vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README
commit 7a9cfc45da4cdf3c85ab4363295bb505884f2d76
parent 9e24b9065c8c71f03b04ecb325251a3105e35457
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Wed, 12 May 2021 23:05:41 +0200

Merge pull request #1688 from jjlin/config-sends-allowed

Add `sends_allowed` config setting
Diffstat:

M.env.template | 5+++++


Msrc/api/core/sends.rs | 5++++-


Msrc/config.rs | 4++++


3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/.env.template b/.env.template
@@ -56,6 +56,11 @@
 # WEBSOCKET_ADDRESS=0.0.0.0
 # WEBSOCKET_PORT=3012
 
+## Controls whether users are allowed to create Bitwarden Sends.
+## This setting applies globally to all users.
+## To control this on a per-org basis instead, use the "Disable Send" org policy.
+# SENDS_ALLOWED=true
+
 ## Job scheduler settings
 ##
 ## Job schedules use a cron-like syntax (as parsed by https://crates.io/crates/cron),
diff --git a/src/api/core/sends.rs b/src/api/core/sends.rs
@@ -51,10 +51,13 @@ pub struct SendData {
 /// modify existing ones, but is allowed to delete them.
 ///
 /// Ref: https://bitwarden.com/help/article/policies/#disable-send
+///
+/// There is also a Vaultwarden-specific `sends_allowed` config setting that
+/// controls this policy globally.
 fn enforce_disable_send_policy(headers: &Headers, conn: &DbConn) -> EmptyResult {
     let user_uuid = &headers.user.uuid;
     let policy_type = OrgPolicyType::DisableSend;
-    if OrgPolicy::is_applicable_to_user(user_uuid, policy_type, conn) {
+    if !CONFIG.sends_allowed() || OrgPolicy::is_applicable_to_user(user_uuid, policy_type, conn) {
         err!("Due to an Enterprise Policy, you are only able to delete an existing Send.")
     }
     Ok(())
diff --git a/src/config.rs b/src/config.rs
@@ -342,6 +342,10 @@ make_config! {
         /// Enable web vault
         web_vault_enabled:      bool,   false,  def,    true;
 
+        /// Allow Sends |> Controls whether users are allowed to create Bitwarden Sends.
+        /// This setting applies globally to all users. To control this on a per-org basis instead, use the "Disable Send" org policy.
+        sends_allowed:          bool,   true,   def,    true;
+
         /// HIBP Api Key |> HaveIBeenPwned API Key, request it here: https://haveibeenpwned.com/API/Key
         hibp_api_key:           Pass,   true,   option;