mirror of
				https://github.com/dani-garcia/vaultwarden.git
				synced 2025-10-26 07:50:02 +02:00 
			
		
		
		
	add endpoint to bulk delete collections
This commit is contained in:
		| @@ -39,6 +39,7 @@ pub fn routes() -> Vec<Route> { | ||||
|         put_organization_collection_update, | ||||
|         delete_organization_collection, | ||||
|         post_organization_collection_delete, | ||||
|         bulk_delete_organization_collections, | ||||
|         get_org_details, | ||||
|         get_org_users, | ||||
|         send_invite, | ||||
| @@ -538,6 +539,34 @@ async fn post_organization_collection_delete_user( | ||||
|     delete_organization_collection_user(org_id, col_id, org_user_id, headers, conn).await | ||||
| } | ||||
|  | ||||
| async fn _delete_organization_collection( | ||||
|     org_id: &str, | ||||
|     col_id: &str, | ||||
|     headers: &ManagerHeaders, | ||||
|     conn: &mut DbConn, | ||||
| ) -> EmptyResult { | ||||
|     match Collection::find_by_uuid(col_id, conn).await { | ||||
|         None => err!("Collection not found"), | ||||
|         Some(collection) => { | ||||
|             if collection.org_uuid == org_id { | ||||
|                 log_event( | ||||
|                     EventType::CollectionDeleted as i32, | ||||
|                     &collection.uuid, | ||||
|                     org_id.to_string(), | ||||
|                     headers.user.uuid.clone(), | ||||
|                     headers.device.atype, | ||||
|                     &headers.ip.ip, | ||||
|                     conn, | ||||
|                 ) | ||||
|                 .await; | ||||
|                 collection.delete(conn).await | ||||
|             } else { | ||||
|                 err!("Collection and Organization id do not match") | ||||
|             } | ||||
|         } | ||||
|     } | ||||
| } | ||||
|  | ||||
| #[delete("/organizations/<org_id>/collections/<col_id>")] | ||||
| async fn delete_organization_collection( | ||||
|     org_id: String, | ||||
| @@ -545,26 +574,7 @@ async fn delete_organization_collection( | ||||
|     headers: ManagerHeaders, | ||||
|     mut conn: DbConn, | ||||
| ) -> EmptyResult { | ||||
|     match Collection::find_by_uuid(&col_id, &mut conn).await { | ||||
|         None => err!("Collection not found"), | ||||
|         Some(collection) => { | ||||
|             if collection.org_uuid == org_id { | ||||
|                 log_event( | ||||
|                     EventType::CollectionDeleted as i32, | ||||
|                     &collection.uuid, | ||||
|                     org_id, | ||||
|                     headers.user.uuid.clone(), | ||||
|                     headers.device.atype, | ||||
|                     &headers.ip.ip, | ||||
|                     &mut conn, | ||||
|                 ) | ||||
|                 .await; | ||||
|                 collection.delete(&mut conn).await | ||||
|             } else { | ||||
|                 err!("Collection and Organization id do not match") | ||||
|             } | ||||
|         } | ||||
|     } | ||||
|     _delete_organization_collection(&org_id, &col_id, &headers, &mut conn).await | ||||
| } | ||||
|  | ||||
| #[derive(Deserialize, Debug)] | ||||
| @@ -580,9 +590,36 @@ async fn post_organization_collection_delete( | ||||
|     col_id: String, | ||||
|     headers: ManagerHeaders, | ||||
|     _data: JsonUpcase<DeleteCollectionData>, | ||||
|     conn: DbConn, | ||||
|     mut conn: DbConn, | ||||
| ) -> EmptyResult { | ||||
|     delete_organization_collection(org_id, col_id, headers, conn).await | ||||
|     _delete_organization_collection(&org_id, &col_id, &headers, &mut conn).await | ||||
| } | ||||
|  | ||||
| #[derive(Deserialize, Debug)] | ||||
| #[allow(non_snake_case)] | ||||
| struct BulkCollectionIds { | ||||
|     Ids: Vec<String>, | ||||
|     OrganizationId: String, | ||||
| } | ||||
|  | ||||
| #[delete("/organizations/<org_id>/collections", data = "<data>")] | ||||
| async fn bulk_delete_organization_collections( | ||||
|     org_id: &str, | ||||
|     headers: ManagerHeadersLoose, | ||||
|     data: JsonUpcase<BulkCollectionIds>, | ||||
|     mut conn: DbConn, | ||||
| ) -> EmptyResult { | ||||
|     let data: BulkCollectionIds = data.into_inner().data; | ||||
|     assert!(org_id == data.OrganizationId); | ||||
|  | ||||
|     let collections = data.Ids; | ||||
|  | ||||
|     let headers = ManagerHeaders::from_loose(headers, &collections, &mut conn).await?; | ||||
|  | ||||
|     for col_id in collections { | ||||
|         _delete_organization_collection(org_id, &col_id, &headers, &mut conn).await? | ||||
|     } | ||||
|     Ok(()) | ||||
| } | ||||
|  | ||||
| #[get("/organizations/<org_id>/collections/<coll_id>/details")] | ||||
|   | ||||
							
								
								
									
										40
									
								
								src/auth.rs
									
									
									
									
									
								
							
							
						
						
									
										40
									
								
								src/auth.rs
									
									
									
									
									
								
							| @@ -598,14 +598,7 @@ impl<'r> FromRequest<'r> for ManagerHeaders { | ||||
|                         _ => err_handler!("Error getting DB"), | ||||
|                     }; | ||||
|  | ||||
|                     if !headers.org_user.has_full_access() | ||||
|                         && !Collection::has_access_by_collection_and_user_uuid( | ||||
|                             &col_id, | ||||
|                             &headers.org_user.user_uuid, | ||||
|                             &mut conn, | ||||
|                         ) | ||||
|                         .await | ||||
|                     { | ||||
|                     if !can_access_collection(&headers.org_user, &col_id, &mut conn).await { | ||||
|                         err_handler!("The current user isn't a manager for this collection") | ||||
|                     } | ||||
|                 } | ||||
| @@ -642,6 +635,7 @@ pub struct ManagerHeadersLoose { | ||||
|     pub host: String, | ||||
|     pub device: Device, | ||||
|     pub user: User, | ||||
|     pub org_user: UserOrganization, | ||||
|     pub org_user_type: UserOrgType, | ||||
|     pub ip: ClientIp, | ||||
| } | ||||
| @@ -657,6 +651,7 @@ impl<'r> FromRequest<'r> for ManagerHeadersLoose { | ||||
|                 host: headers.host, | ||||
|                 device: headers.device, | ||||
|                 user: headers.user, | ||||
|                 org_user: headers.org_user, | ||||
|                 org_user_type: headers.org_user_type, | ||||
|                 ip: headers.ip, | ||||
|             }) | ||||
| @@ -676,6 +671,35 @@ impl From<ManagerHeadersLoose> for Headers { | ||||
|         } | ||||
|     } | ||||
| } | ||||
| async fn can_access_collection(org_user: &UserOrganization, col_id: &str, conn: &mut DbConn) -> bool { | ||||
|     org_user.has_full_access() | ||||
|         || Collection::has_access_by_collection_and_user_uuid(col_id, &org_user.user_uuid, conn).await | ||||
| } | ||||
|  | ||||
| impl ManagerHeaders { | ||||
|     pub async fn from_loose( | ||||
|         h: ManagerHeadersLoose, | ||||
|         collections: &Vec<String>, | ||||
|         conn: &mut DbConn, | ||||
|     ) -> Result<ManagerHeaders, Error> { | ||||
|         for col_id in collections { | ||||
|             if uuid::Uuid::parse_str(col_id).is_err() { | ||||
|                 err!("Collection Id is malformed!"); | ||||
|             } | ||||
|             if !can_access_collection(&h.org_user, col_id, conn).await { | ||||
|                 err!("You don't have access to all collections!"); | ||||
|             } | ||||
|         } | ||||
|  | ||||
|         Ok(ManagerHeaders { | ||||
|             host: h.host, | ||||
|             device: h.device, | ||||
|             user: h.user, | ||||
|             org_user_type: h.org_user_type, | ||||
|             ip: h.ip, | ||||
|         }) | ||||
|     } | ||||
| } | ||||
|  | ||||
| pub struct OwnerHeaders { | ||||
|     pub host: String, | ||||
|   | ||||
		Reference in New Issue
	
	Block a user