From 2f6aa3c36381f802bddf97fbb988020a302e7a2b Mon Sep 17 00:00:00 2001 From: Kumar Ankur Date: Wed, 1 Aug 2018 11:21:05 +0530 Subject: [PATCH] Reverting removal of 'api/ciphers/move' POST as it is required for backward compatibility --- src/api/core/ciphers.rs | 54 ++++++++++++++++++++++++++++++++++++++++- src/api/core/mod.rs | 1 + 2 files changed, 54 insertions(+), 1 deletion(-) diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs index fe351d76..d1450df9 100644 --- a/src/api/core/ciphers.rs +++ b/src/api/core/ciphers.rs @@ -483,7 +483,7 @@ fn delete_cipher_selected(data: JsonUpcase, headers: Headers, conn: DbCon Ok(()) } -#[put("/ciphers/move", data = "")] +#[post("/ciphers/move", data = "")] fn move_cipher_selected(data: JsonUpcase, headers: Headers, conn: DbConn) -> EmptyResult { let data = data.into_inner().data; @@ -535,6 +535,58 @@ fn move_cipher_selected(data: JsonUpcase, headers: Headers, conn: DbConn) Ok(()) } +#[put("/ciphers/move", data = "")] +fn move_cipher_selected_put(data: JsonUpcase, headers: Headers, conn: DbConn) -> EmptyResult { + let data = data.into_inner().data; + + let folder_id = match data.get("FolderId") { + Some(folder_id) => { + match folder_id.as_str() { + Some(folder_id) => { + match Folder::find_by_uuid(folder_id, &conn) { + Some(folder) => { + if folder.user_uuid != headers.user.uuid { + err!("Folder is not owned by user") + } + Some(folder.uuid) + } + None => err!("Folder doesn't exist") + } + } + None => err!("Folder id provided in wrong format") + } + } + None => None + }; + + let uuids = match data.get("Ids") { + Some(ids) => match ids.as_array() { + Some(ids) => ids.iter().filter_map(|uuid| { uuid.as_str() }), + None => err!("Posted ids field is not an array") + }, + None => err!("Request missing ids field") + }; + + for uuid in uuids { + let mut cipher = match Cipher::find_by_uuid(uuid, &conn) { + Some(cipher) => cipher, + None => err!("Cipher doesn't exist") + }; + + if !cipher.is_accessible_to_user(&headers.user.uuid, &conn) { + err!("Cipher is not accessible by user") + } + + // Move cipher + if cipher.move_to_folder(folder_id.clone(), &headers.user.uuid, &conn).is_err() { + err!("Error saving the folder information") + } + cipher.save(&conn); + } + + Ok(()) +} + #[post("/ciphers/purge", data = "")] fn delete_all(data: JsonUpcase, headers: Headers, conn: DbConn) -> EmptyResult { let data: PasswordData = data.into_inner().data; diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs index 89df7a1f..d7387d44 100644 --- a/src/api/core/mod.rs +++ b/src/api/core/mod.rs @@ -46,6 +46,7 @@ pub fn routes() -> Vec { delete_cipher_selected, delete_all, move_cipher_selected, + move_cipher_selected_put, get_folders, get_folder,