|
|
@ -264,33 +264,32 @@ impl Cipher {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/// Returns whether this cipher is directly owned by the user.
|
|
|
|
/// Returns whether this cipher is directly owned by the user.
|
|
|
|
pub fn is_owned_by_user(&self, user_uuid: &str, conn: &DbConn) -> bool {
|
|
|
|
pub fn is_owned_by_user(&self, user_uuid: &str) -> bool {
|
|
|
|
ciphers::table
|
|
|
|
self.user_uuid.is_some() && self.user_uuid.as_ref().unwrap() == user_uuid
|
|
|
|
.filter(ciphers::uuid.eq(&self.uuid))
|
|
|
|
|
|
|
|
.filter(ciphers::user_uuid.eq(&user_uuid))
|
|
|
|
|
|
|
|
.first::<Self>(&**conn)
|
|
|
|
|
|
|
|
.ok()
|
|
|
|
|
|
|
|
.is_some()
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/// Returns whether this cipher is owned by an org in which the user has full access.
|
|
|
|
/// Returns whether this cipher is owned by an org in which the user has full access.
|
|
|
|
pub fn is_in_full_access_org(&self, user_uuid: &str, conn: &DbConn) -> bool {
|
|
|
|
pub fn is_in_full_access_org(&self, user_uuid: &str, conn: &DbConn) -> bool {
|
|
|
|
ciphers::table
|
|
|
|
if self.organization_uuid.is_none() {
|
|
|
|
.filter(ciphers::uuid.eq(&self.uuid))
|
|
|
|
return false;
|
|
|
|
.inner_join(ciphers_collections::table.on(
|
|
|
|
}
|
|
|
|
ciphers::uuid.eq(ciphers_collections::cipher_uuid)))
|
|
|
|
let org_uuid = self.organization_uuid.as_ref().unwrap();
|
|
|
|
.inner_join(users_organizations::table.on(
|
|
|
|
let rows = users_organizations::table
|
|
|
|
ciphers::organization_uuid.eq(users_organizations::org_uuid.nullable())
|
|
|
|
.filter(users_organizations::user_uuid.eq(user_uuid))
|
|
|
|
.and(users_organizations::user_uuid.eq(user_uuid))
|
|
|
|
.filter(users_organizations::org_uuid.eq(org_uuid))
|
|
|
|
.and(users_organizations::status.eq(UserOrgStatus::Confirmed as i32))))
|
|
|
|
.filter(users_organizations::status.eq(UserOrgStatus::Confirmed as i32))
|
|
|
|
|
|
|
|
.filter(
|
|
|
|
// The user is an org admin or higher.
|
|
|
|
// The user is an org admin or higher.
|
|
|
|
.filter(users_organizations::atype.le(UserOrgType::Admin as i32))
|
|
|
|
users_organizations::atype.le(UserOrgType::Admin as i32)
|
|
|
|
// The user was granted full access to the org by an org owner/admin.
|
|
|
|
// The user was granted full access to the org by an org owner/admin.
|
|
|
|
.or_filter(users_organizations::access_all.eq(true))
|
|
|
|
.or(users_organizations::access_all.eq(true))
|
|
|
|
.select(ciphers::uuid)
|
|
|
|
)
|
|
|
|
.first::<String>(&**conn)
|
|
|
|
.count()
|
|
|
|
|
|
|
|
.first(&**conn)
|
|
|
|
.ok()
|
|
|
|
.ok()
|
|
|
|
.is_some()
|
|
|
|
.unwrap_or(0);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
rows != 0
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/// Returns the user's access restrictions to this cipher. A return value
|
|
|
|
/// Returns the user's access restrictions to this cipher. A return value
|
|
|
@ -302,7 +301,7 @@ impl Cipher {
|
|
|
|
// Check whether this cipher is directly owned by the user, or is in
|
|
|
|
// Check whether this cipher is directly owned by the user, or is in
|
|
|
|
// a collection that the user has full access to. If so, there are no
|
|
|
|
// a collection that the user has full access to. If so, there are no
|
|
|
|
// access restrictions.
|
|
|
|
// access restrictions.
|
|
|
|
if self.is_owned_by_user(&user_uuid, &conn) || self.is_in_full_access_org(&user_uuid, &conn) {
|
|
|
|
if self.is_owned_by_user(&user_uuid) || self.is_in_full_access_org(&user_uuid, &conn) {
|
|
|
|
return Some((false, false));
|
|
|
|
return Some((false, false));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|