vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit ed97725c8b389b4b760d84130bcbac283126bf70
parent d69d4d0d30001d77eb0912eb371025d3c26b423b
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Tue, 29 May 2018 00:17:26 +0200

Merge pull request #31 from mprasil/invite_fix

Fix user invitation
Diffstat:
Msrc/api/core/organizations.rs | 40+++++++++++++++++++++++++---------------
Msrc/db/models/collection.rs | 25+++++++++++++++----------
2 files changed, 40 insertions(+), 25 deletions(-)

diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs @@ -166,10 +166,6 @@ fn post_organization_collections(org_id: String, headers: Headers, data: Json<Ne collection.save(&conn); - if !org_user.access_all { - CollectionUser::save(&headers.user.uuid, &collection.uuid, false, &conn); - } - Ok(Json(collection.to_json())) } @@ -311,7 +307,7 @@ struct InviteData { #[serde(rename = "type")] type_: NumberOrString, collections: Vec<CollectionData>, - accessAll: bool, + accessAll: Option<bool>, } #[post("/organizations/<org_id>/users/invite", data = "<data>")] @@ -346,16 +342,23 @@ fn send_invite(org_id: String, data: Json<InviteData>, headers: Headers, conn: D None => () } - let mut new_user = UserOrganization::new(user.uuid, org_id.clone()); - - new_user.access_all = data.accessAll; + let mut new_user = UserOrganization::new(user.uuid.clone(), org_id.clone()); + let access_all = data.accessAll.unwrap_or(false); + new_user.access_all = access_all; new_user.type_ = new_type; // If no accessAll, add the collections received - if !data.accessAll { - for collection in data.collections.iter() { - // TODO: Check that collection is in org - CollectionUser::save(&headers.user.uuid, &collection.id, collection.readOnly, &conn); + if !access_all { + for col in data.collections.iter() { + match Collection::find_by_uuid_and_org(&col.id, &org_id, &conn) { + None => err!("Collection not found in Organization"), + Some(collection) => { + match CollectionUser::save(&user.uuid, &collection.uuid, col.readOnly, &conn) { + Ok(()) => (), + Err(_) => err!("Failed saving collection access for user") + } + } + } } } @@ -486,9 +489,16 @@ fn edit_user(org_id: String, user_id: String, data: Json<EditUserData>, headers: // If no accessAll, add the collections received if !data.accessAll { - for collection in data.collections.iter() { - // TODO: Check that collection is in org - CollectionUser::save(&user_to_edit.user_uuid, &collection.id, collection.readOnly, &conn); + for col in data.collections.iter() { + match Collection::find_by_uuid_and_org(&col.id, &org_id, &conn) { + None => err!("Collection not found in Organization"), + Some(collection) => { + match CollectionUser::save(&user_to_edit.user_uuid, &collection.uuid, col.readOnly, &conn) { + Ok(()) => (), + Err(_) => err!("Failed saving collection access for user") + } + } + } } } diff --git a/src/db/models/collection.rs b/src/db/models/collection.rs @@ -102,6 +102,14 @@ impl Collection { .load::<Self>(&**conn).expect("Error loading collections") } + pub fn find_by_uuid_and_org(uuid: &str, org_uuid: &str, conn: &DbConn) -> Option<Self> { + collections::table + .filter(collections::uuid.eq(uuid)) + .filter(collections::org_uuid.eq(org_uuid)) + .select(collections::all_columns) + .first::<Self>(&**conn).ok() + } + pub fn find_by_uuid_and_user(uuid: &str, user_uuid: &str, conn: &DbConn) -> Option<Self> { collections::table .left_join(users_collections::table.on( @@ -171,16 +179,13 @@ impl CollectionUser { .load::<Self>(&**conn).expect("Error loading users_collections") } - pub fn save(user_uuid: &str, collection_uuid: &str, read_only:bool, conn: &DbConn) -> bool { - match diesel::replace_into(users_collections::table) - .values(( - users_collections::user_uuid.eq(user_uuid), - users_collections::collection_uuid.eq(collection_uuid), - users_collections::read_only.eq(read_only), - )).execute(&**conn) { - Ok(1) => true, // One row inserted - _ => false, - } + pub fn save(user_uuid: &str, collection_uuid: &str, read_only:bool, conn: &DbConn) -> QueryResult<()> { + diesel::replace_into(users_collections::table) + .values(( + users_collections::user_uuid.eq(user_uuid), + users_collections::collection_uuid.eq(collection_uuid), + users_collections::read_only.eq(read_only), + )).execute(&**conn).and(Ok(())) } pub fn delete(user_uuid: &str, collection_uuid: &str, conn: &DbConn) -> bool {