diff --git a/src/api/core/emergency_access.rs b/src/api/core/emergency_access.rs index ba46291c..bab67442 100644 --- a/src/api/core/emergency_access.rs +++ b/src/api/core/emergency_access.rs @@ -39,9 +39,11 @@ pub fn routes() -> Vec { #[get("/emergency-access/trusted")] async fn get_contacts(headers: Headers, mut conn: DbConn) -> JsonResult { - check_emergency_access_allowed()?; - - let emergency_access_list = EmergencyAccess::find_all_by_grantor_uuid(&headers.user.uuid, &mut conn).await; + let emergency_access_list = if CONFIG.emergency_access_allowed() { + EmergencyAccess::find_all_by_grantor_uuid(&headers.user.uuid, &mut conn).await + } else { + Vec::new() + }; let mut emergency_access_list_json = Vec::with_capacity(emergency_access_list.len()); for ea in emergency_access_list { emergency_access_list_json.push(ea.to_json_grantee_details(&mut conn).await); @@ -56,9 +58,11 @@ async fn get_contacts(headers: Headers, mut conn: DbConn) -> JsonResult { #[get("/emergency-access/granted")] async fn get_grantees(headers: Headers, mut conn: DbConn) -> JsonResult { - check_emergency_access_allowed()?; - - let emergency_access_list = EmergencyAccess::find_all_by_grantee_uuid(&headers.user.uuid, &mut conn).await; + let emergency_access_list = if CONFIG.emergency_access_allowed() { + EmergencyAccess::find_all_by_grantee_uuid(&headers.user.uuid, &mut conn).await + } else { + Vec::new() + }; let mut emergency_access_list_json = Vec::with_capacity(emergency_access_list.len()); for ea in emergency_access_list { emergency_access_list_json.push(ea.to_json_grantor_details(&mut conn).await); @@ -73,7 +77,7 @@ async fn get_grantees(headers: Headers, mut conn: DbConn) -> JsonResult { #[get("/emergency-access/")] async fn get_emergency_access(emer_id: &str, mut conn: DbConn) -> JsonResult { - check_emergency_access_allowed()?; + check_emergency_access_enabled()?; match EmergencyAccess::find_by_uuid(emer_id, &mut conn).await { Some(emergency_access) => Ok(Json(emergency_access.to_json_grantee_details(&mut conn).await)), @@ -104,7 +108,7 @@ async fn post_emergency_access( data: JsonUpcase, mut conn: DbConn, ) -> JsonResult { - check_emergency_access_allowed()?; + check_emergency_access_enabled()?; let data: EmergencyAccessUpdateData = data.into_inner().data; @@ -134,7 +138,7 @@ async fn post_emergency_access( #[delete("/emergency-access/")] async fn delete_emergency_access(emer_id: &str, headers: Headers, mut conn: DbConn) -> EmptyResult { - check_emergency_access_allowed()?; + check_emergency_access_enabled()?; let grantor_user = headers.user; @@ -170,7 +174,7 @@ struct EmergencyAccessInviteData { #[post("/emergency-access/invite", data = "")] async fn send_invite(data: JsonUpcase, headers: Headers, mut conn: DbConn) -> EmptyResult { - check_emergency_access_allowed()?; + check_emergency_access_enabled()?; let data: EmergencyAccessInviteData = data.into_inner().data; let email = data.Email.to_lowercase(); @@ -253,7 +257,7 @@ async fn send_invite(data: JsonUpcase, headers: Heade #[post("/emergency-access//reinvite")] async fn resend_invite(emer_id: &str, headers: Headers, mut conn: DbConn) -> EmptyResult { - check_emergency_access_allowed()?; + check_emergency_access_enabled()?; let mut emergency_access = match EmergencyAccess::find_by_uuid(emer_id, &mut conn).await { Some(emer) => emer, @@ -313,7 +317,7 @@ struct AcceptData { #[post("/emergency-access//accept", data = "")] async fn accept_invite(emer_id: &str, data: JsonUpcase, headers: Headers, mut conn: DbConn) -> EmptyResult { - check_emergency_access_allowed()?; + check_emergency_access_enabled()?; let data: AcceptData = data.into_inner().data; let token = &data.Token; @@ -396,7 +400,7 @@ async fn confirm_emergency_access( headers: Headers, mut conn: DbConn, ) -> JsonResult { - check_emergency_access_allowed()?; + check_emergency_access_enabled()?; let confirming_user = headers.user; let data: ConfirmData = data.into_inner().data; @@ -445,7 +449,7 @@ async fn confirm_emergency_access( #[post("/emergency-access//initiate")] async fn initiate_emergency_access(emer_id: &str, headers: Headers, mut conn: DbConn) -> JsonResult { - check_emergency_access_allowed()?; + check_emergency_access_enabled()?; let initiating_user = headers.user; let mut emergency_access = match EmergencyAccess::find_by_uuid(emer_id, &mut conn).await { @@ -485,7 +489,7 @@ async fn initiate_emergency_access(emer_id: &str, headers: Headers, mut conn: Db #[post("/emergency-access//approve")] async fn approve_emergency_access(emer_id: &str, headers: Headers, mut conn: DbConn) -> JsonResult { - check_emergency_access_allowed()?; + check_emergency_access_enabled()?; let mut emergency_access = match EmergencyAccess::find_by_uuid(emer_id, &mut conn).await { Some(emer) => emer, @@ -523,7 +527,7 @@ async fn approve_emergency_access(emer_id: &str, headers: Headers, mut conn: DbC #[post("/emergency-access//reject")] async fn reject_emergency_access(emer_id: &str, headers: Headers, mut conn: DbConn) -> JsonResult { - check_emergency_access_allowed()?; + check_emergency_access_enabled()?; let mut emergency_access = match EmergencyAccess::find_by_uuid(emer_id, &mut conn).await { Some(emer) => emer, @@ -566,7 +570,7 @@ async fn reject_emergency_access(emer_id: &str, headers: Headers, mut conn: DbCo #[post("/emergency-access//view")] async fn view_emergency_access(emer_id: &str, headers: Headers, mut conn: DbConn) -> JsonResult { - check_emergency_access_allowed()?; + check_emergency_access_enabled()?; let emergency_access = match EmergencyAccess::find_by_uuid(emer_id, &mut conn).await { Some(emer) => emer, @@ -603,7 +607,7 @@ async fn view_emergency_access(emer_id: &str, headers: Headers, mut conn: DbConn #[post("/emergency-access//takeover")] async fn takeover_emergency_access(emer_id: &str, headers: Headers, mut conn: DbConn) -> JsonResult { - check_emergency_access_allowed()?; + check_emergency_access_enabled()?; let requesting_user = headers.user; let emergency_access = match EmergencyAccess::find_by_uuid(emer_id, &mut conn).await { @@ -646,7 +650,7 @@ async fn password_emergency_access( headers: Headers, mut conn: DbConn, ) -> EmptyResult { - check_emergency_access_allowed()?; + check_emergency_access_enabled()?; let data: EmergencyAccessPasswordData = data.into_inner().data; let new_master_password_hash = &data.NewMasterPasswordHash; @@ -723,9 +727,9 @@ fn is_valid_request( && emergency_access.atype == requested_access_type as i32 } -fn check_emergency_access_allowed() -> EmptyResult { +fn check_emergency_access_enabled() -> EmptyResult { if !CONFIG.emergency_access_allowed() { - err!("Emergency access is not allowed.") + err!("Emergency access is not enabled.") } Ok(()) } diff --git a/src/config.rs b/src/config.rs index 116adc98..ba897edd 100644 --- a/src/config.rs +++ b/src/config.rs @@ -480,7 +480,7 @@ make_config! { /// Invitation token expiration time (in hours) |> The number of hours after which an organization invite token, emergency access invite token, /// email verification token and deletion request token will expire (must be at least 1) invitation_expiration_hours: u32, false, def, 120; - /// Allow emergency access |> Controls whether users can enable emergency access to their accounts. This setting applies globally to all users. + /// Enable emergency access |> Controls whether users can enable emergency access to their accounts. This setting applies globally to all users. emergency_access_allowed: bool, true, def, true; /// Allow email change |> Controls whether users can change their email. This setting applies globally to all users. email_change_allowed: bool, true, def, true;