vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README
commit 85ecd001a5c752683b58a460c9130599940d9769
parent d69d4d0d30001d77eb0912eb371025d3c26b423b
Author: Miroslav Prasil <miroslav@prasil.info>
Date:   Mon, 28 May 2018 17:26:02 +0100

Fix user invitation

Diffstat:

Msrc/api/core/organizations.rs | 40+++++++++++++++++++++++++---------------


Msrc/db/models/collection.rs | 25+++++++++++++++----------


2 files changed, 40 insertions(+), 25 deletions(-)

diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs
@@ -166,10 +166,6 @@ fn post_organization_collections(org_id: String, headers: Headers, data: Json<Ne
 
     collection.save(&conn);
 
-    if !org_user.access_all {
-        CollectionUser::save(&headers.user.uuid, &collection.uuid, false, &conn);
-    }
-
     Ok(Json(collection.to_json()))
 }
 
@@ -311,7 +307,7 @@ struct InviteData {
     #[serde(rename = "type")]
     type_: NumberOrString,
     collections: Vec<CollectionData>,
-    accessAll: bool,
+    accessAll: Option<bool>,
 }
 
 #[post("/organizations/<org_id>/users/invite", data = "<data>")]
@@ -346,16 +342,23 @@ fn send_invite(org_id: String, data: Json<InviteData>, headers: Headers, conn: D
                     None => ()
                 }
 
-                let mut new_user = UserOrganization::new(user.uuid, org_id.clone());
-                
-                new_user.access_all = data.accessAll;
+                let mut new_user = UserOrganization::new(user.uuid.clone(), org_id.clone());
+                let access_all = data.accessAll.unwrap_or(false);
+                new_user.access_all = access_all;
                 new_user.type_ = new_type;
 
                 // If no accessAll, add the collections received
-                if !data.accessAll {
-                    for collection in data.collections.iter() {
-                        // TODO: Check that collection is in org                      
-                        CollectionUser::save(&headers.user.uuid, &collection.id, collection.readOnly, &conn);
+                if !access_all {
+                    for col in data.collections.iter() {
+                        match Collection::find_by_uuid_and_org(&col.id, &org_id, &conn) {
+                            None => err!("Collection not found in Organization"),
+                            Some(collection) => {
+                                match CollectionUser::save(&user.uuid, &collection.uuid, col.readOnly, &conn) {
+                                    Ok(()) => (),
+                                    Err(_) => err!("Failed saving collection access for user")
+                                }
+                            }
+                        }
                     }
                 }
 
@@ -486,9 +489,16 @@ fn edit_user(org_id: String, user_id: String, data: Json<EditUserData>, headers:
 
     // If no accessAll, add the collections received
     if !data.accessAll {
-        for collection in data.collections.iter() {
-            // TODO: Check that collection is in org            
-            CollectionUser::save(&user_to_edit.user_uuid, &collection.id, collection.readOnly, &conn);
+        for col in data.collections.iter() {
+            match Collection::find_by_uuid_and_org(&col.id, &org_id, &conn) {
+                None => err!("Collection not found in Organization"),
+                Some(collection) => {
+                    match CollectionUser::save(&user_to_edit.user_uuid, &collection.uuid, col.readOnly, &conn) {
+                        Ok(()) => (),
+                        Err(_) => err!("Failed saving collection access for user")
+                    }
+                }
+            }
         }
     }
 
diff --git a/src/db/models/collection.rs b/src/db/models/collection.rs
@@ -102,6 +102,14 @@ impl Collection {
             .load::<Self>(&**conn).expect("Error loading collections")
     }
 
+    pub fn find_by_uuid_and_org(uuid: &str, org_uuid: &str, conn: &DbConn) -> Option<Self> {
+        collections::table
+        .filter(collections::uuid.eq(uuid))
+        .filter(collections::org_uuid.eq(org_uuid))
+        .select(collections::all_columns)
+        .first::<Self>(&**conn).ok()
+    }
+
     pub fn find_by_uuid_and_user(uuid: &str, user_uuid: &str, conn: &DbConn) -> Option<Self> {
         collections::table
         .left_join(users_collections::table.on(
@@ -171,16 +179,13 @@ impl CollectionUser {
             .load::<Self>(&**conn).expect("Error loading users_collections")
     }
 
-    pub fn save(user_uuid: &str, collection_uuid: &str, read_only:bool, conn: &DbConn) -> bool {
-        match diesel::replace_into(users_collections::table)
-            .values((
-                users_collections::user_uuid.eq(user_uuid),
-                users_collections::collection_uuid.eq(collection_uuid),
-                users_collections::read_only.eq(read_only),
-            )).execute(&**conn) {
-            Ok(1) => true, // One row inserted
-            _ => false,
-        }
+    pub fn save(user_uuid: &str, collection_uuid: &str, read_only:bool, conn: &DbConn) -> QueryResult<()> {
+        diesel::replace_into(users_collections::table)
+        .values((
+            users_collections::user_uuid.eq(user_uuid),
+            users_collections::collection_uuid.eq(collection_uuid),
+            users_collections::read_only.eq(read_only),
+        )).execute(&**conn).and(Ok(()))
     }
 
     pub fn delete(user_uuid: &str, collection_uuid: &str, conn: &DbConn) -> bool {