vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README
commit 032134aabcc78bca6f4b8beaf094c42a4b32a90c
parent 8298795087c787c85fd3ba6c965242c1ad190fad
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Fri, 11 May 2018 20:08:02 +0200

Fixed some errors asigning collections to users

Diffstat:

Msrc/api/core/organizations.rs | 10+++++-----


Msrc/db/models/collection.rs | 15+++++++++++++++


Msrc/db/models/organization.rs | 16++++++++++++----


3 files changed, 32 insertions(+), 9 deletions(-)

diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs
@@ -118,7 +118,7 @@ fn get_user_collections(headers: Headers, conn: DbConn) -> JsonResult {
 fn get_org_collections(org_id: String, headers: Headers, conn: DbConn) -> JsonResult {
     Ok(Json(json!({
         "Data":
-            Collection::find_by_organization_and_user_uuid(&org_id, &headers.user.uuid, &conn)
+            Collection::find_by_organization(&org_id, &conn)
             .iter()
             .map(|collection| {
                 collection.to_json()
@@ -371,7 +371,7 @@ fn get_user(org_id: String, user_id: String, headers: Headers, conn: DbConn) -> 
         None => err!("The specified user isn't member of the organization")
     };
 
-    Ok(Json(user.to_json_details()))
+    Ok(Json(user.to_json_details(&conn)))
 }
 
 #[derive(Deserialize)]
@@ -434,15 +434,15 @@ fn edit_user(org_id: String, user_id: String, data: Json<EditUserData>, headers:
     user_to_edit.type_ = new_type;
 
     // Delete all the odd collections
-    for c in Collection::find_by_organization_and_user_uuid(&org_id, &current_user.uuid, &conn) { 
-        CollectionUsers::delete(&current_user.uuid, &c.uuid, &conn);
+    for c in Collection::find_by_organization_and_user_uuid(&org_id, &user_to_edit.user_uuid, &conn) {
+        CollectionUsers::delete(&user_to_edit.user_uuid, &c.uuid, &conn);
     }
 
     // If no accessAll, add the collections received
     if !data.accessAll {
         for collection in data.collections.iter() {
             // TODO: Check that collection is in org            
-            CollectionUsers::save(&current_user.uuid, &collection.id, collection.readOnly, &conn);
+            CollectionUsers::save(&user_to_edit.user_uuid, &collection.id, collection.readOnly, &conn);
         }
     }
 
diff --git a/src/db/models/collection.rs b/src/db/models/collection.rs
@@ -87,6 +87,12 @@ impl Collection {
         Self::find_by_user_uuid(user_uuid, conn).into_iter().filter(|c| c.org_uuid == org_uuid).collect()
     }
 
+    pub fn find_by_organization(org_uuid: &str, conn: &DbConn) -> Vec<Self> {
+        collections::table
+            .filter(collections::org_uuid.eq(org_uuid))
+            .load::<Self>(&**conn).expect("Error loading collections")
+    }
+
     pub fn find_by_uuid_and_user(uuid: &str, user_uuid: &str, conn: &DbConn) -> Option<Self> {
         users_collections::table.inner_join(collections::table)
             .filter(users_collections::collection_uuid.eq(uuid))
@@ -111,6 +117,15 @@ pub struct CollectionUsers {
 
 /// Database methods
 impl CollectionUsers {
+    pub fn find_by_organization_and_user_uuid(org_uuid: &str, user_uuid: &str, conn: &DbConn) -> Vec<Self> {
+        users_collections::table
+            .filter(users_collections::user_uuid.eq(user_uuid))
+            .inner_join(collections::table.on(collections::uuid.eq(users_collections::collection_uuid)))
+            .filter(collections::org_uuid.eq(org_uuid))
+            .select(users_collections::all_columns)
+            .load::<Self>(&**conn).expect("Error loading users_collections")
+    }
+
     pub fn save(user_uuid: &str, collection_uuid: &str, read_only:bool, conn: &DbConn) -> bool {
         match diesel::replace_into(users_collections::table)
             .values((
diff --git a/src/db/models/organization.rs b/src/db/models/organization.rs
@@ -178,21 +178,29 @@ impl UserOrganization {
 
             "Status": self.status,
             "Type": self.type_,
-            "AccessAll": true,
+            "AccessAll": self.access_all,
 
             "Object": "organizationUserUserDetails",
         })
     }
 
-    pub fn to_json_details(&self) -> JsonValue {
+    pub fn to_json_details(&self, conn: &DbConn) -> JsonValue {        
+        let coll_uuids = if self.access_all { 
+            vec![] // If we have complete access, no need to fill the array
+        } else {
+            use super::CollectionUsers;
+            let collections = CollectionUsers::find_by_organization_and_user_uuid(&self.org_uuid, &self.user_uuid, conn);
+            collections.iter().map(|c| json!({"Id": c.collection_uuid, "ReadOnly": c.read_only})).collect()
+        };
+
         json!({
             "Id": self.uuid,
             "UserId": self.user_uuid,
 
             "Status": self.status,
             "Type": self.type_,
-            "AccessAll": true,
-            "Collections": [],
+            "AccessAll": self.access_all,
+            "Collections": coll_uuids,
 
             "Object": "organizationUserDetails",
         })