[PM-25675] - fix NormalCipherPermissions.CanDelete

src/Core/Vault/Authorization/Permissions/NormalCipherPermissions.cs

@@ -14,7 +14,7 @@ public static bool CanDelete(User user, CipherDetails cipherDetails, Organizatio
             throw new Exception("Cipher needs to belong to a user or an organization.");
         }
 
-        if (user.Id == cipherDetails.UserId)
+        if (cipherDetails.OrganizationId == null && user.Id == cipherDetails.UserId)
         {
             return true;
         }

test/Api.Test/Vault/Controllers/CiphersControllerTests.cs

@@ -79,7 +79,7 @@ public async Task PutCollections_vNextShouldSaveUpdatedCipher(Guid id, CipherCol
         sutProvider.GetDependency<ICipherRepository>().GetByIdAsync(id, userId).ReturnsForAnyArgs(cipherDetails);
 
         sutProvider.GetDependency<ICollectionCipherRepository>().GetManyByUserIdCipherIdAsync(userId, id).Returns((ICollection<CollectionCipher>)new List<CollectionCipher>());
-        sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(new Dictionary<Guid, OrganizationAbility> { { cipherDetails.OrganizationId.Value, new OrganizationAbility() } });
+        sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(new Dictionary<Guid, OrganizationAbility> { { cipherDetails.OrganizationId.Value, new OrganizationAbility { Id = cipherDetails.OrganizationId.Value } } });
         var cipherService = sutProvider.GetDependency<ICipherService>();
 
         await sutProvider.Sut.PutCollections_vNext(id, model);
@@ -95,7 +95,7 @@ public async Task PutCollections_vNextReturnOptionalDetailsCipherUnavailableFals
         sutProvider.GetDependency<ICipherRepository>().GetByIdAsync(id, userId).ReturnsForAnyArgs(cipherDetails);
 
         sutProvider.GetDependency<ICollectionCipherRepository>().GetManyByUserIdCipherIdAsync(userId, id).Returns((ICollection<CollectionCipher>)new List<CollectionCipher>());
-        sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(new Dictionary<Guid, OrganizationAbility> { { cipherDetails.OrganizationId.Value, new OrganizationAbility() } });
+        sutProvider.GetDependency<IApplicationCacheService>().GetOrganizationAbilitiesAsync().Returns(new Dictionary<Guid, OrganizationAbility> { { cipherDetails.OrganizationId.Value, new OrganizationAbility { Id = cipherDetails.OrganizationId.Value } } });
 
         var result = await sutProvider.Sut.PutCollections_vNext(id, model);
 

test/Core.Test/Vault/Authorization/Permissions/NormalCipherPermissionTests.cs

@@ -74,7 +74,7 @@ public void CanRestore_WhenCipherDoesNotBelongToInputOrganization_ShouldThrowExc
         var cipherDetails = new CipherDetails { UserId = null, OrganizationId = Guid.NewGuid() };
 
         // Act
-        var exception = Assert.Throws<Exception>(() => NormalCipherPermissions.CanDelete(user, cipherDetails, organizationAbility));
+        var exception = Assert.Throws<Exception>(() => NormalCipherPermissions.CanRestore(user, cipherDetails, organizationAbility));
 
         // Assert
         Assert.Equal("Cipher does not belong to the input organization.", exception.Message);
@@ -92,11 +92,11 @@ public void CanDelete_WhenCipherIsOwnedByOrganization(
         // Arrange
         var user = new User { Id = Guid.Empty };
         var organizationId = Guid.NewGuid();
-        var cipherDetails = new CipherDetails { Manage = manage, Edit = edit, UserId = null, OrganizationId = organizationId };
+        var cipherDetails = new CipherDetails { Manage = manage, Edit = edit, UserId = user.Id, OrganizationId = organizationId };
         var organizationAbility = new OrganizationAbility { Id = organizationId, LimitItemDeletion = limitItemDeletion };
 
         // Act
-        var result = NormalCipherPermissions.CanRestore(user, cipherDetails, organizationAbility);
+        var result = NormalCipherPermissions.CanDelete(user, cipherDetails, organizationAbility);
 
         // Assert
         Assert.Equal(result, expectedResult);