From d9c75508c20cc42be96cd2b1b7758ba89c63648a Mon Sep 17 00:00:00 2001 From: Mathijs van Veluw Date: Sun, 21 Dec 2025 18:51:58 +0100 Subject: [PATCH] Fix posting cipher with readonly collections (#6578) * Fix posting cipher with readonly collections This fix will check if a collection is writeable for the user, and if not error out early instead of creating the cipher first and leaving it. It will also save some database transactions. Fixes #6562 Signed-off-by: BlackDex * Adjust code to delete on error Signed-off-by: BlackDex --------- Signed-off-by: BlackDex --- src/api/core/ciphers.rs | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs index 237df116..f882c9d2 100644 --- a/src/api/core/ciphers.rs +++ b/src/api/core/ciphers.rs @@ -322,12 +322,6 @@ async fn post_ciphers_create( ) -> JsonResult { let mut data: ShareCipherData = data.into_inner(); - // Check if there are one more more collections selected when this cipher is part of an organization. - // err if this is not the case before creating an empty cipher. - if data.cipher.organization_id.is_some() && data.collection_ids.is_empty() { - err!("You must select at least one collection."); - } - // This check is usually only needed in update_cipher_from_data(), but we // need it here as well to avoid creating an empty cipher in the call to // cipher.save() below. @@ -345,7 +339,11 @@ async fn post_ciphers_create( // or otherwise), we can just ignore this field entirely. data.cipher.last_known_revision_date = None; - share_cipher_by_uuid(&cipher.uuid, data, &headers, &conn, &nt, None).await + let res = share_cipher_by_uuid(&cipher.uuid, data, &headers, &conn, &nt, None).await; + if res.is_err() { + cipher.delete(&conn).await?; + } + res } /// Called when creating a new user-owned cipher.