vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit 387b5eb2dd647aeb83bf479f5caca8e62729637e
parent 0a0f620d0b7982bd5d57b57fe909c02cb0125b48
Author: Stefan Melmuk <stefan.melmuk@gmail.com>
Date:   Tue, 27 Sep 2022 10:10:09 +0200

allow the removal of non-confirmed owners

ensure user_to_edit and user_to_delete are actually confirmed users,
before checking if they are the last owner of an organization.

Diffstat:
Msrc/api/core/organizations.rs | 9++++++---
1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs @@ -999,8 +999,11 @@ async fn edit_user( err!("Only Owners can edit Owner users") } - if user_to_edit.atype == UserOrgType::Owner && new_type != UserOrgType::Owner { - // Removing owner permmission, check that there is at least one other confirmed owner + if user_to_edit.atype == UserOrgType::Owner + && new_type != UserOrgType::Owner + && user_to_edit.status == UserOrgStatus::Confirmed as i32 + { + // Removing owner permission, check that there is at least one other confirmed owner if UserOrganization::count_confirmed_by_org_and_type(&org_id, UserOrgType::Owner, &conn).await <= 1 { err!("Can't delete the last owner") } @@ -1097,7 +1100,7 @@ async fn _delete_user(org_id: &str, org_user_id: &str, headers: &AdminHeaders, c err!("Only Owners can delete Admins or Owners") } - if user_to_delete.atype == UserOrgType::Owner { + if user_to_delete.atype == UserOrgType::Owner && user_to_delete.status == UserOrgStatus::Confirmed as i32 { // Removing owner, check that there is at least one other confirmed owner if UserOrganization::count_confirmed_by_org_and_type(org_id, UserOrgType::Owner, conn).await <= 1 { err!("Can't delete the last owner")