topaLE
/
vaultwarden
mirror of https://github.com/dani-garcia/vaultwarden
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Implement comparison between i32 and UserOrgType

pull/243/head
Miroslav Prasil 7 years ago
parent
b4e222d598
commit
66a4c5d48b
4 changed files with 112 additions and 32 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 42
      src/api/core/organizations.rs
  2. 24
      src/auth.rs
  3. 76
      src/db/models/organization.rs
  4. 2
      src/db/models/user.rs

42
src/api/core/organizations.rs
View File

@ -91,7 +91,7 @@ fn leave_organization(org_id: String, headers: Headers, conn: DbConn) -> EmptyRe
match UserOrganization::find_by_user_and_org(&headers.user.uuid, &org_id, &conn) {
None => err!("User not part of organization"),
Some(user_org) => {
if user_org.type_ == UserOrgType::Owner as i32 {
if user_org.type_ == UserOrgType::Owner {
let num_owners = UserOrganization::find_by_org_and_type(
&org_id, UserOrgType::Owner as i32, &conn)
.len();
@ -378,9 +378,9 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
None => err!("Invalid type")
};
if new_type != UserOrgType::User as i32 &&
headers.org_user_type != UserOrgType::Owner as i32 {
err!("Only Owners can invite Admins or Owners")
if new_type != UserOrgType::User &&
headers.org_user_type != UserOrgType::Owner {
err!("Only Owners can invite Managers, Admins or Owners")
}
for email in data.Emails.iter() {
@ -452,9 +452,9 @@ fn confirm_invite(org_id: String, org_user_id: String, data: JsonUpcase<Value>,
None => err!("The specified user isn't a member of the organization")
};
if user_to_confirm.type_ != UserOrgType::User as i32 &&
headers.org_user_type != UserOrgType::Owner as i32 {
err!("Only Owners can confirm Admins or Owners")
if user_to_confirm.type_ != UserOrgType::User &&
headers.org_user_type != UserOrgType::Owner {
err!("Only Owners can confirm Managers, Admins or Owners")
}
if user_to_confirm.status != UserOrgStatus::Accepted as i32 {
@ -502,7 +502,7 @@ fn edit_user(org_id: String, org_user_id: String, data: JsonUpcase<EditUserData>
let data: EditUserData = data.into_inner().data;
let new_type = match UserOrgType::from_str(&data.Type.into_string()) {
Some(new_type) => new_type as i32,
Some(new_type) => new_type,
None => err!("Invalid type")
};
@ -511,21 +511,21 @@ fn edit_user(org_id: String, org_user_id: String, data: JsonUpcase<EditUserData>
None => err!("The specified user isn't member of the organization")
};
if new_type != user_to_edit.type_ as i32 && (
user_to_edit.type_ <= UserOrgType::Admin as i32 ||
new_type <= UserOrgType::Admin as i32
if new_type != user_to_edit.type_ && (
user_to_edit.type_ >= UserOrgType::Admin ||
new_type >= UserOrgType::Admin
) &&
headers.org_user_type != UserOrgType::Owner as i32 {
headers.org_user_type != UserOrgType::Owner {
err!("Only Owners can grant and remove Admin or Owner privileges")
}
if user_to_edit.type_ == UserOrgType::Owner as i32 &&
headers.org_user_type != UserOrgType::Owner as i32 {
if user_to_edit.type_ == UserOrgType::Owner &&
headers.org_user_type != UserOrgType::Owner {
err!("Only Owners can edit Owner users")
}
if user_to_edit.type_ == UserOrgType::Owner as i32 &&
new_type != UserOrgType::Owner as i32 {
if user_to_edit.type_ == UserOrgType::Owner &&
new_type != UserOrgType::Owner {
// Removing owner permmission, check that there are at least another owner
let num_owners = UserOrganization::find_by_org_and_type(
@ -538,7 +538,7 @@ fn edit_user(org_id: String, org_user_id: String, data: JsonUpcase<EditUserData>
}
user_to_edit.access_all = data.AccessAll;
user_to_edit.type_ = new_type;
user_to_edit.type_ = new_type as i32;
// Delete all the odd collections
for c in CollectionUser::find_by_organization_and_user_uuid(&org_id, &user_to_edit.user_uuid, &conn) {
@ -591,12 +591,12 @@ fn delete_user(org_id: String, org_user_id: String, headers: AdminHeaders, conn:
None => err!("User to delete isn't member of the organization")
};
if user_to_delete.type_ != UserOrgType::User as i32 &&
headers.org_user_type != UserOrgType::Owner as i32 {
if user_to_delete.type_ != UserOrgType::User &&
headers.org_user_type != UserOrgType::Owner {
err!("Only Owners can delete Admins or Owners")
}
if user_to_delete.type_ == UserOrgType::Owner as i32 {
if user_to_delete.type_ == UserOrgType::Owner {
// Removing owner, check that there are at least another owner
let num_owners = UserOrganization::find_by_org_and_type(
&org_id, UserOrgType::Owner as i32, &conn)
@ -653,7 +653,7 @@ fn post_org_import(query: OrgIdData, data: JsonUpcase<ImportData>, headers: Head
None => err!("User is not part of the organization")
};
if org_user.type_ > UserOrgType::Admin as i32 {
if org_user.type_ < UserOrgType::Admin {
err!("Only admins or owners can import into an organization")
}

24
src/auth.rs
View File

@ -184,7 +184,7 @@ pub struct OrgHeaders {
pub host: String,
pub device: Device,
pub user: User,
pub org_user_type: i32,
pub org_user_type: UserOrgType,
}
impl<'a, 'r> FromRequest<'a, 'r> for OrgHeaders {
@ -225,7 +225,13 @@ impl<'a, 'r> FromRequest<'a, 'r> for OrgHeaders {
host: headers.host,
device: headers.device,
user: headers.user,
org_user_type: org_user.type_,
org_user_type: {
if let Some(org_usr_type) = UserOrgType::from_i32(&org_user.type_) {
org_usr_type
} else { // This should only happen if the DB is corrupted
err_handler!("Unknown user type in the database")
}
},
})
}
}
@ -238,7 +244,7 @@ pub struct AdminHeaders {
pub host: String,
pub device: Device,
pub user: User,
pub org_user_type: i32,
pub org_user_type: UserOrgType,
}
impl<'a, 'r> FromRequest<'a, 'r> for AdminHeaders {
@ -249,15 +255,15 @@ impl<'a, 'r> FromRequest<'a, 'r> for AdminHeaders {
Outcome::Forward(f) => Outcome::Forward(f),
Outcome::Failure(f) => Outcome::Failure(f),
Outcome::Success(headers) => {
if headers.org_user_type > UserOrgType::Admin as i32 {
err_handler!("You need to be Admin or Owner to call this endpoint")
} else {
if headers.org_user_type >= UserOrgType::Admin {
Outcome::Success(Self{
host: headers.host,
device: headers.device,
user: headers.user,
org_user_type: headers.org_user_type,
})
} else {
err_handler!("You need to be Admin or Owner to call this endpoint")
}
}
}
@ -278,14 +284,14 @@ impl<'a, 'r> FromRequest<'a, 'r> for OwnerHeaders {
Outcome::Forward(f) => Outcome::Forward(f),
Outcome::Failure(f) => Outcome::Failure(f),
Outcome::Success(headers) => {
if headers.org_user_type > UserOrgType::Owner as i32 {
err_handler!("You need to be Owner to call this endpoint")
} else {
if headers.org_user_type == UserOrgType::Owner {
Outcome::Success(Self{
host: headers.host,
device: headers.device,
user: headers.user,
})
} else {
err_handler!("You need to be Owner to call this endpoint")
}
}
}

76
src/db/models/organization.rs
View File

@ -1,3 +1,4 @@
use std::cmp::Ordering;
use serde_json::Value as JsonValue;
use uuid::Uuid;
@ -32,10 +33,71 @@ pub enum UserOrgStatus {
Confirmed = 2,
}
#[derive(Copy, Clone)]
#[derive(PartialEq)]
#[derive(Eq)]
pub enum UserOrgType {
Owner = 0,
Admin = 1,
User = 2,
Manager = 3,
}
impl Ord for UserOrgType {
fn cmp(&self, other: &UserOrgType) -> Ordering {
if self == other {
Ordering::Equal
} else {
match self {
UserOrgType::Owner => Ordering::Greater,
UserOrgType::Admin => match other {
UserOrgType::Owner => Ordering::Less,
_ => Ordering::Greater
},
UserOrgType::Manager => match other {
UserOrgType::Owner | UserOrgType::Admin => Ordering::Less,
_ => Ordering::Greater
},
UserOrgType::User => Ordering::Less
}
}
}
}
impl PartialOrd for UserOrgType {
fn partial_cmp(&self, other: &UserOrgType) -> Option<Ordering> {
Some(self.cmp(other))
}
}
impl PartialEq<i32> for UserOrgType {
fn eq(&self, other: &i32) -> bool {
*other == *self as i32
}
}
impl PartialOrd<i32> for UserOrgType {
fn partial_cmp(&self, other: &i32) -> Option<Ordering> {
if let Some(other) = Self::from_i32(other) {
return Some(self.cmp(&other))
}
return None
}
}
impl PartialEq<UserOrgType> for i32 {
fn eq(&self, other: &UserOrgType) -> bool {
*self == *other as i32
}
}
impl PartialOrd<UserOrgType> for i32 {
fn partial_cmp(&self, other: &UserOrgType) -> Option<Ordering> {
if let Some(self_type) = UserOrgType::from_i32(self) {
return Some(self_type.cmp(other))
}
return None
}
}
impl UserOrgType {
@ -44,9 +106,21 @@ impl UserOrgType {
"0" | "Owner" => Some(UserOrgType::Owner),
"1" | "Admin" => Some(UserOrgType::Admin),
"2" | "User" => Some(UserOrgType::User),
"3" | "Manager" => Some(UserOrgType::Manager),
_ => None,
}
}
pub fn from_i32(i: &i32) -> Option<Self> {
match i {
0 => Some(UserOrgType::Owner),
1 => Some(UserOrgType::Admin),
2 => Some(UserOrgType::User),
3 => Some(UserOrgType::Manager),
_ => None,
}
}
}
/// Local methods
@ -302,7 +376,7 @@ impl UserOrganization {
}
pub fn has_full_access(self) -> bool {
self.access_all || self.type_ < UserOrgType::User as i32
self.access_all || self.type_ >= UserOrgType::Admin
}
pub fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option<Self> {

2
src/db/models/user.rs
View File

@ -157,7 +157,7 @@ impl User {
pub fn delete(self, conn: &DbConn) -> QueryResult<()> {
for user_org in UserOrganization::find_by_user(&self.uuid, &*conn) {
if user_org.type_ == UserOrgType::Owner as i32 {
if user_org.type_ == UserOrgType::Owner {
if UserOrganization::find_by_org_and_type(
&user_org.org_uuid,
UserOrgType::Owner as i32, &conn

Write Preview
Loading…
Cancel
Save