commit 004a3f891f84f46e22afa62cc5ef95c1778cf440
parent e197f372b5d6f4e6ba97837f9ab077e7504e833d
Author: Daniel GarcĂa <dani-garcia@users.noreply.github.com>
Date: Fri, 28 Dec 2018 21:06:30 +0100
Merge pull request #315 from aksdb/master
Restrict join on users_collections to current user (fixes #313)
Diffstat:
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/db/models/cipher.rs b/src/db/models/cipher.rs
@@ -293,7 +293,7 @@ impl Cipher {
.first::<Self>(&**conn).ok()
}
- // Find all ciphers accesible to user
+ // Find all ciphers accessible to user
pub fn find_by_user(user_uuid: &str, conn: &DbConn) -> Vec<Self> {
ciphers::table
.left_join(users_organizations::table.on(
@@ -303,7 +303,9 @@ impl Cipher {
)
)
))
- .left_join(ciphers_collections::table)
+ .left_join(ciphers_collections::table.on(
+ ciphers::uuid.eq(ciphers_collections::cipher_uuid)
+ ))
.left_join(users_collections::table.on(
ciphers_collections::collection_uuid.eq(users_collections::collection_uuid)
))
@@ -352,7 +354,9 @@ impl Cipher {
)
))
.left_join(users_collections::table.on(
- users_collections::collection_uuid.eq(ciphers_collections::collection_uuid)
+ users_collections::collection_uuid.eq(ciphers_collections::collection_uuid).and(
+ users_collections::user_uuid.eq(user_id)
+ )
))
.filter(ciphers_collections::cipher_uuid.eq(&self.uuid))
.filter(users_collections::user_uuid.eq(user_id).or( // User has access to collection
