vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit 66a4c5d48bc6acdf6f30b15824992507dd3ca15e
parent b4e222d59889b32fdbed2ad0c31249b1b497d245
Author: Miroslav Prasil <miroslav@prasil.info>
Date:   Mon, 12 Nov 2018 17:13:25 +0000

Implement comparison between i32 and UserOrgType

Diffstat:
Msrc/api/core/organizations.rs | 42+++++++++++++++++++++---------------------
Msrc/auth.rs | 24+++++++++++++++---------
Msrc/db/models/organization.rs | 76+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
Msrc/db/models/user.rs | 2+-
4 files changed, 112 insertions(+), 32 deletions(-)

diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs @@ -91,7 +91,7 @@ fn leave_organization(org_id: String, headers: Headers, conn: DbConn) -> EmptyRe match UserOrganization::find_by_user_and_org(&headers.user.uuid, &org_id, &conn) { None => err!("User not part of organization"), Some(user_org) => { - if user_org.type_ == UserOrgType::Owner as i32 { + if user_org.type_ == UserOrgType::Owner { let num_owners = UserOrganization::find_by_org_and_type( &org_id, UserOrgType::Owner as i32, &conn) .len(); @@ -378,9 +378,9 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade None => err!("Invalid type") }; - if new_type != UserOrgType::User as i32 && - headers.org_user_type != UserOrgType::Owner as i32 { - err!("Only Owners can invite Admins or Owners") + if new_type != UserOrgType::User && + headers.org_user_type != UserOrgType::Owner { + err!("Only Owners can invite Managers, Admins or Owners") } for email in data.Emails.iter() { @@ -452,9 +452,9 @@ fn confirm_invite(org_id: String, org_user_id: String, data: JsonUpcase<Value>, None => err!("The specified user isn't a member of the organization") }; - if user_to_confirm.type_ != UserOrgType::User as i32 && - headers.org_user_type != UserOrgType::Owner as i32 { - err!("Only Owners can confirm Admins or Owners") + if user_to_confirm.type_ != UserOrgType::User && + headers.org_user_type != UserOrgType::Owner { + err!("Only Owners can confirm Managers, Admins or Owners") } if user_to_confirm.status != UserOrgStatus::Accepted as i32 { @@ -502,7 +502,7 @@ fn edit_user(org_id: String, org_user_id: String, data: JsonUpcase<EditUserData> let data: EditUserData = data.into_inner().data; let new_type = match UserOrgType::from_str(&data.Type.into_string()) { - Some(new_type) => new_type as i32, + Some(new_type) => new_type, None => err!("Invalid type") }; @@ -511,21 +511,21 @@ fn edit_user(org_id: String, org_user_id: String, data: JsonUpcase<EditUserData> None => err!("The specified user isn't member of the organization") }; - if new_type != user_to_edit.type_ as i32 && ( - user_to_edit.type_ <= UserOrgType::Admin as i32 || - new_type <= UserOrgType::Admin as i32 + if new_type != user_to_edit.type_ && ( + user_to_edit.type_ >= UserOrgType::Admin || + new_type >= UserOrgType::Admin ) && - headers.org_user_type != UserOrgType::Owner as i32 { + headers.org_user_type != UserOrgType::Owner { err!("Only Owners can grant and remove Admin or Owner privileges") } - if user_to_edit.type_ == UserOrgType::Owner as i32 && - headers.org_user_type != UserOrgType::Owner as i32 { + if user_to_edit.type_ == UserOrgType::Owner && + headers.org_user_type != UserOrgType::Owner { err!("Only Owners can edit Owner users") } - if user_to_edit.type_ == UserOrgType::Owner as i32 && - new_type != UserOrgType::Owner as i32 { + if user_to_edit.type_ == UserOrgType::Owner && + new_type != UserOrgType::Owner { // Removing owner permmission, check that there are at least another owner let num_owners = UserOrganization::find_by_org_and_type( @@ -538,7 +538,7 @@ fn edit_user(org_id: String, org_user_id: String, data: JsonUpcase<EditUserData> } user_to_edit.access_all = data.AccessAll; - user_to_edit.type_ = new_type; + user_to_edit.type_ = new_type as i32; // Delete all the odd collections for c in CollectionUser::find_by_organization_and_user_uuid(&org_id, &user_to_edit.user_uuid, &conn) { @@ -591,12 +591,12 @@ fn delete_user(org_id: String, org_user_id: String, headers: AdminHeaders, conn: None => err!("User to delete isn't member of the organization") }; - if user_to_delete.type_ != UserOrgType::User as i32 && - headers.org_user_type != UserOrgType::Owner as i32 { + if user_to_delete.type_ != UserOrgType::User && + headers.org_user_type != UserOrgType::Owner { err!("Only Owners can delete Admins or Owners") } - if user_to_delete.type_ == UserOrgType::Owner as i32 { + if user_to_delete.type_ == UserOrgType::Owner { // Removing owner, check that there are at least another owner let num_owners = UserOrganization::find_by_org_and_type( &org_id, UserOrgType::Owner as i32, &conn) @@ -653,7 +653,7 @@ fn post_org_import(query: OrgIdData, data: JsonUpcase<ImportData>, headers: Head None => err!("User is not part of the organization") }; - if org_user.type_ > UserOrgType::Admin as i32 { + if org_user.type_ < UserOrgType::Admin { err!("Only admins or owners can import into an organization") } diff --git a/src/auth.rs b/src/auth.rs @@ -184,7 +184,7 @@ pub struct OrgHeaders { pub host: String, pub device: Device, pub user: User, - pub org_user_type: i32, + pub org_user_type: UserOrgType, } impl<'a, 'r> FromRequest<'a, 'r> for OrgHeaders { @@ -225,7 +225,13 @@ impl<'a, 'r> FromRequest<'a, 'r> for OrgHeaders { host: headers.host, device: headers.device, user: headers.user, - org_user_type: org_user.type_, + org_user_type: { + if let Some(org_usr_type) = UserOrgType::from_i32(&org_user.type_) { + org_usr_type + } else { // This should only happen if the DB is corrupted + err_handler!("Unknown user type in the database") + } + }, }) } } @@ -238,7 +244,7 @@ pub struct AdminHeaders { pub host: String, pub device: Device, pub user: User, - pub org_user_type: i32, + pub org_user_type: UserOrgType, } impl<'a, 'r> FromRequest<'a, 'r> for AdminHeaders { @@ -249,15 +255,15 @@ impl<'a, 'r> FromRequest<'a, 'r> for AdminHeaders { Outcome::Forward(f) => Outcome::Forward(f), Outcome::Failure(f) => Outcome::Failure(f), Outcome::Success(headers) => { - if headers.org_user_type > UserOrgType::Admin as i32 { - err_handler!("You need to be Admin or Owner to call this endpoint") - } else { + if headers.org_user_type >= UserOrgType::Admin { Outcome::Success(Self{ host: headers.host, device: headers.device, user: headers.user, org_user_type: headers.org_user_type, }) + } else { + err_handler!("You need to be Admin or Owner to call this endpoint") } } } @@ -278,14 +284,14 @@ impl<'a, 'r> FromRequest<'a, 'r> for OwnerHeaders { Outcome::Forward(f) => Outcome::Forward(f), Outcome::Failure(f) => Outcome::Failure(f), Outcome::Success(headers) => { - if headers.org_user_type > UserOrgType::Owner as i32 { - err_handler!("You need to be Owner to call this endpoint") - } else { + if headers.org_user_type == UserOrgType::Owner { Outcome::Success(Self{ host: headers.host, device: headers.device, user: headers.user, }) + } else { + err_handler!("You need to be Owner to call this endpoint") } } } diff --git a/src/db/models/organization.rs b/src/db/models/organization.rs @@ -1,3 +1,4 @@ +use std::cmp::Ordering; use serde_json::Value as JsonValue; use uuid::Uuid; @@ -32,10 +33,71 @@ pub enum UserOrgStatus { Confirmed = 2, } +#[derive(Copy, Clone)] +#[derive(PartialEq)] +#[derive(Eq)] pub enum UserOrgType { Owner = 0, Admin = 1, User = 2, + Manager = 3, +} + +impl Ord for UserOrgType { + fn cmp(&self, other: &UserOrgType) -> Ordering { + if self == other { + Ordering::Equal + } else { + match self { + UserOrgType::Owner => Ordering::Greater, + UserOrgType::Admin => match other { + UserOrgType::Owner => Ordering::Less, + _ => Ordering::Greater + }, + UserOrgType::Manager => match other { + UserOrgType::Owner | UserOrgType::Admin => Ordering::Less, + _ => Ordering::Greater + }, + UserOrgType::User => Ordering::Less + } + } + } +} + +impl PartialOrd for UserOrgType { + fn partial_cmp(&self, other: &UserOrgType) -> Option<Ordering> { + Some(self.cmp(other)) + } +} + +impl PartialEq<i32> for UserOrgType { + fn eq(&self, other: &i32) -> bool { + *other == *self as i32 + } +} + +impl PartialOrd<i32> for UserOrgType { + fn partial_cmp(&self, other: &i32) -> Option<Ordering> { + if let Some(other) = Self::from_i32(other) { + return Some(self.cmp(&other)) + } + return None + } +} + +impl PartialEq<UserOrgType> for i32 { + fn eq(&self, other: &UserOrgType) -> bool { + *self == *other as i32 + } +} + +impl PartialOrd<UserOrgType> for i32 { + fn partial_cmp(&self, other: &UserOrgType) -> Option<Ordering> { + if let Some(self_type) = UserOrgType::from_i32(self) { + return Some(self_type.cmp(other)) + } + return None + } } impl UserOrgType { @@ -44,9 +106,21 @@ impl UserOrgType { "0" | "Owner" => Some(UserOrgType::Owner), "1" | "Admin" => Some(UserOrgType::Admin), "2" | "User" => Some(UserOrgType::User), + "3" | "Manager" => Some(UserOrgType::Manager), + _ => None, + } + } + + pub fn from_i32(i: &i32) -> Option<Self> { + match i { + 0 => Some(UserOrgType::Owner), + 1 => Some(UserOrgType::Admin), + 2 => Some(UserOrgType::User), + 3 => Some(UserOrgType::Manager), _ => None, } } + } /// Local methods @@ -302,7 +376,7 @@ impl UserOrganization { } pub fn has_full_access(self) -> bool { - self.access_all || self.type_ < UserOrgType::User as i32 + self.access_all || self.type_ >= UserOrgType::Admin } pub fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option<Self> { diff --git a/src/db/models/user.rs b/src/db/models/user.rs @@ -157,7 +157,7 @@ impl User { pub fn delete(self, conn: &DbConn) -> QueryResult<()> { for user_org in UserOrganization::find_by_user(&self.uuid, &*conn) { - if user_org.type_ == UserOrgType::Owner as i32 { + if user_org.type_ == UserOrgType::Owner { if UserOrganization::find_by_org_and_type( &user_org.org_uuid, UserOrgType::Owner as i32, &conn