If you check in another session with one of the users who is in the group whether they have the “Can manage” right, you will see that the desired “Can edit” right is active (so you cannot change anything in the collection information or access)

But if you click on “Save”, the user/group really gets the right “Can manage” - which can easily be overseen if, for example, you actually want to add a new group

Logs

Screenshots or Videos

[2025-01-29 15:45:11.280][request][INFO] GET /api/organizations/d09fb8b4-29e9-4cf8-af62-f92f7fc3d4bb/groups
[2025-01-29 15:45:11.281][request][INFO] GET /api/organizations/d09fb8b4-29e9-4cf8-af62-f92f7fc3d4bb/collections/details
[2025-01-29 15:45:11.282][request][INFO] GET /api/organizations/d09fb8b4-29e9-4cf8-af62-f92f7fc3d4bb/users/mini-details
[2025-01-29 15:45:11.287][response][INFO] (get_org_user_mini_details) GET /api/organizations/<org_id>/users/mini-details => 200 OK
[2025-01-29 15:45:11.288][response][INFO] (get_groups) GET /api/organizations/<org_id>/groups => 200 OK
[2025-01-29 15:45:11.304][response][INFO] (get_org_collections_details) GET /api/organizations/<org_id>/collections/details => 200 OK
[2025-01-29 15:45:19.574][request][INFO] PUT /api/organizations/d09fb8b4-29e9-4cf8-af62-f92f7fc3d4bb/collections/1b052b32-15ba-4767-8af2-7c48c533e780
[2025-01-29 15:45:19.608][response][INFO] (put_organization_collection_update) PUT /api/organizations/<org_id>/collections/<col_id> => 200 OK
[2025-01-29 15:45:29.974][request][INFO] GET /api/organizations/d09fb8b4-29e9-4cf8-af62-f92f7fc3d4bb/groups
[2025-01-29 15:45:29.978][response][INFO] (get_groups) GET /api/organizations/<org_id>/groups => 200 OK
[2025-01-29 15:45:30.013][request][INFO] GET /api/organizations/d09fb8b4-29e9-4cf8-af62-f92f7fc3d4bb/users/mini-details
[2025-01-29 15:45:30.017][response][INFO] (get_org_user_mini_details) GET /api/organizations/<org_id>/users/mini-details => 200 OK
[2025-01-29 15:45:30.051][request][INFO] GET /api/organizations/d09fb8b4-29e9-4cf8-af62-f92f7fc3d4bb/collections/details
[2025-01-29 15:45:30.074][response][INFO] (get_org_collections_details) GET /api/organizations/<org_id>/collections/details => 200 OK
[2025-01-29 15:45:34.031][request][INFO] PUT /api/organizations/d09fb8b4-29e9-4cf8-af62-f92f7fc3d4bb/collections/1b052b32-15ba-4767-8af2-7c48c533e780
[2025-01-29 15:45:34.061][response][INFO] (put_organization_collection_update) PUT /api/organizations/<org_id>/collections/<col_id> => 200 OK

No event log was found.

Additional Context

No response

*Originally created by @sbdiun on 1/29/2025* ### Vaultwarden Support String ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.33.0 * Web-vault version: v2025.1.1 * OS/Arch: linux/x86_64 * Running within a container: true (Base: Alpine) * Database type: MySQL * Database version: 8.0.36 * Environment settings overridden!: true * Uses a reverse proxy: true * IP Header check: false (X-Forwarded-For) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Websocket Check: false * HTTP Response Checks: true ### Config & Details (Generated via diagnostics page) <details><summary>Show Config & Details</summary> **Environment settings which are overridden:** DOMAIN, TRASH_AUTO_DELETE_DAYS, SIGNUPS_ALLOWED, ORG_CREATION_USERS, YUBICO_CLIENT_ID, YUBICO_SECRET_KEY, SMTP_HOST, SMTP_PORT, SMTP_FROM, SMTP_FROM_NAME **Config:** ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": true, "_enable_smtp": false, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "***:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_connect_src": "", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "*****://*******************************************************************************************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://**********************************", "domain_origin": "*****://**********************************", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "enforce_single_org_with_reset_pw_policy": false, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": 30, "experimental_client_feature_flags": "fido2-vault-credentials", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "increase_note_size_limit": false, "invitation_expiration_hours": 720, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "*****************************,******************************", "org_events_enabled": true, "org_groups_enabled": true, "password_hints_allowed": true, "password_iterations": 600000, "push_enabled": false, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "*************************", "smtp_from_name": "Vaultwarden", "smtp_host": "", "smtp_password": null, "smtp_port": 25, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": null, "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": 30, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": "105067", "yubico_secret_key": "***", "yubico_server": null } ``` </details> ### Vaultwarden Build Version 1.33.0 ### Deployment method Official Container Image ### Custom deployment method _No response_ ### Reverse Proxy Apache 2.4.62-1.el9_5.2 ### Host/Server Operating System Linux ### Operating System Version AlmaLinux 9.5 (Teal Serval) ### Clients Web Vault ### Client Version v2025.1.1 ### Steps To Reproduce 1. Select a collection 2. Open the "Access" page 3. Ensure a User/group is configured 4. Set permission to "Can edit" 5. Click on "Save" 6. Re-Open the "Access" page ### Expected Result It is expected that the “Can edit” right is still displayed for the user/group. ### Actual Result “Can manage” is written as permission. If you check in another session with one of the users who is in the group whether they have the “Can manage” right, you will see that the desired “Can edit” right is active (so you cannot change anything in the collection information or access) But if you click on “Save”, the user/group really gets the right “Can manage” - which can easily be overseen if, for example, you actually want to add a new group ### Logs ```text ``` ### Screenshots or Videos [2025-01-29 15:45:11.280][request][INFO] GET /api/organizations/d09fb8b4-29e9-4cf8-af62-f92f7fc3d4bb/groups [2025-01-29 15:45:11.281][request][INFO] GET /api/organizations/d09fb8b4-29e9-4cf8-af62-f92f7fc3d4bb/collections/details [2025-01-29 15:45:11.282][request][INFO] GET /api/organizations/d09fb8b4-29e9-4cf8-af62-f92f7fc3d4bb/users/mini-details [2025-01-29 15:45:11.287][response][INFO] (get_org_user_mini_details) GET /api/organizations/<org_id>/users/mini-details => 200 OK [2025-01-29 15:45:11.288][response][INFO] (get_groups) GET /api/organizations/<org_id>/groups => 200 OK [2025-01-29 15:45:11.304][response][INFO] (get_org_collections_details) GET /api/organizations/<org_id>/collections/details => 200 OK [2025-01-29 15:45:19.574][request][INFO] PUT /api/organizations/d09fb8b4-29e9-4cf8-af62-f92f7fc3d4bb/collections/1b052b32-15ba-4767-8af2-7c48c533e780 [2025-01-29 15:45:19.608][response][INFO] (put_organization_collection_update) PUT /api/organizations/<org_id>/collections/<col_id> => 200 OK [2025-01-29 15:45:29.974][request][INFO] GET /api/organizations/d09fb8b4-29e9-4cf8-af62-f92f7fc3d4bb/groups [2025-01-29 15:45:29.978][response][INFO] (get_groups) GET /api/organizations/<org_id>/groups => 200 OK [2025-01-29 15:45:30.013][request][INFO] GET /api/organizations/d09fb8b4-29e9-4cf8-af62-f92f7fc3d4bb/users/mini-details [2025-01-29 15:45:30.017][response][INFO] (get_org_user_mini_details) GET /api/organizations/<org_id>/users/mini-details => 200 OK [2025-01-29 15:45:30.051][request][INFO] GET /api/organizations/d09fb8b4-29e9-4cf8-af62-f92f7fc3d4bb/collections/details [2025-01-29 15:45:30.074][response][INFO] (get_org_collections_details) GET /api/organizations/<org_id>/collections/details => 200 OK [2025-01-29 15:45:34.031][request][INFO] PUT /api/organizations/d09fb8b4-29e9-4cf8-af62-f92f7fc3d4bb/collections/1b052b32-15ba-4767-8af2-7c48c533e780 [2025-01-29 15:45:34.061][response][INFO] (put_organization_collection_update) PUT /api/organizations/<org_id>/collections/<col_id> => 200 OK No event log was found. ### Additional Context _No response_

AtHeartEngineer closed this issue

2025-07-08 08:43:33 -04:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#227