topaLE
/
vaultwarden
mirror of https://github.com/dani-garcia/vaultwarden
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Fix issue when user is manager and in a group having access to all collections

pull/3754/head
matlink 2 years ago
committed by Matlink
parent
f4e9857dfd
commit
67732fe5a1
2 changed files with 20 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      src/api/core/organizations.rs
  2. 16
      src/db/models/group.rs

6
src/api/core/organizations.rs
View File

@ -321,6 +321,8 @@ async fn get_org_collections_details(org_id: &str, headers: ManagerHeadersLoose,
}; };
let coll_users = CollectionUser::find_by_organization(org_id, &mut conn).await; let coll_users = CollectionUser::find_by_organization(org_id, &mut conn).await;
// uuids of users in groups having access to all collections
let all_access_group_uuids = GroupUser::get_all_access_group_users_uuid(org_id, &mut conn).await;
for col in Collection::find_by_organization(org_id, &mut conn).await { for col in Collection::find_by_organization(org_id, &mut conn).await {
let groups: Vec<Value> = if CONFIG.org_groups_enabled() { let groups: Vec<Value> = if CONFIG.org_groups_enabled() {
@ -354,8 +356,8 @@ async fn get_org_collections_details(org_id: &str, headers: ManagerHeadersLoose,
}) })
.collect(); .collect();
// if current user is in any collection-assigned group // if current user is in any collection-assigned group or in a group having access to all collections
if group_users.contains(&user_org.uuid) { if group_users.contains(&user_org.uuid) || all_access_group_uuids.contains(&user_org.uuid) {
assigned = true; assigned = true;
} }

16
src/db/models/group.rs
View File

@ -503,6 +503,22 @@ impl GroupUser {
.collect() .collect()
} }
pub async fn get_all_access_group_users_uuid(org_uuid: &str, conn: &mut DbConn) -> HashSet<String> {
db_run! { conn: {
groups_users::table
.inner_join(groups::table.on(
groups::uuid.eq(groups_users::groups_uuid)
))
.filter(groups::organizations_uuid.eq(org_uuid))
.filter(groups::access_all.eq(true))
.select(groups_users::users_organizations_uuid)
.load::<String>(conn)
.expect("Error loading all access group users for organization")
}}
.into_iter()
.collect()
}
pub async fn update_user_revision(&self, conn: &mut DbConn) { pub async fn update_user_revision(&self, conn: &mut DbConn) {
match UserOrganization::find_by_uuid(&self.users_organizations_uuid, conn).await { match UserOrganization::find_by_uuid(&self.users_organizations_uuid, conn).await {
Some(user) => User::update_uuid_revision(&user.user_uuid, conn).await, Some(user) => User::update_uuid_revision(&user.user_uuid, conn).await,

Write Preview
Loading…
Cancel
Save