vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit 8b18c4c633a27bb559a9c893cf121dbfc56161e5
parent a00ecf228d9878463be41344eff0b0dd0da9b9f5
Author: Miroslav Prasil <miroslav@prasil.info>
Date:   Mon, 14 May 2018 16:13:59 +0100

Implement cipher sharing

Diffstat:
Msrc/api/core/ciphers.rs | 53++++++++++++++++++++++++++++++++++++++++++++++++++---
Msrc/api/core/mod.rs | 1+
Msrc/db/models/organization.rs | 4++++
3 files changed, 55 insertions(+), 3 deletions(-)

diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs @@ -121,12 +121,12 @@ fn post_ciphers(data: Json<CipherData>, headers: Headers, conn: DbConn) -> JsonR Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, &conn))) } -fn update_cipher_from_data(cipher: &mut Cipher, data: CipherData, headers: &Headers, is_new: bool, conn: &DbConn) -> EmptyResult { - if is_new { +fn update_cipher_from_data(cipher: &mut Cipher, data: CipherData, headers: &Headers, is_new_or_shared: bool, conn: &DbConn) -> EmptyResult { + if is_new_or_shared { if let Some(org_id) = data.organizationId { match UserOrganization::find_by_user_and_org(&headers.user.uuid, &org_id, &conn) { None => err!("You don't have permission to add item to organization"), - Some(org_user) => if org_user.access_all || org_user.type_ < UserOrgType::User as i32 { + Some(org_user) => if org_user.has_full_access() { cipher.organization_uuid = Some(org_id); } else { err!("You don't have permission to add cipher directly to organization") @@ -340,6 +340,53 @@ fn post_collections_admin(uuid: String, data: Json<CollectionsAdminData>, header Ok(()) } +#[derive(Deserialize)] +#[allow(non_snake_case)] +struct ShareCipherData { + cipher: CipherData, + collectionIds: Vec<String>, +} + +#[post("/ciphers/<uuid>/share", data = "<data>")] +fn post_cipher_share(uuid: String, data: Json<ShareCipherData>, headers: Headers, conn: DbConn) -> JsonResult { + let data: ShareCipherData = data.into_inner(); + + let mut cipher = match Cipher::find_by_uuid(&uuid, &conn) { + Some(cipher) => match cipher.uuid == uuid { + true => { + if cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) { + cipher + } else { + err!("Cipher is not write accessible") + } + }, + false => err!("Wrong Cipher id provided") + }, + None => err!("Cipher doesn't exist") + }; + + match data.cipher.organizationId.clone() { + None => err!("Organization id not provided"), + Some(org_id) => { + update_cipher_from_data(&mut cipher, data.cipher, &headers, true, &conn)?; + for collection in data.collectionIds.iter() { + match Collection::find_by_uuid(&collection, &conn) { + None => err!("Invalid collection ID provided"), + Some(collection) => { + if collection.is_writable_by_user(&headers.user.uuid, &conn) { + CollectionCipher::save(&cipher.uuid.clone(), &collection.uuid, &conn); + } else { + err!("No rights to modify the collection") + } + } + } + } + + Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, &conn))) + } + } +} + #[post("/ciphers/<uuid>/attachment", format = "multipart/form-data", data = "<data>")] fn post_attachment(uuid: String, data: Data, content_type: &ContentType, headers: Headers, conn: DbConn) -> JsonResult { let cipher = match Cipher::find_by_uuid(&uuid, &conn) { diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs @@ -34,6 +34,7 @@ pub fn routes() -> Vec<Route> { delete_attachment_post, delete_attachment, post_cipher_admin, + post_cipher_share, post_cipher, put_cipher, delete_cipher_post, diff --git a/src/db/models/organization.rs b/src/db/models/organization.rs @@ -224,6 +224,10 @@ impl UserOrganization { } } + pub fn has_full_access(self) -> bool { + self.access_all || self.type_ < UserOrgType::User as i32 + } + pub fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option<Self> { users_organizations::table .filter(users_organizations::uuid.eq(uuid))