@ -267,9 +267,8 @@ async fn post_organization(
) -> JsonResult {
) -> JsonResult {
let data : OrganizationUpdateData = data . into_inner ( ) ;
let data : OrganizationUpdateData = data . into_inner ( ) ;
let mut org = match Organization ::find_by_uuid ( org_id , & mut conn ) . await {
let Some ( mut org ) = Organization ::find_by_uuid ( org_id , & mut conn ) . await else {
Some ( organization ) = > organization ,
err ! ( "Can't find organization details" )
None = > err ! ( "Can't find organization details" ) ,
} ;
} ;
org . name = data . name ;
org . name = data . name ;
@ -318,9 +317,8 @@ async fn get_org_collections(org_id: &str, _headers: ManagerHeadersLoose, mut co
async fn get_org_collections_details ( org_id : & str , headers : ManagerHeadersLoose , mut conn : DbConn ) -> JsonResult {
async fn get_org_collections_details ( org_id : & str , headers : ManagerHeadersLoose , mut conn : DbConn ) -> JsonResult {
let mut data = Vec ::new ( ) ;
let mut data = Vec ::new ( ) ;
let user_org = match UserOrganization ::find_by_user_and_org ( & headers . user . uuid , org_id , & mut conn ) . await {
let Some ( user_org ) = UserOrganization ::find_by_user_and_org ( & headers . user . uuid , org_id , & mut conn ) . await else {
Some ( u ) = > u ,
err ! ( "User is not part of organization" )
None = > err ! ( "User is not part of organization" ) ,
} ;
} ;
// get all collection memberships for the current organization
// get all collection memberships for the current organization
@ -387,9 +385,8 @@ async fn post_organization_collections(
) -> JsonResult {
) -> JsonResult {
let data : NewCollectionData = data . into_inner ( ) ;
let data : NewCollectionData = data . into_inner ( ) ;
let org = match Organization ::find_by_uuid ( org_id , & mut conn ) . await {
let Some ( org ) = Organization ::find_by_uuid ( org_id , & mut conn ) . await else {
Some ( organization ) = > organization ,
err ! ( "Can't find organization details" )
None = > err ! ( "Can't find organization details" ) ,
} ;
} ;
let collection = Collection ::new ( org . uuid , data . name , data . external_id ) ;
let collection = Collection ::new ( org . uuid , data . name , data . external_id ) ;
@ -413,9 +410,8 @@ async fn post_organization_collections(
}
}
for user in data . users {
for user in data . users {
let org_user = match UserOrganization ::find_by_uuid ( & user . id , & mut conn ) . await {
let Some ( org_user ) = UserOrganization ::find_by_uuid_and_org ( & user . id , org_id , & mut conn ) . await else {
Some ( u ) = > u ,
err ! ( "User is not part of organization" )
None = > err ! ( "User is not part of organization" ) ,
} ;
} ;
if org_user . access_all {
if org_user . access_all {
@ -454,20 +450,14 @@ async fn post_organization_collection_update(
) -> JsonResult {
) -> JsonResult {
let data : NewCollectionData = data . into_inner ( ) ;
let data : NewCollectionData = data . into_inner ( ) ;
let org = match Organization ::find_by_uuid ( org_id , & mut conn ) . await {
if Organization ::find_by_uuid ( org_id , & mut conn ) . await . is_none ( ) {
Some ( organization ) = > organization ,
err ! ( "Can't find organization details" )
None = > err ! ( "Can't find organization details" ) ,
} ;
} ;
let mut collection = match Collection ::find_by_uuid ( col_id , & mut conn ) . await {
let Some ( mut collection ) = Collection ::find_by_uuid_and_org ( col_id , org_id , & mut conn ) . await else {
Some ( collection ) = > collection ,
err ! ( "Collection not found" )
None = > err ! ( "Collection not found" ) ,
} ;
} ;
if collection . org_uuid ! = org . uuid {
err ! ( "Collection is not owned by organization" ) ;
}
collection . name = data . name ;
collection . name = data . name ;
collection . external_id = match data . external_id {
collection . external_id = match data . external_id {
Some ( external_id ) if ! external_id . trim ( ) . is_empty ( ) = > Some ( external_id ) ,
Some ( external_id ) if ! external_id . trim ( ) . is_empty ( ) = > Some ( external_id ) ,
@ -498,9 +488,8 @@ async fn post_organization_collection_update(
CollectionUser ::delete_all_by_collection ( col_id , & mut conn ) . await ? ;
CollectionUser ::delete_all_by_collection ( col_id , & mut conn ) . await ? ;
for user in data . users {
for user in data . users {
let org_user = match UserOrganization ::find_by_uuid ( & user . id , & mut conn ) . await {
let Some ( org_user ) = UserOrganization ::find_by_uuid_and_org ( & user . id , org_id , & mut conn ) . await else {
Some ( u ) = > u ,
err ! ( "User is not part of organization" )
None = > err ! ( "User is not part of organization" ) ,
} ;
} ;
if org_user . access_all {
if org_user . access_all {
@ -521,15 +510,8 @@ async fn delete_organization_collection_user(
_headers : AdminHeaders ,
_headers : AdminHeaders ,
mut conn : DbConn ,
mut conn : DbConn ,
) -> EmptyResult {
) -> EmptyResult {
let collection = match Collection ::find_by_uuid ( col_id , & mut conn ) . await {
let Some ( collection ) = Collection ::find_by_uuid_and_org ( col_id , org_id , & mut conn ) . await else {
None = > err ! ( "Collection not found" ) ,
err ! ( "Collection not found" , "Collection does not exist or does not belong to this organization" )
Some ( collection ) = > {
if collection . org_uuid = = org_id {
collection
} else {
err ! ( "Collection and Organization id do not match" )
}
}
} ;
} ;
match UserOrganization ::find_by_uuid_and_org ( org_user_id , org_id , & mut conn ) . await {
match UserOrganization ::find_by_uuid_and_org ( org_user_id , org_id , & mut conn ) . await {
@ -560,10 +542,9 @@ async fn _delete_organization_collection(
headers : & ManagerHeaders ,
headers : & ManagerHeaders ,
conn : & mut DbConn ,
conn : & mut DbConn ,
) -> EmptyResult {
) -> EmptyResult {
match Collection ::find_by_uuid ( col_id , conn ) . await {
let Some ( collection ) = Collection ::find_by_uuid_and_org ( col_id , org_id , conn ) . await else {
None = > err ! ( "Collection not found" ) ,
err ! ( "Collection not found" , "Collection does not exist or does not belong to this organization" )
Some ( collection ) = > {
} ;
if collection . org_uuid = = org_id {
log_event (
log_event (
EventType ::CollectionDeleted as i32 ,
EventType ::CollectionDeleted as i32 ,
& collection . uuid ,
& collection . uuid ,
@ -575,11 +556,6 @@ async fn _delete_organization_collection(
)
)
. await ;
. await ;
collection . delete ( conn ) . await
collection . delete ( conn ) . await
} else {
err ! ( "Collection and Organization id do not match" )
}
}
}
}
}
#[ delete( " /organizations/<org_id>/collections/<col_id> " ) ]
#[ delete( " /organizations/<org_id>/collections/<col_id> " ) ]
@ -601,12 +577,11 @@ struct DeleteCollectionData {
org_id : String ,
org_id : String ,
}
}
#[ post( " /organizations/<org_id>/collections/<col_id>/delete " , data = " <_data> " )]
#[ post( " /organizations/<org_id>/collections/<col_id>/delete " )]
async fn post_organization_collection_delete (
async fn post_organization_collection_delete (
org_id : & str ,
org_id : & str ,
col_id : & str ,
col_id : & str ,
headers : ManagerHeaders ,
headers : ManagerHeaders ,
_data : Json < DeleteCollectionData > ,
mut conn : DbConn ,
mut conn : DbConn ,
) -> EmptyResult {
) -> EmptyResult {
_delete_organization_collection ( org_id , col_id , & headers , & mut conn ) . await
_delete_organization_collection ( org_id , col_id , & headers , & mut conn ) . await
@ -651,9 +626,9 @@ async fn get_org_collection_detail(
err ! ( "Collection is not owned by organization" )
err ! ( "Collection is not owned by organization" )
}
}
let user_org = match UserOrganization ::find_by_user_and_org ( & headers . user . uuid , org_id , & mut conn ) . await {
let Some ( user_org ) = UserOrganization ::find_by_user_and_org ( & headers . user . uuid , org_id , & mut conn ) . await
Some ( u ) = > u ,
else {
None = > err ! ( "User is not part of organization" ) ,
err ! ( "User is not part of organization" )
} ;
} ;
let groups : Vec < Value > = if CONFIG . org_groups_enabled ( ) {
let groups : Vec < Value > = if CONFIG . org_groups_enabled ( ) {
@ -695,9 +670,8 @@ async fn get_org_collection_detail(
#[ get( " /organizations/<org_id>/collections/<coll_id>/users " ) ]
#[ get( " /organizations/<org_id>/collections/<coll_id>/users " ) ]
async fn get_collection_users ( org_id : & str , coll_id : & str , _headers : ManagerHeaders , mut conn : DbConn ) -> JsonResult {
async fn get_collection_users ( org_id : & str , coll_id : & str , _headers : ManagerHeaders , mut conn : DbConn ) -> JsonResult {
// Get org and collection, check that collection is from org
// Get org and collection, check that collection is from org
let collection = match Collection ::find_by_uuid_and_org ( coll_id , org_id , & mut conn ) . await {
let Some ( collection ) = Collection ::find_by_uuid_and_org ( coll_id , org_id , & mut conn ) . await else {
None = > err ! ( "Collection not found in Organization" ) ,
err ! ( "Collection not found in Organization" )
Some ( collection ) = > collection ,
} ;
} ;
let mut user_list = Vec ::new ( ) ;
let mut user_list = Vec ::new ( ) ;
@ -731,9 +705,8 @@ async fn put_collection_users(
// And then add all the received ones (except if the user has access_all)
// And then add all the received ones (except if the user has access_all)
for d in data . iter ( ) {
for d in data . iter ( ) {
let user = match UserOrganization ::find_by_uuid ( & d . id , & mut conn ) . await {
let Some ( user ) = UserOrganization ::find_by_uuid_and_org ( & d . id , org_id , & mut conn ) . await else {
Some ( u ) = > u ,
err ! ( "User is not part of organization" )
None = > err ! ( "User is not part of organization" ) ,
} ;
} ;
if user . access_all {
if user . access_all {
@ -1007,18 +980,16 @@ async fn reinvite_user(org_id: &str, user_org: &str, headers: AdminHeaders, mut
}
}
async fn _reinvite_user ( org_id : & str , user_org : & str , invited_by_email : & str , conn : & mut DbConn ) -> EmptyResult {
async fn _reinvite_user ( org_id : & str , user_org : & str , invited_by_email : & str , conn : & mut DbConn ) -> EmptyResult {
let user_org = match UserOrganization ::find_by_uuid ( user_org , conn ) . await {
let Some ( user_org ) = UserOrganization ::find_by_uuid_and_org ( user_org , org_id , conn ) . await else {
Some ( user_org ) = > user_org ,
err ! ( "The user hasn't been invited to the organization." )
None = > err ! ( "The user hasn't been invited to the organization." ) ,
} ;
} ;
if user_org . status ! = UserOrgStatus ::Invited as i32 {
if user_org . status ! = UserOrgStatus ::Invited as i32 {
err ! ( "The user is already accepted or confirmed to the organization" )
err ! ( "The user is already accepted or confirmed to the organization" )
}
}
let user = match User ::find_by_uuid ( & user_org . user_uuid , conn ) . await {
let Some ( user ) = User ::find_by_uuid ( & user_org . user_uuid , conn ) . await else {
Some ( user ) = > user ,
err ! ( "User not found." )
None = > err ! ( "User not found." ) ,
} ;
} ;
if ! CONFIG . invitations_allowed ( ) & & user . password_hash . is_empty ( ) {
if ! CONFIG . invitations_allowed ( ) & & user . password_hash . is_empty ( ) {
@ -1059,20 +1030,25 @@ struct AcceptData {
reset_password_key : Option < String > ,
reset_password_key : Option < String > ,
}
}
#[ post( " /organizations/<org_id>/users/< _ org_user_id>/accept" , data = " <data> " ) ]
#[ post( " /organizations/<org_id>/users/< org_user_id>/accept" , data = " <data> " ) ]
async fn accept_invite ( org_id : & str , _ org_user_id: & str , data : Json < AcceptData > , mut conn : DbConn ) -> EmptyResult {
async fn accept_invite ( org_id : & str , org_user_id: & str , data : Json < AcceptData > , mut conn : DbConn ) -> EmptyResult {
// The web-vault passes org_id and org_user_id in the URL, but we are just reading them from the JWT instead
// The web-vault passes org_id and org_user_id in the URL, but we are just reading them from the JWT instead
let data : AcceptData = data . into_inner ( ) ;
let data : AcceptData = data . into_inner ( ) ;
let claims = decode_invite ( & data . token ) ? ;
let claims = decode_invite ( & data . token ) ? ;
// If a claim does not have a user_org_id or it does not match the one in from the URI, something is wrong.
match & claims . user_org_id {
Some ( ou_id ) if ou_id . eq ( org_user_id ) = > { }
_ = > err ! ( "Error accepting the invitation" , "Claim does not match the org_user_id" ) ,
}
match User ::find_by_mail ( & claims . email , & mut conn ) . await {
match User ::find_by_mail ( & claims . email , & mut conn ) . await {
Some ( user ) = > {
Some ( user ) = > {
Invitation ::take ( & claims . email , & mut conn ) . await ;
Invitation ::take ( & claims . email , & mut conn ) . await ;
if let ( Some ( user_org ) , Some ( org ) ) = ( & claims . user_org_id , & claims . org_id ) {
if let ( Some ( user_org ) , Some ( org ) ) = ( & claims . user_org_id , & claims . org_id ) {
let mut user_org = match UserOrganization ::find_by_uuid_and_org ( user_org , org , & mut conn ) . await {
let Some ( mut user_org ) = UserOrganization ::find_by_uuid_and_org ( user_org , org , & mut conn ) . await else {
Some ( user_org ) = > user_org ,
err ! ( "Error accepting the invitation" )
None = > err ! ( "Error accepting the invitation" ) ,
} ;
} ;
if user_org . status ! = UserOrgStatus ::Invited as i32 {
if user_org . status ! = UserOrgStatus ::Invited as i32 {
@ -1213,9 +1189,8 @@ async fn _confirm_invite(
err ! ( "Key or UserId is not set, unable to process request" ) ;
err ! ( "Key or UserId is not set, unable to process request" ) ;
}
}
let mut user_to_confirm = match UserOrganization ::find_by_uuid_and_org ( org_user_id , org_id , conn ) . await {
let Some ( mut user_to_confirm ) = UserOrganization ::find_by_uuid_and_org ( org_user_id , org_id , conn ) . await else {
Some ( user ) = > user ,
err ! ( "The specified user isn't a member of the organization" )
None = > err ! ( "The specified user isn't a member of the organization" ) ,
} ;
} ;
if user_to_confirm . atype ! = UserOrgType ::User & & headers . org_user_type ! = UserOrgType ::Owner {
if user_to_confirm . atype ! = UserOrgType ::User & & headers . org_user_type ! = UserOrgType ::Owner {
@ -1287,9 +1262,8 @@ async fn get_user(
_headers : AdminHeaders ,
_headers : AdminHeaders ,
mut conn : DbConn ,
mut conn : DbConn ,
) -> JsonResult {
) -> JsonResult {
let user = match UserOrganization ::find_by_uuid_and_org ( org_user_id , org_id , & mut conn ) . await {
let Some ( user ) = UserOrganization ::find_by_uuid_and_org ( org_user_id , org_id , & mut conn ) . await else {
Some ( user ) = > user ,
err ! ( "The specified user isn't a member of the organization" )
None = > err ! ( "The specified user isn't a member of the organization" ) ,
} ;
} ;
// In this case, when groups are requested we also need to include collections.
// In this case, when groups are requested we also need to include collections.
@ -1331,14 +1305,12 @@ async fn edit_user(
) -> EmptyResult {
) -> EmptyResult {
let data : EditUserData = data . into_inner ( ) ;
let data : EditUserData = data . into_inner ( ) ;
let new_type = match UserOrgType ::from_str ( & data . r#type . into_string ( ) ) {
let Some ( new_type ) = UserOrgType ::from_str ( & data . r#type . into_string ( ) ) else {
Some ( new_type ) = > new_type ,
err ! ( "Invalid type" )
None = > err ! ( "Invalid type" ) ,
} ;
} ;
let mut user_to_edit = match UserOrganization ::find_by_uuid_and_org ( org_user_id , org_id , & mut conn ) . await {
let Some ( mut user_to_edit ) = UserOrganization ::find_by_uuid_and_org ( org_user_id , org_id , & mut conn ) . await else {
Some ( user ) = > user ,
err ! ( "The specified user isn't member of the organization" )
None = > err ! ( "The specified user isn't member of the organization" ) ,
} ;
} ;
if new_type ! = user_to_edit . atype
if new_type ! = user_to_edit . atype
@ -1490,9 +1462,8 @@ async fn _delete_user(
conn : & mut DbConn ,
conn : & mut DbConn ,
nt : & Notify < ' _ > ,
nt : & Notify < ' _ > ,
) -> EmptyResult {
) -> EmptyResult {
let user_to_delete = match UserOrganization ::find_by_uuid_and_org ( org_user_id , org_id , conn ) . await {
let Some ( user_to_delete ) = UserOrganization ::find_by_uuid_and_org ( org_user_id , org_id , conn ) . await else {
Some ( user ) = > user ,
err ! ( "User to delete isn't member of the organization" )
None = > err ! ( "User to delete isn't member of the organization" ) ,
} ;
} ;
if user_to_delete . atype ! = UserOrgType ::User & & headers . org_user_type ! = UserOrgType ::Owner {
if user_to_delete . atype ! = UserOrgType ::User & & headers . org_user_type ! = UserOrgType ::Owner {
@ -1725,9 +1696,8 @@ async fn list_policies_token(org_id: &str, token: &str, mut conn: DbConn) -> Jso
let invite = decode_invite ( token ) ? ;
let invite = decode_invite ( token ) ? ;
let invite_org_id = match invite . org_id {
let Some ( invite_org_id ) = invite . org_id else {
Some ( invite_org_id ) = > invite_org_id ,
err ! ( "Invalid token" )
None = > err ! ( "Invalid token" ) ,
} ;
} ;
if invite_org_id ! = org_id {
if invite_org_id ! = org_id {
@ -1747,9 +1717,8 @@ async fn list_policies_token(org_id: &str, token: &str, mut conn: DbConn) -> Jso
#[ get( " /organizations/<org_id>/policies/<pol_type> " ) ]
#[ get( " /organizations/<org_id>/policies/<pol_type> " ) ]
async fn get_policy ( org_id : & str , pol_type : i32 , _headers : AdminHeaders , mut conn : DbConn ) -> JsonResult {
async fn get_policy ( org_id : & str , pol_type : i32 , _headers : AdminHeaders , mut conn : DbConn ) -> JsonResult {
let pol_type_enum = match OrgPolicyType ::from_i32 ( pol_type ) {
let Some ( pol_type_enum ) = OrgPolicyType ::from_i32 ( pol_type ) else {
Some ( pt ) = > pt ,
err ! ( "Invalid or unsupported policy type" )
None = > err ! ( "Invalid or unsupported policy type" ) ,
} ;
} ;
let policy = match OrgPolicy ::find_by_org_and_type ( org_id , pol_type_enum , & mut conn ) . await {
let policy = match OrgPolicy ::find_by_org_and_type ( org_id , pol_type_enum , & mut conn ) . await {
@ -1778,9 +1747,8 @@ async fn put_policy(
) -> JsonResult {
) -> JsonResult {
let data : PolicyData = data . into_inner ( ) ;
let data : PolicyData = data . into_inner ( ) ;
let pol_type_enum = match OrgPolicyType ::from_i32 ( pol_type ) {
let Some ( pol_type_enum ) = OrgPolicyType ::from_i32 ( pol_type ) else {
Some ( pt ) = > pt ,
err ! ( "Invalid or unsupported policy type" )
None = > err ! ( "Invalid or unsupported policy type" ) ,
} ;
} ;
// Bitwarden only allows the Reset Password policy when Single Org policy is enabled
// Bitwarden only allows the Reset Password policy when Single Org policy is enabled
@ -2437,9 +2405,8 @@ async fn put_group(
err ! ( "Group support is disabled" ) ;
err ! ( "Group support is disabled" ) ;
}
}
let group = match Group ::find_by_uuid ( group_id , & mut conn ) . await {
let Some ( group ) = Group ::find_by_uuid_and_org ( group_id , org_id , & mut conn ) . await else {
Some ( group ) = > group ,
err ! ( "Group not found" , "Group uuid is invalid or does not belong to the organization" )
None = > err ! ( "Group not found" ) ,
} ;
} ;
let group_request = data . into_inner ( ) ;
let group_request = data . into_inner ( ) ;
@ -2502,15 +2469,14 @@ async fn add_update_group(
} ) ) )
} ) ) )
}
}
#[ get( " /organizations/< _ org_id>/groups/<group_id>/details" ) ]
#[ get( " /organizations/< org_id>/groups/<group_id>/details" ) ]
async fn get_group_details ( _ org_id: & str , group_id : & str , _headers : AdminHeaders , mut conn : DbConn ) -> JsonResult {
async fn get_group_details ( org_id: & str , group_id : & str , _headers : AdminHeaders , mut conn : DbConn ) -> JsonResult {
if ! CONFIG . org_groups_enabled ( ) {
if ! CONFIG . org_groups_enabled ( ) {
err ! ( "Group support is disabled" ) ;
err ! ( "Group support is disabled" ) ;
}
}
let group = match Group ::find_by_uuid ( group_id , & mut conn ) . await {
let Some ( group ) = Group ::find_by_uuid_and_org ( group_id , org_id , & mut conn ) . await else {
Some ( group ) = > group ,
err ! ( "Group not found" , "Group uuid is invalid or does not belong to the organization" )
_ = > err ! ( "Group could not be found!" ) ,
} ;
} ;
Ok ( Json ( group . to_json_details ( & mut conn ) . await ) )
Ok ( Json ( group . to_json_details ( & mut conn ) . await ) )
@ -2531,9 +2497,8 @@ async fn _delete_group(org_id: &str, group_id: &str, headers: &AdminHeaders, con
err ! ( "Group support is disabled" ) ;
err ! ( "Group support is disabled" ) ;
}
}
let group = match Group ::find_by_uuid ( group_id , conn ) . await {
let Some ( group ) = Group ::find_by_uuid_and_org ( group_id , org_id , conn ) . await else {
Some ( group ) = > group ,
err ! ( "Group not found" , "Group uuid is invalid or does not belong to the organization" )
_ = > err ! ( "Group not found" ) ,
} ;
} ;
log_event (
log_event (
@ -2569,29 +2534,27 @@ async fn bulk_delete_groups(
Ok ( ( ) )
Ok ( ( ) )
}
}
#[ get( " /organizations/< _ org_id>/groups/<group_id>" ) ]
#[ get( " /organizations/< org_id>/groups/<group_id>" ) ]
async fn get_group ( _ org_id: & str , group_id : & str , _headers : AdminHeaders , mut conn : DbConn ) -> JsonResult {
async fn get_group ( org_id: & str , group_id : & str , _headers : AdminHeaders , mut conn : DbConn ) -> JsonResult {
if ! CONFIG . org_groups_enabled ( ) {
if ! CONFIG . org_groups_enabled ( ) {
err ! ( "Group support is disabled" ) ;
err ! ( "Group support is disabled" ) ;
}
}
let group = match Group ::find_by_uuid ( group_id , & mut conn ) . await {
let Some ( group ) = Group ::find_by_uuid_and_org ( group_id , org_id , & mut conn ) . await else {
Some ( group ) = > group ,
err ! ( "Group not found" , "Group uuid is invalid or does not belong to the organization" )
_ = > err ! ( "Group not found" ) ,
} ;
} ;
Ok ( Json ( group . to_json ( ) ) )
Ok ( Json ( group . to_json ( ) ) )
}
}
#[ get( " /organizations/< _ org_id>/groups/<group_id>/users" ) ]
#[ get( " /organizations/< org_id>/groups/<group_id>/users" ) ]
async fn get_group_users ( _ org_id: & str , group_id : & str , _headers : AdminHeaders , mut conn : DbConn ) -> JsonResult {
async fn get_group_users ( org_id: & str , group_id : & str , _headers : AdminHeaders , mut conn : DbConn ) -> JsonResult {
if ! CONFIG . org_groups_enabled ( ) {
if ! CONFIG . org_groups_enabled ( ) {
err ! ( "Group support is disabled" ) ;
err ! ( "Group support is disabled" ) ;
}
}
match Group ::find_by_uuid ( group_id , & mut conn ) . await {
if Group ::find_by_uuid_and_org ( group_id , org_id , & mut conn ) . await . is_none ( ) {
Some ( _ ) = > { /* Do nothing */ }
err ! ( "Group could not be found!" , "Group uuid is invalid or does not belong to the organization" )
_ = > err ! ( "Group could not be found!" ) ,
} ;
} ;
let group_users : Vec < String > = GroupUser ::find_by_group ( group_id , & mut conn )
let group_users : Vec < String > = GroupUser ::find_by_group ( group_id , & mut conn )
@ -2615,9 +2578,8 @@ async fn put_group_users(
err ! ( "Group support is disabled" ) ;
err ! ( "Group support is disabled" ) ;
}
}
match Group ::find_by_uuid ( group_id , & mut conn ) . await {
if Group ::find_by_uuid_and_org ( group_id , org_id , & mut conn ) . await . is_none ( ) {
Some ( _ ) = > { /* Do nothing */ }
err ! ( "Group could not be found!" , "Group uuid is invalid or does not belong to the organization" )
_ = > err ! ( "Group could not be found!" ) ,
} ;
} ;
GroupUser ::delete_all_by_group ( group_id , & mut conn ) . await ? ;
GroupUser ::delete_all_by_group ( group_id , & mut conn ) . await ? ;
@ -2642,15 +2604,14 @@ async fn put_group_users(
Ok ( ( ) )
Ok ( ( ) )
}
}
#[ get( " /organizations/< _ org_id>/users/<user_id>/groups" ) ]
#[ get( " /organizations/< org_id>/users/<user_id>/groups" ) ]
async fn get_user_groups ( _ org_id: & str , user_id : & str , _headers : AdminHeaders , mut conn : DbConn ) -> JsonResult {
async fn get_user_groups ( org_id: & str , user_id : & str , _headers : AdminHeaders , mut conn : DbConn ) -> JsonResult {
if ! CONFIG . org_groups_enabled ( ) {
if ! CONFIG . org_groups_enabled ( ) {
err ! ( "Group support is disabled" ) ;
err ! ( "Group support is disabled" ) ;
}
}
match UserOrganization ::find_by_uuid ( user_id , & mut conn ) . await {
if UserOrganization ::find_by_uuid_and_org ( user_id , org_id , & mut conn ) . await . is_none ( ) {
Some ( _ ) = > { /* Do nothing */ }
err ! ( "User could not be found!" )
_ = > err ! ( "User could not be found!" ) ,
} ;
} ;
let user_groups : Vec < String > =
let user_groups : Vec < String > =
@ -2688,13 +2649,8 @@ async fn put_user_groups(
err ! ( "Group support is disabled" ) ;
err ! ( "Group support is disabled" ) ;
}
}
let user_org = match UserOrganization ::find_by_uuid ( org_user_id , & mut conn ) . await {
if UserOrganization ::find_by_uuid_and_org ( org_user_id , org_id , & mut conn ) . await . is_none ( ) {
Some ( uo ) = > uo ,
err ! ( "User could not be found or does not belong to the organization." ) ;
_ = > err ! ( "User could not be found!" ) ,
} ;
if user_org . org_uuid ! = org_id {
err ! ( "Group doesn't belong to organization" ) ;
}
}
GroupUser ::delete_all_by_user ( org_user_id , & mut conn ) . await ? ;
GroupUser ::delete_all_by_user ( org_user_id , & mut conn ) . await ? ;
@ -2742,22 +2698,12 @@ async fn delete_group_user(
err ! ( "Group support is disabled" ) ;
err ! ( "Group support is disabled" ) ;
}
}
let user_org = match UserOrganization ::find_by_uuid ( org_user_id , & mut conn ) . await {
if UserOrganization ::find_by_uuid_and_org ( org_user_id , org_id , & mut conn ) . await . is_none ( ) {
Some ( uo ) = > uo ,
err ! ( "User could not be found or does not belong to the organization." ) ;
_ = > err ! ( "User could not be found!" ) ,
} ;
if user_org . org_uuid ! = org_id {
err ! ( "User doesn't belong to organization" ) ;
}
}
let group = match Group ::find_by_uuid ( group_id , & mut conn ) . await {
if Group ::find_by_uuid_and_org ( group_id , org_id , & mut conn ) . await . is_none ( ) {
Some ( g ) = > g ,
err ! ( "Group could not be found or does not belong to the organization." ) ;
_ = > err ! ( "Group could not be found!" ) ,
} ;
if group . organizations_uuid ! = org_id {
err ! ( "Group doesn't belong to organization" ) ;
}
}
log_event (
log_event (
@ -2794,9 +2740,8 @@ struct OrganizationUserResetPasswordRequest {
// Just add it here in case they will
// Just add it here in case they will
#[ get( " /organizations/<org_id>/public-key " ) ]
#[ get( " /organizations/<org_id>/public-key " ) ]
async fn get_organization_public_key ( org_id : & str , _headers : Headers , mut conn : DbConn ) -> JsonResult {
async fn get_organization_public_key ( org_id : & str , _headers : Headers , mut conn : DbConn ) -> JsonResult {
let org = match Organization ::find_by_uuid ( org_id , & mut conn ) . await {
let Some ( org ) = Organization ::find_by_uuid ( org_id , & mut conn ) . await else {
Some ( organization ) = > organization ,
err ! ( "Organization not found" )
None = > err ! ( "Organization not found" ) ,
} ;
} ;
Ok ( Json ( json ! ( {
Ok ( Json ( json ! ( {
@ -2821,19 +2766,16 @@ async fn put_reset_password(
mut conn : DbConn ,
mut conn : DbConn ,
nt : Notify < ' _ > ,
nt : Notify < ' _ > ,
) -> EmptyResult {
) -> EmptyResult {
let org = match Organization ::find_by_uuid ( org_id , & mut conn ) . await {
let Some ( org ) = Organization ::find_by_uuid ( org_id , & mut conn ) . await else {
Some ( org ) = > org ,
err ! ( "Required organization not found" )
None = > err ! ( "Required organization not found" ) ,
} ;
} ;
let org_user = match UserOrganization ::find_by_uuid_and_org ( org_user_id , & org . uuid , & mut conn ) . await {
let Some ( org_user ) = UserOrganization ::find_by_uuid_and_org ( org_user_id , & org . uuid , & mut conn ) . await else {
Some ( user ) = > user ,
err ! ( "User to reset isn't member of required organization" )
None = > err ! ( "User to reset isn't member of required organization" ) ,
} ;
} ;
let user = match User ::find_by_uuid ( & org_user . user_uuid , & mut conn ) . await {
let Some ( user ) = User ::find_by_uuid ( & org_user . user_uuid , & mut conn ) . await else {
Some ( user ) = > user ,
err ! ( "User not found" )
None = > err ! ( "User not found" ) ,
} ;
} ;
check_reset_password_applicable_and_permissions ( org_id , org_user_id , & headers , & mut conn ) . await ? ;
check_reset_password_applicable_and_permissions ( org_id , org_user_id , & headers , & mut conn ) . await ? ;
@ -2880,19 +2822,16 @@ async fn get_reset_password_details(
headers : AdminHeaders ,
headers : AdminHeaders ,
mut conn : DbConn ,
mut conn : DbConn ,
) -> JsonResult {
) -> JsonResult {
let org = match Organization ::find_by_uuid ( org_id , & mut conn ) . await {
let Some ( org ) = Organization ::find_by_uuid ( org_id , & mut conn ) . await else {
Some ( org ) = > org ,
err ! ( "Required organization not found" )
None = > err ! ( "Required organization not found" ) ,
} ;
} ;
let org_user = match UserOrganization ::find_by_uuid_and_org ( org_user_id , org_id , & mut conn ) . await {
let Some ( org_user ) = UserOrganization ::find_by_uuid_and_org ( org_user_id , org_id , & mut conn ) . await else {
Some ( user ) = > user ,
err ! ( "User to reset isn't member of required organization" )
None = > err ! ( "User to reset isn't member of required organization" ) ,
} ;
} ;
let user = match User ::find_by_uuid ( & org_user . user_uuid , & mut conn ) . await {
let Some ( user ) = User ::find_by_uuid ( & org_user . user_uuid , & mut conn ) . await else {
Some ( user ) = > user ,
err ! ( "User not found" )
None = > err ! ( "User not found" ) ,
} ;
} ;
check_reset_password_applicable_and_permissions ( org_id , org_user_id , & headers , & mut conn ) . await ? ;
check_reset_password_applicable_and_permissions ( org_id , org_user_id , & headers , & mut conn ) . await ? ;
@ -2918,9 +2857,8 @@ async fn check_reset_password_applicable_and_permissions(
) -> EmptyResult {
) -> EmptyResult {
check_reset_password_applicable ( org_id , conn ) . await ? ;
check_reset_password_applicable ( org_id , conn ) . await ? ;
let target_user = match UserOrganization ::find_by_uuid_and_org ( org_user_id , org_id , conn ) . await {
let Some ( target_user ) = UserOrganization ::find_by_uuid_and_org ( org_user_id , org_id , conn ) . await else {
Some ( user ) = > user ,
err ! ( "Reset target user not found" )
None = > err ! ( "Reset target user not found" ) ,
} ;
} ;
// Resetting user must be higher/equal to user to reset
// Resetting user must be higher/equal to user to reset
@ -2936,9 +2874,8 @@ async fn check_reset_password_applicable(org_id: &str, conn: &mut DbConn) -> Emp
err ! ( "Password reset is not supported on an email-disabled instance." ) ;
err ! ( "Password reset is not supported on an email-disabled instance." ) ;
}
}
let policy = match OrgPolicy ::find_by_org_and_type ( org_id , OrgPolicyType ::ResetPassword , conn ) . await {
let Some ( policy ) = OrgPolicy ::find_by_org_and_type ( org_id , OrgPolicyType ::ResetPassword , conn ) . await else {
Some ( p ) = > p ,
err ! ( "Policy not found" )
None = > err ! ( "Policy not found" ) ,
} ;
} ;
if ! policy . enabled {
if ! policy . enabled {
@ -2956,9 +2893,8 @@ async fn put_reset_password_enrollment(
data : Json < OrganizationUserResetPasswordEnrollmentRequest > ,
data : Json < OrganizationUserResetPasswordEnrollmentRequest > ,
mut conn : DbConn ,
mut conn : DbConn ,
) -> EmptyResult {
) -> EmptyResult {
let mut org_user = match UserOrganization ::find_by_user_and_org ( & headers . user . uuid , org_id , & mut conn ) . await {
let Some ( mut org_user ) = UserOrganization ::find_by_user_and_org ( & headers . user . uuid , org_id , & mut conn ) . await else {
Some ( u ) = > u ,
err ! ( "User to enroll isn't member of required organization" )
None = > err ! ( "User to enroll isn't member of required organization" ) ,
} ;
} ;
check_reset_password_applicable ( org_id , & mut conn ) . await ? ;
check_reset_password_applicable ( org_id , & mut conn ) . await ? ;