Fix #3624: fix manager permission within groups

2 years ago · bb100df31a
2 changed files with 33 additions and 0 deletions
--- a/src/api/core/organizations.rs
+++ b/src/api/core/organizations.rs
@ -337,6 +337,9 @@ async fn get_org_collections_details(org_id: &str, headers: ManagerHeadersLoose,
            Vec::with_capacity(0)
        };

+        // uuids of users belonging to a group of this collection
+        let group_users = GroupUser::get_collection_group_users_uuid(&col.uuid, &mut conn).await;
+
        let mut assigned = false;
        let users: Vec<Value> = coll_users
            .iter()
@ -351,6 +354,11 @@ async fn get_org_collections_details(org_id: &str, headers: ManagerHeadersLoose,
            })
            .collect();

+        // if current user is in any collection-assigned group
+        if group_users.contains(&user_org.uuid) {
+            assigned = true;
+        }
+
        if user_org.access_all {
            assigned = true;
        }
--- a/src/db/models/group.rs
+++ b/src/db/models/group.rs
@ -1,3 +1,5 @@
+use std::collections::HashSet;
+
 use chrono::{NaiveDateTime, Utc};
 use serde_json::Value;

@ -486,6 +488,29 @@ impl GroupUser {
        }}
    }

+    pub async fn find_by_collection(collection_uuid: &str, conn: &mut DbConn) -> Vec<Self> {
+        db_run! { conn: {
+            groups_users::table
+                .inner_join(collections_groups::table.on(
+                    collections_groups::groups_uuid.eq(groups_users::groups_uuid)
+                ))
+                .filter(collections_groups::collections_uuid.eq(collection_uuid))
+                .select(groups_users::all_columns)
+                .load::<GroupUserDb>(conn)
+                .expect("Error loading group users for collection")
+                .from_db()
+        }}
+    }
+
+    /// returns uuid of members of collection groups
+    pub async fn get_collection_group_users_uuid(collection_uuid: &str, conn: &mut DbConn) -> HashSet<String> {
+        GroupUser::find_by_collection(collection_uuid, conn)
+            .await
+            .iter()
+            .map(|u| u.users_organizations_uuid.clone())
+            .collect()
+    }
+
    pub async fn update_user_revision(&self, conn: &mut DbConn) {
        match UserOrganization::find_by_uuid(&self.users_organizations_uuid, conn).await {
            Some(user) => User::update_uuid_revision(&user.user_uuid, conn).await,