diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index 6792fb86..775d3ae9 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -321,14 +321,10 @@ async fn get_org_collections_details(org_id: &str, headers: ManagerHeadersLoose, }; let coll_users = CollectionUser::find_by_organization(org_id, &mut conn).await; - // uuids of users in groups having access to all collections - let has_full_access_via_group = if CONFIG.org_groups_enabled() { - GroupUser::get_members_of_full_access_groups(org_id, &mut conn).await - } else { - vec![] - }; - let has_full_access = user_org.access_all || has_full_access_via_group.contains(&user_org.uuid); + let has_full_access_via_group = + CONFIG.org_groups_enabled() && GroupUser::has_full_access_by_member(org_id, &user_org.uuid, &mut conn).await; + let has_full_access = user_org.access_all || has_full_access_via_group; for col in Collection::find_by_organization(org_id, &mut conn).await { let groups: Vec = if CONFIG.org_groups_enabled() { @@ -359,12 +355,10 @@ async fn get_org_collections_details(org_id: &str, headers: ManagerHeadersLoose, }) .collect(); - // if the current user is not assigned and groups are enabled, - // check if they have access to the given collection via a group - if !assigned && CONFIG.org_groups_enabled() - { - assigned = GroupUser::get_group_members_for_collection(&col.uuid, &mut conn).await.contains(&user_org.uuid); - } + // check if the current user has access to the given collection via a group + if !assigned && CONFIG.org_groups_enabled() { + assigned = GroupUser::has_access_to_collection_by_member(&col.uuid, &user_org.uuid, &mut conn).await; + } let mut json_object = col.to_json(); json_object["Assigned"] = json!(assigned); diff --git a/src/db/models/group.rs b/src/db/models/group.rs index 01e8911c..e50853e2 100644 --- a/src/db/models/group.rs +++ b/src/db/models/group.rs @@ -486,23 +486,25 @@ impl GroupUser { }} } - pub async fn get_group_members_for_collection(collection_uuid: &str, conn: &mut DbConn) -> Vec { + pub async fn has_access_to_collection_by_member( + collection_uuid: &str, + member_uuid: &str, + conn: &mut DbConn, + ) -> bool { db_run! { conn: { groups_users::table .inner_join(collections_groups::table.on( collections_groups::groups_uuid.eq(groups_users::groups_uuid) )) .filter(collections_groups::collections_uuid.eq(collection_uuid)) - .select(groups_users::users_organizations_uuid) - .distinct() - .load::(conn) - .expect("Error loading group users for collection") + .filter(groups_users::users_organizations_uuid.eq(member_uuid)) + .count() + .first::(conn) + .unwrap_or(0) != 0 }} - .into_iter() - .collect() } - pub async fn get_members_of_full_access_groups(org_uuid: &str, conn: &mut DbConn) -> Vec { + pub async fn has_full_access_by_member(org_uuid: &str, member_uuid: &str, conn: &mut DbConn) -> bool { db_run! { conn: { groups_users::table .inner_join(groups::table.on( @@ -510,13 +512,11 @@ impl GroupUser { )) .filter(groups::organizations_uuid.eq(org_uuid)) .filter(groups::access_all.eq(true)) - .select(groups_users::users_organizations_uuid) - .distinct() - .load::(conn) - .expect("Error loading all access group users for organization") + .filter(groups_users::users_organizations_uuid.eq(member_uuid)) + .count() + .first::(conn) + .unwrap_or(0) != 0 }} - .into_iter() - .collect() } pub async fn update_user_revision(&self, conn: &mut DbConn) {