mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2025-09-13 03:55:58 +03:00
Add per-user folder-cipher mapping
This commit is contained in:
Miroslav Prasil
@@ -3,19 +3,19 @@ use serde_json::Value as JsonValue;
|
||||
|
||||
use uuid::Uuid;
|
||||
|
||||
use super::User;
|
||||
use super::{User, Organization, UserOrganization, FolderCipher};
|
||||
|
||||
#[derive(Debug, Identifiable, Queryable, Insertable, Associations)]
|
||||
#[table_name = "ciphers"]
|
||||
#[belongs_to(User, foreign_key = "user_uuid")]
|
||||
#[belongs_to(Organization, foreign_key = "organization_uuid")]
|
||||
#[primary_key(uuid)]
|
||||
pub struct Cipher {
|
||||
pub uuid: String,
|
||||
pub created_at: NaiveDateTime,
|
||||
pub updated_at: NaiveDateTime,
|
||||
|
||||
pub user_uuid: String,
|
||||
pub folder_uuid: Option<String>,
|
||||
pub user_uuid: Option<String>,
|
||||
pub organization_uuid: Option<String>,
|
||||
|
||||
/*
|
||||
@@ -36,7 +36,7 @@ pub struct Cipher {
|
||||
|
||||
/// Local methods
|
||||
impl Cipher {
|
||||
pub fn new(user_uuid: String, type_: i32, name: String, favorite: bool) -> Self {
|
||||
pub fn new(user_uuid: Option<String>, organization_uuid: Option<String>, type_: i32, name: String, favorite: bool) -> Self {
|
||||
let now = Utc::now().naive_utc();
|
||||
|
||||
Self {
|
||||
@@ -45,8 +45,7 @@ impl Cipher {
|
||||
updated_at: now,
|
||||
|
||||
user_uuid,
|
||||
folder_uuid: None,
|
||||
organization_uuid: None,
|
||||
organization_uuid,
|
||||
|
||||
type_,
|
||||
favorite,
|
||||
@@ -63,11 +62,11 @@ impl Cipher {
|
||||
use diesel;
|
||||
use diesel::prelude::*;
|
||||
use db::DbConn;
|
||||
use db::schema::ciphers;
|
||||
use db::schema::*;
|
||||
|
||||
/// Database methods
|
||||
impl Cipher {
|
||||
pub fn to_json(&self, host: &str, conn: &DbConn) -> JsonValue {
|
||||
pub fn to_json(&self, host: &str, user_uuid: &str, conn: &DbConn) -> JsonValue {
|
||||
use serde_json;
|
||||
use util::format_date;
|
||||
use super::Attachment;
|
||||
@@ -94,7 +93,7 @@ impl Cipher {
|
||||
"Id": self.uuid,
|
||||
"Type": self.type_,
|
||||
"RevisionDate": format_date(&self.updated_at),
|
||||
"FolderId": self.folder_uuid,
|
||||
"FolderId": self.get_folder_uuid(&user_uuid, &conn),
|
||||
"Favorite": self.favorite,
|
||||
"OrganizationId": self.organization_uuid,
|
||||
"Attachments": attachments_json,
|
||||
@@ -142,6 +141,84 @@ impl Cipher {
|
||||
}
|
||||
}
|
||||
|
||||
pub fn move_to_folder(&self, folder_uuid: Option<String>, user_uuid: &str, conn: &DbConn) -> Result<(), &str> {
|
||||
match self.get_folder_uuid(&user_uuid, &conn) {
|
||||
None => {
|
||||
match folder_uuid {
|
||||
Some(new_folder) => {
|
||||
let folder_cipher = FolderCipher::new(&new_folder, &self.uuid);
|
||||
folder_cipher.save(&conn).or(Err("Couldn't save folder setting"))
|
||||
},
|
||||
None => Ok(()) //nothing to do
|
||||
}
|
||||
},
|
||||
Some(current_folder) => {
|
||||
match folder_uuid {
|
||||
Some(new_folder) => {
|
||||
if current_folder == new_folder {
|
||||
Ok(()) //nothing to do
|
||||
} else {
|
||||
match FolderCipher::find_by_folder_and_cipher(¤t_folder, &self.uuid, &conn) {
|
||||
Some(current_folder) => {
|
||||
current_folder.delete(&conn).or(Err("Failed removing old folder mapping"))
|
||||
},
|
||||
None => Ok(()) // Weird, but nothing to do
|
||||
};
|
||||
|
||||
FolderCipher::new(&new_folder, &self.uuid)
|
||||
.save(&conn).or(Err("Couldn't save folder setting"))
|
||||
}
|
||||
},
|
||||
None => {
|
||||
match FolderCipher::find_by_folder_and_cipher(¤t_folder, &self.uuid, &conn) {
|
||||
Some(current_folder) => {
|
||||
current_folder.delete(&conn).or(Err("Failed removing old folder mapping"))
|
||||
},
|
||||
None => Err("Couldn't move from previous folder")
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
pub fn is_write_accessible_to_user(&self, user_uuid: &str, conn: &DbConn) -> bool {
|
||||
match ciphers::table
|
||||
.filter(ciphers::user_uuid.eq(user_uuid))
|
||||
.filter(ciphers::uuid.eq(&self.uuid))
|
||||
.first::<Self>(&**conn).ok() {
|
||||
Some(_) => true, // cipher directly owned by user
|
||||
None =>{
|
||||
match self.organization_uuid {
|
||||
Some(ref org_uuid) => {
|
||||
match users_organizations::table
|
||||
.filter(users_organizations::org_uuid.eq(org_uuid))
|
||||
.filter(users_organizations::user_uuid.eq(user_uuid))
|
||||
.filter(users_organizations::access_all.eq(true))
|
||||
.first::<UserOrganization>(&**conn).ok() {
|
||||
Some(_) => true,
|
||||
None => false //TODO R/W access on collection
|
||||
}
|
||||
},
|
||||
None => false // cipher not in organization and not owned by user
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
pub fn is_accessible_to_user(&self, user_uuid: &str, conn: &DbConn) -> bool {
|
||||
// TODO also check for read-only access
|
||||
self.is_write_accessible_to_user(user_uuid, conn)
|
||||
}
|
||||
|
||||
pub fn get_folder_uuid(&self, user_uuid: &str, conn: &DbConn) -> Option<String> {
|
||||
folders_ciphers::table.inner_join(folders::table)
|
||||
.filter(folders::user_uuid.eq(&user_uuid))
|
||||
.filter(folders_ciphers::cipher_uuid.eq(&self.uuid))
|
||||
.select(folders_ciphers::folder_uuid)
|
||||
.first::<String>(&**conn).ok()
|
||||
}
|
||||
|
||||
pub fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option<Self> {
|
||||
ciphers::table
|
||||
.filter(ciphers::uuid.eq(uuid))
|
||||
@@ -161,8 +238,9 @@ impl Cipher {
|
||||
}
|
||||
|
||||
pub fn find_by_folder(folder_uuid: &str, conn: &DbConn) -> Vec<Self> {
|
||||
ciphers::table
|
||||
.filter(ciphers::folder_uuid.eq(folder_uuid))
|
||||
folders_ciphers::table.inner_join(ciphers::table)
|
||||
.filter(folders_ciphers::folder_uuid.eq(folder_uuid))
|
||||
.select(ciphers::all_columns)
|
||||
.load::<Self>(&**conn).expect("Error loading ciphers")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -66,11 +66,19 @@ impl Collection {
|
||||
.first::<Self>(&**conn).ok()
|
||||
}
|
||||
|
||||
pub fn find_by_user_uuid(user_uuid: &str, conn: &DbConn) -> Vec<Self> {
|
||||
pub fn find_by_user_uuid(user_uuid: &str, conn: &DbConn) -> Option<Vec<Self>> {
|
||||
users_collections::table.inner_join(collections::table)
|
||||
.filter(users_collections::user_uuid.eq(user_uuid))
|
||||
.select(collections::all_columns)
|
||||
.load::<Self>(&**conn).expect("Error loading user collections")
|
||||
.load::<Self>(&**conn).ok()
|
||||
}
|
||||
|
||||
pub fn find_by_organization_and_user_uuid(org_uuid: &str, user_uuid: &str, conn: &DbConn) -> Option<Vec<Self>> {
|
||||
users_collections::table.inner_join(collections::table)
|
||||
.filter(users_collections::user_uuid.eq(user_uuid))
|
||||
.filter(collections::org_uuid.eq(org_uuid))
|
||||
.select(collections::all_columns)
|
||||
.load::<Self>(&**conn).ok()
|
||||
}
|
||||
|
||||
pub fn find_by_uuid_and_user(uuid: &str, user_uuid: &str, conn: &DbConn) -> Option<Self> {
|
||||
|
||||
@@ -3,7 +3,7 @@ use serde_json::Value as JsonValue;
|
||||
|
||||
use uuid::Uuid;
|
||||
|
||||
use super::User;
|
||||
use super::{User, Cipher};
|
||||
|
||||
#[derive(Debug, Identifiable, Queryable, Insertable, Associations)]
|
||||
#[table_name = "folders"]
|
||||
@@ -17,6 +17,16 @@ pub struct Folder {
|
||||
pub name: String,
|
||||
}
|
||||
|
||||
#[derive(Debug, Identifiable, Queryable, Insertable, Associations)]
|
||||
#[table_name = "folders_ciphers"]
|
||||
#[belongs_to(Cipher, foreign_key = "cipher_uuid")]
|
||||
#[belongs_to(Folder, foreign_key = "folder_uuid")]
|
||||
#[primary_key(cipher_uuid, folder_uuid)]
|
||||
pub struct FolderCipher {
|
||||
pub cipher_uuid: String,
|
||||
pub folder_uuid: String,
|
||||
}
|
||||
|
||||
/// Local methods
|
||||
impl Folder {
|
||||
pub fn new(user_uuid: String, name: String) -> Self {
|
||||
@@ -44,10 +54,19 @@ impl Folder {
|
||||
}
|
||||
}
|
||||
|
||||
impl FolderCipher {
|
||||
pub fn new(cipher_uuid: &str, folder_uuid: &str) -> Self {
|
||||
Self {
|
||||
cipher_uuid: cipher_uuid.to_string(),
|
||||
folder_uuid: folder_uuid.to_string(),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
use diesel;
|
||||
use diesel::prelude::*;
|
||||
use db::DbConn;
|
||||
use db::schema::folders;
|
||||
use db::schema::{folders, folders_ciphers};
|
||||
|
||||
/// Database methods
|
||||
impl Folder {
|
||||
@@ -83,3 +102,25 @@ impl Folder {
|
||||
.load::<Self>(&**conn).expect("Error loading folders")
|
||||
}
|
||||
}
|
||||
|
||||
impl FolderCipher {
|
||||
pub fn save(&self, conn: &DbConn) -> QueryResult<()> {
|
||||
diesel::replace_into(folders_ciphers::table)
|
||||
.values(&*self)
|
||||
.execute(&**conn).and(Ok(()))
|
||||
}
|
||||
|
||||
pub fn delete(self, conn: &DbConn) -> QueryResult<()> {
|
||||
diesel::delete(folders_ciphers::table
|
||||
.filter(folders_ciphers::cipher_uuid.eq(self.cipher_uuid))
|
||||
.filter(folders_ciphers::folder_uuid.eq(self.folder_uuid))
|
||||
).execute(&**conn).and(Ok(()))
|
||||
}
|
||||
|
||||
pub fn find_by_folder_and_cipher(folder_uuid: &str, cipher_uuid: &str, conn: &DbConn) -> Option<Self> {
|
||||
folders_ciphers::table
|
||||
.filter(folders_ciphers::folder_uuid.eq(folder_uuid))
|
||||
.filter(folders_ciphers::cipher_uuid.eq(cipher_uuid))
|
||||
.first::<Self>(&**conn).ok()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ mod organization;
|
||||
pub use self::attachment::Attachment;
|
||||
pub use self::cipher::Cipher;
|
||||
pub use self::device::Device;
|
||||
pub use self::folder::Folder;
|
||||
pub use self::folder::{Folder, FolderCipher};
|
||||
pub use self::user::User;
|
||||
pub use self::organization::Organization;
|
||||
pub use self::organization::{UserOrganization, UserOrgStatus, UserOrgType};
|
||||
|
||||
@@ -222,10 +222,10 @@ impl UserOrganization {
|
||||
.first::<Self>(&**conn).ok()
|
||||
}
|
||||
|
||||
pub fn find_by_user(user_uuid: &str, conn: &DbConn) -> Vec<Self> {
|
||||
pub fn find_by_user(user_uuid: &str, conn: &DbConn) -> Option<Vec<Self>> {
|
||||
users_organizations::table
|
||||
.filter(users_organizations::user_uuid.eq(user_uuid))
|
||||
.load::<Self>(&**conn).expect("Error loading user organizations")
|
||||
.load::<Self>(&**conn).ok()
|
||||
}
|
||||
|
||||
pub fn find_by_org(org_uuid: &str, conn: &DbConn) -> Vec<Self> {
|
||||
|
||||
@@ -128,7 +128,7 @@ impl User {
|
||||
pub fn to_json(&self, conn: &DbConn) -> JsonValue {
|
||||
use super::UserOrganization;
|
||||
|
||||
let orgs = UserOrganization::find_by_user(&self.uuid, conn);
|
||||
let orgs = UserOrganization::find_by_user(&self.uuid, conn).unwrap_or(vec![]);
|
||||
let orgs_json: Vec<JsonValue> = orgs.iter().map(|c| c.to_json(&conn)).collect();
|
||||
|
||||
json!({
|
||||
|
||||
@@ -12,8 +12,7 @@ table! {
|
||||
uuid -> Text,
|
||||
created_at -> Timestamp,
|
||||
updated_at -> Timestamp,
|
||||
user_uuid -> Text,
|
||||
folder_uuid -> Nullable<Text>,
|
||||
user_uuid -> Nullable<Text>,
|
||||
organization_uuid -> Nullable<Text>,
|
||||
#[sql_name = "type"]
|
||||
type_ -> Integer,
|
||||
@@ -107,8 +106,14 @@ table! {
|
||||
}
|
||||
}
|
||||
|
||||
table! {
|
||||
folders_ciphers (cipher_uuid, folder_uuid) {
|
||||
cipher_uuid -> Text,
|
||||
folder_uuid -> Text,
|
||||
}
|
||||
}
|
||||
|
||||
joinable!(attachments -> ciphers (cipher_uuid));
|
||||
joinable!(ciphers -> folders (folder_uuid));
|
||||
joinable!(ciphers -> users (user_uuid));
|
||||
joinable!(collections -> organizations (org_uuid));
|
||||
joinable!(devices -> users (user_uuid));
|
||||
@@ -117,6 +122,8 @@ joinable!(users_collections -> collections (collection_uuid));
|
||||
joinable!(users_collections -> users (user_uuid));
|
||||
joinable!(users_organizations -> organizations (org_uuid));
|
||||
joinable!(users_organizations -> users (user_uuid));
|
||||
joinable!(folders_ciphers -> ciphers (cipher_uuid));
|
||||
joinable!(folders_ciphers -> folders (folder_uuid));
|
||||
|
||||
allow_tables_to_appear_in_same_query!(
|
||||
attachments,
|
||||
@@ -128,4 +135,5 @@ allow_tables_to_appear_in_same_query!(
|
||||
users,
|
||||
users_collections,
|
||||
users_organizations,
|
||||
folders_ciphers,
|
||||
);
|
||||
|
||||
Reference in New Issue
Block a user