Fix the web-vault v2023.2.0 API calls

- Supports the new Collection/Group/User editing UI's - Support `/partial` endpoint for cipher updating to allow folder and favorite update for read-only ciphers. - Prevent `Favorite`, `Folder`, `read-only` and `hide-passwords` from being added to the organizational sync. - Added and corrected some `Object` key's to the output json. Fixes #3279
2025-09-10 10:45:57 +03:00 · 2023-02-27 16:37:58 +01:00
parent af6d17b701
commit 7ec00d3850
10 changed files with 396 additions and 95 deletions
--- a/src/db/models/organization.rs
+++ b/src/db/models/organization.rs
@@ -326,7 +326,7 @@ impl UserOrganization {
            // TODO: Add support for Custom User Roles
            // See: https://bitwarden.com/help/article/user-types-access-control/#custom-role
            // "Permissions": {
-            //     "AccessEventLogs": false, // Not supported
+            //     "AccessEventLogs": false,
            //     "AccessImportExport": false,
            //     "AccessReports": false,
            //     "ManageAllCollections": false,
@@ -337,9 +337,9 @@ impl UserOrganization {
            //     "editAssignedCollections": false,
            //     "deleteAssignedCollections": false,
            //     "ManageCiphers": false,
-            //     "ManageGroups": false, // Not supported
+            //     "ManageGroups": false,
            //     "ManagePolicies": false,
-            //     "ManageResetPassword": false, // Not supported
+            //     "ManageResetPassword": false,
            //     "ManageSso": false, // Not supported
            //     "ManageUsers": false,
            //     "ManageScim": false, // Not supported (Not AGPLv3 Licensed)
@@ -358,7 +358,12 @@ impl UserOrganization {
        })
    }

-    pub async fn to_json_user_details(&self, conn: &mut DbConn) -> Value {
+    pub async fn to_json_user_details(
+        &self,
+        include_collections: bool,
+        include_groups: bool,
+        conn: &mut DbConn,
+    ) -> Value {
        let user = User::find_by_uuid(&self.user_uuid, conn).await.unwrap();

        // Because BitWarden want the status to be -1 for revoked users we need to catch that here.
@@ -371,11 +376,37 @@ impl UserOrganization {

        let twofactor_enabled = !TwoFactor::find_by_user(&user.uuid, conn).await.is_empty();

+        let groups: Vec<String> = if include_groups && CONFIG.org_groups_enabled() {
+            GroupUser::find_by_user(&self.uuid, conn).await.iter().map(|gu| gu.groups_uuid.clone()).collect()
+        } else {
+            // The Bitwarden clients seem to call this API regardless of whether groups are enabled,
+            // so just act as if there are no groups.
+            Vec::with_capacity(0)
+        };
+
+        let collections: Vec<Value> = if include_collections {
+            CollectionUser::find_by_organization_and_user_uuid(&self.org_uuid, &self.user_uuid, conn)
+                .await
+                .iter()
+                .map(|cu| {
+                    json!({
+                        "Id": cu.collection_uuid,
+                        "ReadOnly": cu.read_only,
+                        "HidePasswords": cu.hide_passwords,
+                    })
+                })
+                .collect()
+        } else {
+            Vec::with_capacity(0)
+        };
+
        json!({
            "Id": self.uuid,
            "UserId": self.user_uuid,
            "Name": user.name,
            "Email": user.email,
+            "Groups": groups,
+            "Collections": collections,

            "Status": status,
            "Type": self.atype,