topaLE
/
vaultwarden
mirror of https://github.com/dani-garcia/vaultwarden
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Added org user editing

pull/7/head
Daniel García 7 years ago
parent
e6132809d2
commit
5210f9b951
3 changed files with 225 additions and 73 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      src/api/core/mod.rs
  2. 251
      src/api/core/organizations.rs
  3. 42
      src/db/models/organization.rs

5
src/api/core/mod.rs
View File

@ -55,13 +55,16 @@ pub fn routes() -> Vec<Route> {
disable_authenticator, disable_authenticator,
create_organization, create_organization,
delete_organization,
get_user_collections, get_user_collections,
get_org_collections, get_org_collections,
get_collection_users,
get_org_details, get_org_details,
get_org_users, get_org_users,
get_collection_users,
send_invite, send_invite,
confirm_invite, confirm_invite,
get_user,
edit_user,
delete_user, delete_user,
clear_device_token, clear_device_token,

251
src/api/core/organizations.rs
View File

@ -5,7 +5,7 @@ use rocket_contrib::{Json, Value};
use db::DbConn; use db::DbConn;
use db::models::*; use db::models::*;
use api::{JsonResult, EmptyResult}; use api::{PasswordData, JsonResult, EmptyResult};
use auth::Headers; use auth::Headers;
@ -38,6 +38,14 @@ fn create_organization(headers: Headers, data: Json<OrgData>, conn: DbConn) -> J
Ok(Json(org.to_json())) Ok(Json(org.to_json()))
} }
#[post("/organizations/<org_id>/delete", data = "<data>")]
fn delete_organization(org_id: String, data: Json<PasswordData>, headers: Headers, conn: DbConn) -> JsonResult {
let data: PasswordData = data.into_inner();
let password_hash = data.masterPasswordHash;
unimplemented!()
}
// GET /api/collections?writeOnly=false // GET /api/collections?writeOnly=false
#[get("/collections")] #[get("/collections")]
@ -62,6 +70,33 @@ fn get_org_collections(org_id: String, headers: Headers, conn: DbConn) -> JsonRe
}))) })))
} }
#[get("/organizations/<org_id>/collections/<coll_id>/users")]
fn get_collection_users(org_id: String, coll_id: String, headers: Headers, conn: DbConn) -> JsonResult {
// Get org and collection, check that collection is from org
// Get the users from collection
/*
The elements from the data array to return have the following structure
{
OrganizationUserId: <id>
AccessAll: true
Name: <user_name>
Email: <user_email>
Type: 0
Status: 2
ReadOnly: false
Object: collectionUser
}
*/
Ok(Json(json!({
"Data": [],
"Object": "list"
})))
}
#[derive(FromForm)] #[derive(FromForm)]
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct OrgIdData { struct OrgIdData {
@ -81,13 +116,13 @@ fn get_org_details(data: OrgIdData, headers: Headers, conn: DbConn) -> JsonResul
#[get("/organizations/<org_id>/users")] #[get("/organizations/<org_id>/users")]
fn get_org_users(org_id: String, headers: Headers, conn: DbConn) -> JsonResult { fn get_org_users(org_id: String, headers: Headers, conn: DbConn) -> JsonResult {
let user_org = match UserOrganization::find_by_user_and_org(&headers.user.uuid, &org_id, &conn) { match UserOrganization::find_by_user_and_org(&headers.user.uuid, &org_id, &conn) {
Some(user_org) => user_org, Some(_) => (),
None => err!("User isn't member of organization") None => err!("User isn't member of organization")
} }
let users = UserOrganization::find_by_org(&org_id, &conn); let users = UserOrganization::find_by_org(&org_id, &conn);
let users_json: Vec<Value> = users.iter().map(|c| c.to_json_details(&conn)).collect(); let users_json: Vec<Value> = users.iter().map(|c| c.to_json_user_details(&conn)).collect();
Ok(Json(json!({ Ok(Json(json!({
"Data": users_json, "Data": users_json,
@ -95,36 +130,9 @@ fn get_org_users(org_id: String, headers: Headers, conn: DbConn) -> JsonResult {
}))) })))
} }
#[get("/organizations/<org_id>/collections/<coll_id>/users")]
fn get_collection_users(org_id: String, coll_id: String, headers: Headers, conn: DbConn) -> JsonResult {
// Get org and collection, check that collection is from org
// Get the users from collection
/*
The elements from the data array to return have the following structure
{
OrganizationUserId: <id>
AccessAll: true
Name: <user_name>
Email: <user_email>
Type: 0
Status: 2
ReadOnly: false
Object: collectionUser
}
*/
Ok(Json(json!({
"Data": [],
"Object": "list"
})))
}
#[derive(Deserialize)] #[derive(Deserialize)]
#[allow(non_snake_case)] #[allow(non_snake_case)]
struct InviteCollectionData { struct CollectionData {
id: String, id: String,
readOnly: bool, readOnly: bool,
} }
@ -135,25 +143,30 @@ struct InviteData {
emails: Vec<String>, emails: Vec<String>,
#[serde(rename = "type")] #[serde(rename = "type")]
type_: String, type_: String,
collections: Vec<InviteCollectionData>, collections: Vec<CollectionData>,
accessAll: bool, accessAll: bool,
} }
#[post("/organizations/<org_id>/users/invite", data = "<data>")] #[post("/organizations/<org_id>/users/invite", data = "<data>")]
fn send_invite(org_id: String, data: Json<InviteData>, headers: Headers, conn: DbConn) -> EmptyResult { fn send_invite(org_id: String, data: Json<InviteData>, headers: Headers, conn: DbConn) -> EmptyResult {
let data: InviteData = data.into_inner(); let data: InviteData = data.into_inner();
let user_org = match UserOrganization::find_by_user_and_org(&headers.user.uuid, &org_id, &conn) { let current_user = match UserOrganization::find_by_user_and_org(&headers.user.uuid, &org_id, &conn) {
Some(user_org) => user_org, Some(user) => user,
None => err!("User isn't member of organization") None => err!("The current user isn't member of the organization")
}; };
if user_org.type_ == UserOrgType::User { if current_user.type_ == UserOrgType::User as i32 {
err!("Users can't invite other people. Ask an Admin or Owner") err!("Users can't invite other people. Ask an Admin or Owner")
} }
if type_ != UserOrgType::User && user_org.type_ != UserOrgType::Owner { let new_type = match UserOrgType::from_str(data.type_.as_ref()) {
Some(new_type) => new_type as i32,
None => err!("Invalid type")
};
if new_type != UserOrgType::User as i32 &&
current_user.type_ != UserOrgType::Owner as i32 {
err!("Only Owners can invite Admins or Owners") err!("Only Owners can invite Admins or Owners")
} }
@ -166,24 +179,19 @@ fn send_invite(org_id: String, data: Json<InviteData>, headers: Headers, conn: D
None => () None => ()
} }
let mut new_user_org = UserOrganization::new( let mut new_user = UserOrganization::new(
user.uuid, org_id.clone()); user.uuid, org_id.clone());
if data.accessAll { if data.accessAll {
new_user_org.access_all = data.accessAll; new_user.access_all = data.accessAll;
} else { } else {
err!("Select collections unimplemented") err!("Select collections unimplemented")
// TODO create Users_collections // TODO create Users_collections
} }
new_user_org.type_ = match data.type_.as_ref() { new_user.type_ = new_type;
"Owner" => UserOrgType::Owner,
"Admin" => UserOrgType::Admin,
"User" => UserOrgType::User,
_ => err!("Invalid type")
} as i32;
new_user_org.save(&conn); new_user.save(&conn);
} }
} }
} }
@ -193,58 +201,161 @@ fn send_invite(org_id: String, data: Json<InviteData>, headers: Headers, conn: D
#[post("/organizations/<org_id>/users/<user_id>/confirm", data = "<data>")] #[post("/organizations/<org_id>/users/<user_id>/confirm", data = "<data>")]
fn confirm_invite(org_id: String, user_id: String, data: Json<Value>, headers: Headers, conn: DbConn) -> EmptyResult { fn confirm_invite(org_id: String, user_id: String, data: Json<Value>, headers: Headers, conn: DbConn) -> EmptyResult {
let user_org = match UserOrganization::find_by_user_and_org(&headers.user.uuid, &org_id, &conn) { let current_user = match UserOrganization::find_by_user_and_org(
Some(user_org) => user_org, &headers.user.uuid, &org_id, &conn) {
None => err!("User isn't member of organization") Some(user) => user,
None => err!("The current user isn't member of the organization")
}; };
if user_org.type_ == UserOrgType::User { if current_user.type_ == UserOrgType::User as i32 {
err!("Users can't confirm other people. Ask an Admin or Owner") err!("Users can't confirm other people. Ask an Admin or Owner")
} }
if type_ != UserOrgType::User && user_org.type_ != UserOrgType::Owner { let mut user_to_confirm = match UserOrganization::find_by_uuid(&user_id, &conn) {
Some(user) => user,
None => err!("User to confirm isn't member of the organization")
};
if user_to_confirm.type_ != UserOrgType::User as i32 &&
current_user.type_ != UserOrgType::Owner as i32 {
err!("Only Owners can confirm Admins or Owners") err!("Only Owners can confirm Admins or Owners")
} }
let mut user_org = match UserOrganization::find_by_user_and_org( if user_to_confirm.status != UserOrgStatus::Accepted as i32 {
&user_id, &org_id, &conn) {
Some(user_org) => user_org,
None => err!("Can't find user")
};
if user_org.status != UserOrgStatus::Accepted as i32 {
err!("User in invalid state") err!("User in invalid state")
} }
user_org.status = UserOrgStatus::Confirmed as i32; user_to_confirm.status = UserOrgStatus::Confirmed as i32;
user_org.key = match data["key"].as_str() { user_to_confirm.key = match data["key"].as_str() {
Some(key) => key.to_string(), Some(key) => key.to_string(),
None => err!("Invalid key provided") None => err!("Invalid key provided")
}; };
user_org.save(&conn); user_to_confirm.save(&conn);
Ok(())
}
#[get("/organizations/<org_id>/users/<user_id>")]
fn get_user(org_id: String, user_id: String, headers: Headers, conn: DbConn) -> JsonResult {
let current_user = match UserOrganization::find_by_user_and_org(
&headers.user.uuid, &org_id, &conn) {
Some(user) => user,
None => err!("The current user isn't member of the organization")
};
let user = match UserOrganization::find_by_uuid(&user_id, &conn) {
Some(user) => user,
None => err!("The specified user isn't member of the organization")
};
Ok(Json(user.to_json_details()))
}
#[derive(Deserialize)]
#[allow(non_snake_case)]
struct EditUserData {
#[serde(rename = "type")]
type_: String,
collections: Vec<CollectionData>,
accessAll: bool,
}
#[post("/organizations/<org_id>/users/<user_id>", data = "<data>", rank = 1)]
fn edit_user(org_id: String, user_id: String, data: Json<EditUserData>, headers: Headers, conn: DbConn) -> EmptyResult {
let data: EditUserData = data.into_inner();
let current_user = match UserOrganization::find_by_user_and_org(
&headers.user.uuid, &org_id, &conn) {
Some(user) => user,
None => err!("The current user isn't member of the organization")
};
let new_type = match UserOrgType::from_str(data.type_.as_ref()) {
Some(new_type) => new_type as i32,
None => err!("Invalid type")
};
let mut user_to_edit = match UserOrganization::find_by_uuid(&user_id, &conn) {
Some(user) => user,
None => err!("The specified user isn't member of the organization")
};
if current_user.type_ == UserOrgType::User as i32 {
err!("Users can't edit users. Ask an Admin or Owner")
}
if new_type != UserOrgType::User as i32 &&
current_user.type_ != UserOrgType::Owner as i32 {
err!("Only Owners can grant Admin or Owner type")
}
if user_to_edit.type_ != UserOrgType::User as i32 &&
current_user.type_ != UserOrgType::Owner as i32 {
err!("Only Owners can edit Admin or Owner")
}
if user_to_edit.type_ == UserOrgType::Owner as i32 &&
new_type != UserOrgType::Owner as i32 {
// Removing owner permmission, check that there are at least another owner
let num_owners = UserOrganization::find_by_org_and_type(
&org_id, UserOrgType::Owner as i32, &conn)
.len();
if num_owners <= 1 {
err!("Can't delete the last owner")
}
}
user_to_edit.access_all = data.accessAll;
user_to_edit.type_ = new_type;
if data.accessAll {
// Remove users_collections if there is any
} else {
// TODO create users_collections
}
user_to_edit.save(&conn);
Ok(()) Ok(())
} }
#[post("/organizations/<org_id>/users/<user_id>/delete")] #[post("/organizations/<org_id>/users/<user_id>/delete")]
fn delete_user(org_id: String, user_id: String, headers: Headers, conn: DbConn) -> EmptyResult { fn delete_user(org_id: String, user_id: String, headers: Headers, conn: DbConn) -> EmptyResult {
let user_org = match UserOrganization::find_by_user_and_org(&headers.user.uuid, &org_id, &conn) { let current_user = match UserOrganization::find_by_user_and_org(
Some(user_org) => user_org, &headers.user.uuid, &org_id, &conn) {
None => err!("User isn't member of organization") Some(user) => user,
None => err!("The current user isn't member of the organization")
}; };
if user_org.type_ == UserOrgType::User { if current_user.type_ == UserOrgType::User as i32 {
err!("Users can't delete other people. Ask an Admin or Owner") err!("Users can't delete other people. Ask an Admin or Owner")
} }
if type_ != UserOrgType::User && user_org.type_ != UserOrgType::Owner { let user_to_delete = match UserOrganization::find_by_uuid(&user_id, &conn) {
Some(user) => user,
None => err!("User to delete isn't member of the organization")
};
if user_to_delete.type_ != UserOrgType::User as i32 &&
current_user.type_ != UserOrgType::Owner as i32 {
err!("Only Owners can delete Admins or Owners") err!("Only Owners can delete Admins or Owners")
} }
// TODO Don't delete the last owner if user_to_delete.type_ == UserOrgType::Owner as i32 {
// Removing owner, check that there are at least another owner
let num_owners = UserOrganization::find_by_org_and_type(
&org_id, UserOrgType::Owner as i32, &conn)
.len();
if num_owners <= 1 {
err!("Can't delete the last owner")
}
}
user_org.delete(&conn); user_to_delete.delete(&conn);
// TODO Delete users_collections from this org // TODO Delete users_collections from this org

42
src/db/models/organization.rs
View File

@ -37,6 +37,17 @@ pub enum UserOrgType {
User = 2, User = 2,
} }
impl UserOrgType {
pub fn from_str(s: &str) -> Option<Self> {
match s {
"0" | "Owner" => Some(UserOrgType::Owner),
"1" | "Admin" => Some(UserOrgType::Admin),
"2" | "User" => Some(UserOrgType::User),
_ => None,
}
}
}
/// Local methods /// Local methods
impl Organization { impl Organization {
pub fn new(name: String, billing_email: String) -> Self { pub fn new(name: String, billing_email: String) -> Self {
@ -155,13 +166,13 @@ impl UserOrganization {
}) })
} }
pub fn to_json_details(&self, conn: &DbConn) -> JsonValue { pub fn to_json_user_details(&self, conn: &DbConn) -> JsonValue {
use super::User; use super::User;
let user = User::find_by_uuid(&self.user_uuid, conn).unwrap(); let user = User::find_by_uuid(&self.user_uuid, conn).unwrap();
json!({ json!({
"Id": self.uuid, "Id": self.uuid,
"UserId": user.uuid, "UserId": self.user_uuid,
"Name": user.name, "Name": user.name,
"Email": user.email, "Email": user.email,
@ -173,6 +184,20 @@ impl UserOrganization {
}) })
} }
pub fn to_json_details(&self) -> JsonValue {
json!({
"Id": self.uuid,
"UserId": self.user_uuid,
"Status": self.status,
"Type": self.type_,
"AccessAll": true,
"Collections": [],
"Object": "organizationUserDetails",
})
}
pub fn save(&mut self, conn: &DbConn) -> bool { pub fn save(&mut self, conn: &DbConn) -> bool {
match diesel::replace_into(users_organizations::table) match diesel::replace_into(users_organizations::table)
.values(&*self) .values(&*self)
@ -191,6 +216,12 @@ impl UserOrganization {
} }
} }
pub fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option<Self> {
users_organizations::table
.filter(users_organizations::uuid.eq(uuid))
.first::<Self>(&**conn).ok()
}
pub fn find_by_user(user_uuid: &str, conn: &DbConn) -> Vec<Self> { pub fn find_by_user(user_uuid: &str, conn: &DbConn) -> Vec<Self> {
users_organizations::table users_organizations::table
.filter(users_organizations::user_uuid.eq(user_uuid)) .filter(users_organizations::user_uuid.eq(user_uuid))
@ -203,6 +234,13 @@ impl UserOrganization {
.load::<Self>(&**conn).expect("Error loading user organizations") .load::<Self>(&**conn).expect("Error loading user organizations")
} }
pub fn find_by_org_and_type(org_uuid: &str, type_: i32, conn: &DbConn) -> Vec<Self> {
users_organizations::table
.filter(users_organizations::org_uuid.eq(org_uuid))
.filter(users_organizations::type_.eq(type_))
.load::<Self>(&**conn).expect("Error loading user organizations")
}
pub fn find_by_user_and_org(user_uuid: &str, org_uuid: &str, conn: &DbConn) -> Option<Self> { pub fn find_by_user_and_org(user_uuid: &str, org_uuid: &str, conn: &DbConn) -> Option<Self> {
users_organizations::table users_organizations::table
.filter(users_organizations::user_uuid.eq(user_uuid)) .filter(users_organizations::user_uuid.eq(user_uuid))

Write Preview
Loading…
Cancel
Save