|
|
|
@ -248,7 +248,7 @@ fn post_ciphers_create(data: JsonUpcase<ShareCipherData>, headers: Headers, conn
|
|
|
|
|
// This check is usually only needed in update_cipher_from_data(), but we
|
|
|
|
|
// need it here as well to avoid creating an empty cipher in the call to
|
|
|
|
|
// cipher.save() below.
|
|
|
|
|
enforce_personal_ownership_policy(&data.Cipher, &headers, &conn)?;
|
|
|
|
|
enforce_personal_ownership_policy(Some(&data.Cipher), &headers, &conn)?;
|
|
|
|
|
|
|
|
|
|
let mut cipher = Cipher::new(data.Cipher.Type, data.Cipher.Name.clone());
|
|
|
|
|
cipher.user_uuid = Some(headers.user.uuid.clone());
|
|
|
|
@ -289,8 +289,8 @@ fn post_ciphers(data: JsonUpcase<CipherData>, headers: Headers, conn: DbConn, nt
|
|
|
|
|
/// allowed to delete or share such ciphers to an org, however.
|
|
|
|
|
///
|
|
|
|
|
/// Ref: https://bitwarden.com/help/article/policies/#personal-ownership
|
|
|
|
|
fn enforce_personal_ownership_policy(data: &CipherData, headers: &Headers, conn: &DbConn) -> EmptyResult {
|
|
|
|
|
if data.OrganizationId.is_none() {
|
|
|
|
|
fn enforce_personal_ownership_policy(data: Option<&CipherData>, headers: &Headers, conn: &DbConn) -> EmptyResult {
|
|
|
|
|
if data.is_none() || data.unwrap().OrganizationId.is_none() {
|
|
|
|
|
let user_uuid = &headers.user.uuid;
|
|
|
|
|
let policy_type = OrgPolicyType::PersonalOwnership;
|
|
|
|
|
if OrgPolicy::is_applicable_to_user(user_uuid, policy_type, conn) {
|
|
|
|
@ -309,7 +309,7 @@ pub fn update_cipher_from_data(
|
|
|
|
|
nt: &Notify,
|
|
|
|
|
ut: UpdateType,
|
|
|
|
|
) -> EmptyResult {
|
|
|
|
|
enforce_personal_ownership_policy(&data, headers, conn)?;
|
|
|
|
|
enforce_personal_ownership_policy(Some(&data), headers, conn)?;
|
|
|
|
|
|
|
|
|
|
// Check that the client isn't updating an existing cipher with stale data.
|
|
|
|
|
if let Some(dt) = data.LastKnownRevisionDate {
|
|
|
|
@ -458,6 +458,8 @@ struct RelationsData {
|
|
|
|
|
|
|
|
|
|
#[post("/ciphers/import", data = "<data>")]
|
|
|
|
|
fn post_ciphers_import(data: JsonUpcase<ImportData>, headers: Headers, conn: DbConn, nt: Notify) -> EmptyResult {
|
|
|
|
|
enforce_personal_ownership_policy(None, &headers, &conn)?;
|
|
|
|
|
|
|
|
|
|
let data: ImportData = data.into_inner().data;
|
|
|
|
|
|
|
|
|
|
// Read and create the folders
|
|
|
|
|