mirror of
				https://github.com/dani-garcia/vaultwarden.git
				synced 2025-10-26 07:50:02 +02:00 
			
		
		
		
	Fix managers and groups link
This PR should fix the managers and group link. Although i think there might be a cleaner sollution, there are a lot of other items to fix here which we should do in time. But for now, with theh group support already merged, this fix should at least help solving issue #2932. Fixes #2932
This commit is contained in:
		
							
								
								
									
										12
									
								
								src/auth.rs
									
									
									
									
									
								
							
							
						
						
									
										12
									
								
								src/auth.rs
									
									
									
									
									
								
							| @@ -266,7 +266,7 @@ use rocket::{ | ||||
| }; | ||||
|  | ||||
| use crate::db::{ | ||||
|     models::{CollectionUser, Device, User, UserOrgStatus, UserOrgType, UserOrganization, UserStampException}, | ||||
|     models::{Collection, Device, User, UserOrgStatus, UserOrgType, UserOrganization, UserStampException}, | ||||
|     DbConn, | ||||
| }; | ||||
|  | ||||
| @@ -558,17 +558,15 @@ impl<'r> FromRequest<'r> for ManagerHeaders { | ||||
|                         _ => err_handler!("Error getting DB"), | ||||
|                     }; | ||||
|  | ||||
|                     if !headers.org_user.has_full_access() { | ||||
|                         match CollectionUser::find_by_collection_and_user( | ||||
|                     if !headers.org_user.has_full_access() | ||||
|                         && !Collection::has_access_by_collection_and_user_uuid( | ||||
|                             &col_id, | ||||
|                             &headers.org_user.user_uuid, | ||||
|                             &mut conn, | ||||
|                         ) | ||||
|                         .await | ||||
|                         { | ||||
|                             Some(_) => (), | ||||
|                             None => err_handler!("The current user isn't a manager for this collection"), | ||||
|                         } | ||||
|                     { | ||||
|                         err_handler!("The current user isn't a manager for this collection") | ||||
|                     } | ||||
|                 } | ||||
|                 _ => err_handler!("Error getting the collection id"), | ||||
|   | ||||
| @@ -167,15 +167,15 @@ impl Collection { | ||||
|                     users_collections::user_uuid.eq(user_uuid.clone()) | ||||
|                 ) | ||||
|             )) | ||||
|             .left_join(users_organizations::table.on( | ||||
|             .inner_join(users_organizations::table.on( | ||||
|                 collections::org_uuid.eq(users_organizations::org_uuid).and( | ||||
|                     users_organizations::user_uuid.eq(user_uuid.clone()) | ||||
|                 ) | ||||
|             )) | ||||
|             .left_join(groups_users::table.on( | ||||
|             .inner_join(groups_users::table.on( | ||||
|                 groups_users::users_organizations_uuid.eq(users_organizations::uuid) | ||||
|             )) | ||||
|             .left_join(groups::table.on( | ||||
|             .inner_join(groups::table.on( | ||||
|                 groups::uuid.eq(groups_users::groups_uuid) | ||||
|             )) | ||||
|             .left_join(collections_groups::table.on( | ||||
| @@ -203,6 +203,17 @@ impl Collection { | ||||
|         }} | ||||
|     } | ||||
|  | ||||
|     // Check if a user has access to a specific collection | ||||
|     // FIXME: This needs to be reviewed. The query used by `find_by_user_uuid` could be adjusted to filter when needed. | ||||
|     //        For now this is a good solution without making to much changes. | ||||
|     pub async fn has_access_by_collection_and_user_uuid( | ||||
|         collection_uuid: &str, | ||||
|         user_uuid: &str, | ||||
|         conn: &mut DbConn, | ||||
|     ) -> bool { | ||||
|         Self::find_by_user_uuid(user_uuid.to_owned(), conn).await.into_iter().any(|c| c.uuid == collection_uuid) | ||||
|     } | ||||
|  | ||||
|     pub async fn find_by_organization_and_user_uuid(org_uuid: &str, user_uuid: &str, conn: &mut DbConn) -> Vec<Self> { | ||||
|         Self::find_by_user_uuid(user_uuid.to_owned(), conn) | ||||
|             .await | ||||
| @@ -241,16 +252,32 @@ impl Collection { | ||||
|                     users_collections::user_uuid.eq(user_uuid.clone()) | ||||
|                 ) | ||||
|             )) | ||||
|             .left_join(users_organizations::table.on( | ||||
|             .inner_join(users_organizations::table.on( | ||||
|                 collections::org_uuid.eq(users_organizations::org_uuid).and( | ||||
|                     users_organizations::user_uuid.eq(user_uuid) | ||||
|                 ) | ||||
|             )) | ||||
|             .inner_join(groups_users::table.on( | ||||
|                 groups_users::users_organizations_uuid.eq(users_organizations::uuid) | ||||
|             )) | ||||
|             .inner_join(groups::table.on( | ||||
|                 groups::uuid.eq(groups_users::groups_uuid) | ||||
|             )) | ||||
|             .left_join(collections_groups::table.on( | ||||
|                 collections_groups::groups_uuid.eq(groups_users::groups_uuid).and( | ||||
|                     collections_groups::collections_uuid.eq(collections::uuid) | ||||
|                 ) | ||||
|             )) | ||||
|             .filter(collections::uuid.eq(uuid)) | ||||
|             .filter( | ||||
|                 users_collections::collection_uuid.eq(uuid).or( // Directly accessed collection | ||||
|                     users_organizations::access_all.eq(true).or( // access_all in Organization | ||||
|                         users_organizations::atype.le(UserOrgType::Admin as i32) // Org admin or owner | ||||
|                 )).or( | ||||
|                     groups::access_all.eq(true) // access_all in groups | ||||
|                 ).or( // access via groups | ||||
|                     groups_users::users_organizations_uuid.eq(users_organizations::uuid).and( | ||||
|                         collections_groups::collections_uuid.is_not_null() | ||||
|                     ) | ||||
|                 ) | ||||
|             ).select(collections::all_columns) | ||||
|   | ||||
		Reference in New Issue
	
	Block a user