commit 062ae4dd59a4e851900d63d0ba04a46e20a9f49d
parent 3cfdf9b5858b7c2e5c0868fc4bc42f9fd1a14f80
Author: mprasil <mprasil@users.noreply.github.com>
Date: Wed, 29 Aug 2018 14:22:03 +0100
Allow non-Admin user to share to collection (fixes #157) (#159)
* Allow non-Admin user to share to collection (fixes #157)
* Better handling of collection sharing
Diffstat:
1 file changed, 23 insertions(+), 19 deletions(-)
diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs
@@ -127,26 +127,24 @@ fn post_ciphers(data: JsonUpcase<CipherData>, headers: Headers, conn: DbConn) ->
let data: CipherData = data.into_inner().data;
let mut cipher = Cipher::new(data.Type, data.Name.clone());
- update_cipher_from_data(&mut cipher, data, &headers, true, &conn)?;
+ update_cipher_from_data(&mut cipher, data, &headers, false, &conn)?;
Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, &conn)))
}
-fn update_cipher_from_data(cipher: &mut Cipher, data: CipherData, headers: &Headers, is_new_or_shared: bool, conn: &DbConn) -> EmptyResult {
- if is_new_or_shared {
- if let Some(org_id) = data.OrganizationId {
- match UserOrganization::find_by_user_and_org(&headers.user.uuid, &org_id, &conn) {
- None => err!("You don't have permission to add item to organization"),
- Some(org_user) => if org_user.has_full_access() {
- cipher.organization_uuid = Some(org_id);
- cipher.user_uuid = None;
- } else {
- err!("You don't have permission to add cipher directly to organization")
- }
+fn update_cipher_from_data(cipher: &mut Cipher, data: CipherData, headers: &Headers, shared_to_collection: bool, conn: &DbConn) -> EmptyResult {
+ if let Some(org_id) = data.OrganizationId {
+ match UserOrganization::find_by_user_and_org(&headers.user.uuid, &org_id, &conn) {
+ None => err!("You don't have permission to add item to organization"),
+ Some(org_user) => if shared_to_collection || org_user.has_full_access() {
+ cipher.organization_uuid = Some(org_id);
+ cipher.user_uuid = None;
+ } else {
+ err!("You don't have permission to add cipher directly to organization")
}
- } else {
- cipher.user_uuid = Some(headers.user.uuid.clone());
}
+ } else {
+ cipher.user_uuid = Some(headers.user.uuid.clone());
}
if let Some(ref folder_id) = data.FolderId {
@@ -243,7 +241,7 @@ fn post_ciphers_import(data: JsonUpcase<ImportData>, headers: Headers, conn: DbC
.map(|i| folders[*i].uuid.clone());
let mut cipher = Cipher::new(cipher_data.Type, cipher_data.Name.clone());
- update_cipher_from_data(&mut cipher, cipher_data, &headers, true, &conn)?;
+ update_cipher_from_data(&mut cipher, cipher_data, &headers, false, &conn)?;
cipher.move_to_folder(folder_uuid, &headers.user.uuid.clone(), &conn).ok();
}
@@ -422,22 +420,28 @@ fn share_cipher_by_uuid(uuid: &str, data: ShareCipherData, headers: &Headers, co
None => err!("Cipher doesn't exist")
};
- match data.Cipher.OrganizationId {
+ match data.Cipher.OrganizationId.clone() {
None => err!("Organization id not provided"),
- Some(_) => {
- update_cipher_from_data(&mut cipher, data.Cipher, &headers, true, &conn)?;
+ Some(organization_uuid) => {
+ let mut shared_to_collection = false;
for uuid in &data.CollectionIds {
match Collection::find_by_uuid(uuid, &conn) {
None => err!("Invalid collection ID provided"),
Some(collection) => {
if collection.is_writable_by_user(&headers.user.uuid, &conn) {
- CollectionCipher::save(&cipher.uuid.clone(), &collection.uuid, &conn);
+ if collection.org_uuid == organization_uuid {
+ CollectionCipher::save(&cipher.uuid.clone(), &collection.uuid, &conn);
+ shared_to_collection = true;
+ } else {
+ err!("Collection does not belong to organization")
+ }
} else {
err!("No rights to modify the collection")
}
}
}
}
+ update_cipher_from_data(&mut cipher, data.Cipher, &headers, shared_to_collection, &conn)?;
Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, &conn)))
}
