vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit 10c5476d311ed22b53f5ec1ddcdc1f991aa757ac
parent 337cbfaf22ee28316ea09e859be0527416fe7da5
Author: BlackDex <black.dex@gmail.com>
Date:   Mon,  6 Mar 2023 16:53:21 +0100

Fix web-vault Member UI show/edit/save

There was a small bug left in regards to the web-vault v2023.2.0 fixes.
This PR fixes the left items. I think all should be addressed now.
When editing a User, you were not able to see or edit groups, or see
wich collections a user bellonged to.

Fixes #3311

Diffstat:
Msrc/api/core/organizations.rs | 27++++++++++++++++++++++-----
1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs @@ -748,8 +748,6 @@ struct GetOrgUserData { include_groups: Option<bool>, } -// includeCollections -// includeGroups #[get("/organizations/<org_id>/users?<data..>")] async fn get_org_users( data: GetOrgUserData, @@ -1229,14 +1227,25 @@ async fn _confirm_invite( save_result } -#[get("/organizations/<org_id>/users/<org_user_id>")] -async fn get_user(org_id: String, org_user_id: String, _headers: AdminHeaders, mut conn: DbConn) -> JsonResult { +#[get("/organizations/<org_id>/users/<org_user_id>?<data..>")] +async fn get_user( + org_id: String, + org_user_id: String, + data: GetOrgUserData, + _headers: AdminHeaders, + mut conn: DbConn, +) -> JsonResult { let user = match UserOrganization::find_by_uuid_and_org(&org_user_id, &org_id, &mut conn).await { Some(user) => user, None => err!("The specified user isn't a member of the organization"), }; - Ok(Json(user.to_json_details(&mut conn).await)) + // In this case, when groups are requested we also need to include collections. + // Else these will not be shown in the interface, and could lead to missing collections when saved. + let include_groups = data.include_groups.unwrap_or(false); + Ok(Json( + user.to_json_user_details(data.include_collections.unwrap_or(include_groups), include_groups, &mut conn).await, + )) } #[derive(Deserialize)] @@ -1244,6 +1253,7 @@ async fn get_user(org_id: String, org_user_id: String, _headers: AdminHeaders, m struct EditUserData { Type: NumberOrString, Collections: Option<Vec<CollectionData>>, + Groups: Option<Vec<String>>, AccessAll: bool, } @@ -1342,6 +1352,13 @@ async fn edit_user( } } + GroupUser::delete_all_by_user(&user_to_edit.uuid, &mut conn).await?; + + for group in data.Groups.iter().flatten() { + let mut group_entry = GroupUser::new(String::from(group), user_to_edit.uuid.clone()); + group_entry.save(&mut conn).await?; + } + log_event( EventType::OrganizationUserUpdated as i32, &user_to_edit.uuid,