mirror of
				https://github.com/dani-garcia/vaultwarden.git
				synced 2025-10-26 07:50:02 +02:00 
			
		
		
		
	Fix managers and groups link
This PR should fix the managers and group link. Although i think there might be a cleaner sollution, there are a lot of other items to fix here which we should do in time. But for now, with theh group support already merged, this fix should at least help solving issue #2932. Fixes #2932
This commit is contained in:
		
							
								
								
									
										12
									
								
								src/auth.rs
									
									
									
									
									
								
							
							
						
						
									
										12
									
								
								src/auth.rs
									
									
									
									
									
								
							| @@ -266,7 +266,7 @@ use rocket::{ | |||||||
| }; | }; | ||||||
|  |  | ||||||
| use crate::db::{ | use crate::db::{ | ||||||
|     models::{CollectionUser, Device, User, UserOrgStatus, UserOrgType, UserOrganization, UserStampException}, |     models::{Collection, Device, User, UserOrgStatus, UserOrgType, UserOrganization, UserStampException}, | ||||||
|     DbConn, |     DbConn, | ||||||
| }; | }; | ||||||
|  |  | ||||||
| @@ -558,17 +558,15 @@ impl<'r> FromRequest<'r> for ManagerHeaders { | |||||||
|                         _ => err_handler!("Error getting DB"), |                         _ => err_handler!("Error getting DB"), | ||||||
|                     }; |                     }; | ||||||
|  |  | ||||||
|                     if !headers.org_user.has_full_access() { |                     if !headers.org_user.has_full_access() | ||||||
|                         match CollectionUser::find_by_collection_and_user( |                         && !Collection::has_access_by_collection_and_user_uuid( | ||||||
|                             &col_id, |                             &col_id, | ||||||
|                             &headers.org_user.user_uuid, |                             &headers.org_user.user_uuid, | ||||||
|                             &mut conn, |                             &mut conn, | ||||||
|                         ) |                         ) | ||||||
|                         .await |                         .await | ||||||
|                         { |                     { | ||||||
|                             Some(_) => (), |                         err_handler!("The current user isn't a manager for this collection") | ||||||
|                             None => err_handler!("The current user isn't a manager for this collection"), |  | ||||||
|                         } |  | ||||||
|                     } |                     } | ||||||
|                 } |                 } | ||||||
|                 _ => err_handler!("Error getting the collection id"), |                 _ => err_handler!("Error getting the collection id"), | ||||||
|   | |||||||
| @@ -167,15 +167,15 @@ impl Collection { | |||||||
|                     users_collections::user_uuid.eq(user_uuid.clone()) |                     users_collections::user_uuid.eq(user_uuid.clone()) | ||||||
|                 ) |                 ) | ||||||
|             )) |             )) | ||||||
|             .left_join(users_organizations::table.on( |             .inner_join(users_organizations::table.on( | ||||||
|                 collections::org_uuid.eq(users_organizations::org_uuid).and( |                 collections::org_uuid.eq(users_organizations::org_uuid).and( | ||||||
|                     users_organizations::user_uuid.eq(user_uuid.clone()) |                     users_organizations::user_uuid.eq(user_uuid.clone()) | ||||||
|                 ) |                 ) | ||||||
|             )) |             )) | ||||||
|             .left_join(groups_users::table.on( |             .inner_join(groups_users::table.on( | ||||||
|                 groups_users::users_organizations_uuid.eq(users_organizations::uuid) |                 groups_users::users_organizations_uuid.eq(users_organizations::uuid) | ||||||
|             )) |             )) | ||||||
|             .left_join(groups::table.on( |             .inner_join(groups::table.on( | ||||||
|                 groups::uuid.eq(groups_users::groups_uuid) |                 groups::uuid.eq(groups_users::groups_uuid) | ||||||
|             )) |             )) | ||||||
|             .left_join(collections_groups::table.on( |             .left_join(collections_groups::table.on( | ||||||
| @@ -203,6 +203,17 @@ impl Collection { | |||||||
|         }} |         }} | ||||||
|     } |     } | ||||||
|  |  | ||||||
|  |     // Check if a user has access to a specific collection | ||||||
|  |     // FIXME: This needs to be reviewed. The query used by `find_by_user_uuid` could be adjusted to filter when needed. | ||||||
|  |     //        For now this is a good solution without making to much changes. | ||||||
|  |     pub async fn has_access_by_collection_and_user_uuid( | ||||||
|  |         collection_uuid: &str, | ||||||
|  |         user_uuid: &str, | ||||||
|  |         conn: &mut DbConn, | ||||||
|  |     ) -> bool { | ||||||
|  |         Self::find_by_user_uuid(user_uuid.to_owned(), conn).await.into_iter().any(|c| c.uuid == collection_uuid) | ||||||
|  |     } | ||||||
|  |  | ||||||
|     pub async fn find_by_organization_and_user_uuid(org_uuid: &str, user_uuid: &str, conn: &mut DbConn) -> Vec<Self> { |     pub async fn find_by_organization_and_user_uuid(org_uuid: &str, user_uuid: &str, conn: &mut DbConn) -> Vec<Self> { | ||||||
|         Self::find_by_user_uuid(user_uuid.to_owned(), conn) |         Self::find_by_user_uuid(user_uuid.to_owned(), conn) | ||||||
|             .await |             .await | ||||||
| @@ -241,16 +252,32 @@ impl Collection { | |||||||
|                     users_collections::user_uuid.eq(user_uuid.clone()) |                     users_collections::user_uuid.eq(user_uuid.clone()) | ||||||
|                 ) |                 ) | ||||||
|             )) |             )) | ||||||
|             .left_join(users_organizations::table.on( |             .inner_join(users_organizations::table.on( | ||||||
|                 collections::org_uuid.eq(users_organizations::org_uuid).and( |                 collections::org_uuid.eq(users_organizations::org_uuid).and( | ||||||
|                     users_organizations::user_uuid.eq(user_uuid) |                     users_organizations::user_uuid.eq(user_uuid) | ||||||
|                 ) |                 ) | ||||||
|             )) |             )) | ||||||
|  |             .inner_join(groups_users::table.on( | ||||||
|  |                 groups_users::users_organizations_uuid.eq(users_organizations::uuid) | ||||||
|  |             )) | ||||||
|  |             .inner_join(groups::table.on( | ||||||
|  |                 groups::uuid.eq(groups_users::groups_uuid) | ||||||
|  |             )) | ||||||
|  |             .left_join(collections_groups::table.on( | ||||||
|  |                 collections_groups::groups_uuid.eq(groups_users::groups_uuid).and( | ||||||
|  |                     collections_groups::collections_uuid.eq(collections::uuid) | ||||||
|  |                 ) | ||||||
|  |             )) | ||||||
|             .filter(collections::uuid.eq(uuid)) |             .filter(collections::uuid.eq(uuid)) | ||||||
|             .filter( |             .filter( | ||||||
|                 users_collections::collection_uuid.eq(uuid).or( // Directly accessed collection |                 users_collections::collection_uuid.eq(uuid).or( // Directly accessed collection | ||||||
|                     users_organizations::access_all.eq(true).or( // access_all in Organization |                     users_organizations::access_all.eq(true).or( // access_all in Organization | ||||||
|                         users_organizations::atype.le(UserOrgType::Admin as i32) // Org admin or owner |                         users_organizations::atype.le(UserOrgType::Admin as i32) // Org admin or owner | ||||||
|  |                 )).or( | ||||||
|  |                     groups::access_all.eq(true) // access_all in groups | ||||||
|  |                 ).or( // access via groups | ||||||
|  |                     groups_users::users_organizations_uuid.eq(users_organizations::uuid).and( | ||||||
|  |                         collections_groups::collections_uuid.is_not_null() | ||||||
|                     ) |                     ) | ||||||
|                 ) |                 ) | ||||||
|             ).select(collections::all_columns) |             ).select(collections::all_columns) | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user