From 39d078a9577ca9010d82aa76c9a08ab5a8d7df29 Mon Sep 17 00:00:00 2001 From: MFijak Date: Tue, 2 Aug 2022 09:05:56 +0200 Subject: [PATCH] use cipher sync data if possible --- src/db/models/cipher.rs | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/src/db/models/cipher.rs b/src/db/models/cipher.rs index b43c4d4e..adcde616 100644 --- a/src/db/models/cipher.rs +++ b/src/db/models/cipher.rs @@ -336,7 +336,7 @@ impl Cipher { } /// Returns whether this cipher is owned by an org in which the user has full access. - pub async fn is_in_full_access_org( + async fn is_in_full_access_org( &self, user_uuid: &str, cipher_sync_data: Option<&CipherSyncData>, @@ -354,6 +354,23 @@ impl Cipher { false } + /// Returns whether this cipher is owned by an group in which the user has full access. + async fn is_in_full_access_group( + &self, + user_uuid: &str, + cipher_sync_data: Option<&CipherSyncData>, + conn: &DbConn, + ) -> bool { + match cipher_sync_data { + Some(cipher_sync_data) => { + cipher_sync_data.user_groups.iter().any(|group| group.access_all) + }, + None => { + Group::is_in_full_access_group(user_uuid, conn).await + } + } + } + /// Returns the user's access restrictions to this cipher. A return value /// of None means that this cipher does not belong to the user, and is /// not in any collection the user has access to. Otherwise, the user has @@ -368,7 +385,7 @@ impl Cipher { // Check whether this cipher is directly owned by the user, or is in // a collection that the user has full access to. If so, there are no // access restrictions. - if self.is_owned_by_user(user_uuid) || self.is_in_full_access_org(user_uuid, cipher_sync_data, conn).await || Group::is_in_full_access_group(user_uuid, conn).await { + if self.is_owned_by_user(user_uuid) || self.is_in_full_access_org(user_uuid, cipher_sync_data, conn).await || self.is_in_full_access_group(user_uuid, cipher_sync_data, conn).await { return Some((false, false)); }