topaLE
/
vaultwarden
mirror of https://github.com/dani-garcia/vaultwarden
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

group full access cached

pull/2667/head
MFijak 3 years ago
parent
909477a304
commit
0da96cace0
3 changed files with 24 additions and 21 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      src/api/core/ciphers.rs
  2. 10
      src/db/models/cipher.rs
  3. 23
      src/db/models/group.rs

12
src/api/core/ciphers.rs
View File

@ -1498,7 +1498,7 @@ pub struct CipherSyncData {
pub user_organizations: HashMap<String, UserOrganization>, pub user_organizations: HashMap<String, UserOrganization>,
pub user_collections: HashMap<String, CollectionUser>, pub user_collections: HashMap<String, CollectionUser>,
pub user_collections_groups: HashMap<String, CollectionGroup>, pub user_collections_groups: HashMap<String, CollectionGroup>,
pub user_groups: HashMap<String, Group>, pub user_group_full_access_for_organizations: HashSet<String>,
} }
pub enum CipherSyncType { pub enum CipherSyncType {
@ -1560,11 +1560,9 @@ impl CipherSyncData {
.collect() .collect()
.await; .await;
// Generate a HashMap with the group.uuid as key and the Group record // Get all organizations that the user has full access to via group assignement
let user_groups = stream::iter(Group::find_by_user(user_uuid, conn).await) let user_group_full_access_for_organizations =
.map(|group| (group.uuid.clone(), group)) stream::iter(Group::gather_user_organizations_full_access(user_uuid, conn).await).collect().await;
.collect()
.await;
Self { Self {
cipher_attachments, cipher_attachments,
@ -1574,7 +1572,7 @@ impl CipherSyncData {
user_organizations, user_organizations,
user_collections, user_collections,
user_collections_groups, user_collections_groups,
user_groups, user_group_full_access_for_organizations,
} }
} }
} }

10
src/db/models/cipher.rs
View File

@ -363,12 +363,14 @@ impl Cipher {
cipher_sync_data: Option<&CipherSyncData>, cipher_sync_data: Option<&CipherSyncData>,
conn: &DbConn, conn: &DbConn,
) -> bool { ) -> bool {
match cipher_sync_data { if let Some(ref org_uuid) = self.organization_uuid {
Some(cipher_sync_data) => { if let Some(cipher_sync_data) = cipher_sync_data {
cipher_sync_data.user_groups.iter().any(|hash_map_entry| hash_map_entry.1.access_all) return cipher_sync_data.user_group_full_access_for_organizations.get(org_uuid).is_some();
} else {
return Group::is_in_full_access_group(user_uuid, org_uuid, conn).await;
} }
None => Group::is_in_full_access_group(user_uuid, conn).await,
} }
false
} }
/// Returns the user's access restrictions to this cipher. A return value /// Returns the user's access restrictions to this cipher. A return value

23
src/db/models/group.rs
View File

@ -171,24 +171,26 @@ impl Group {
}} }}
} }
pub async fn find_by_user(user_uuid: &str, conn: &DbConn) -> Vec<Self> { //Returns all organizations the user has full access to
pub async fn gather_user_organizations_full_access(user_uuid: &str, conn: &DbConn) -> Vec<String> {
db_run! { conn: { db_run! { conn: {
groups::table groups_users::table
.inner_join(groups_users::table.on(
groups_users::groups_uuid.eq(groups::uuid)
))
.inner_join(users_organizations::table.on( .inner_join(users_organizations::table.on(
users_organizations::uuid.eq(groups_users::users_organizations_uuid) users_organizations::uuid.eq(groups_users::users_organizations_uuid)
)) ))
.inner_join(groups::table.on(
groups::uuid.eq(groups_users::groups_uuid)
))
.filter(users_organizations::user_uuid.eq(user_uuid)) .filter(users_organizations::user_uuid.eq(user_uuid))
.select(groups::all_columns) .filter(groups::access_all.eq(true))
.load::<GroupDb>(conn) .select(groups::organizations_uuid)
.expect("Error loading user groups") .distinct()
.from_db() .load::<String>(conn)
.expect("Error loading organization group full access information for user")
}} }}
} }
pub async fn is_in_full_access_group(user_uuid: &str, conn: &DbConn) -> bool { pub async fn is_in_full_access_group(user_uuid: &str, org_uuid: &str, conn: &DbConn) -> bool {
db_run! { conn: { db_run! { conn: {
groups::table groups::table
.inner_join(groups_users::table.on( .inner_join(groups_users::table.on(
@ -198,6 +200,7 @@ impl Group {
users_organizations::uuid.eq(groups_users::users_organizations_uuid) users_organizations::uuid.eq(groups_users::users_organizations_uuid)
)) ))
.filter(users_organizations::user_uuid.eq(user_uuid)) .filter(users_organizations::user_uuid.eq(user_uuid))
.filter(groups::organizations_uuid.eq(org_uuid))
.filter(groups::access_all.eq(true)) .filter(groups::access_all.eq(true))
.select(groups::access_all) .select(groups::access_all)
.first::<bool>(conn) .first::<bool>(conn)

Write Preview
Loading…
Cancel
Save