From f9a73a9bbecbcc4ef858413c58081cfe92ecde45 Mon Sep 17 00:00:00 2001 From: Jeremy Lin Date: Fri, 3 Jul 2020 10:49:10 -0700 Subject: [PATCH] More cipher optimization/cleanup --- src/db/models/cipher.rs | 48 ++++++++++++----------------------- src/db/models/organization.rs | 7 ++++- 2 files changed, 22 insertions(+), 33 deletions(-) diff --git a/src/db/models/cipher.rs b/src/db/models/cipher.rs index 223d6780..3bf0ea6f 100644 --- a/src/db/models/cipher.rs +++ b/src/db/models/cipher.rs @@ -270,26 +270,13 @@ impl Cipher { /// Returns whether this cipher is owned by an org in which the user has full access. pub fn is_in_full_access_org(&self, user_uuid: &str, conn: &DbConn) -> bool { - if self.organization_uuid.is_none() { - return false; + if let Some(ref org_uuid) = self.organization_uuid { + if let Some(user_org) = UserOrganization::find_by_user_and_org(&user_uuid, &org_uuid, &conn) { + return user_org.has_full_access(); + } } - let org_uuid = self.organization_uuid.as_ref().unwrap(); - let rows = users_organizations::table - .filter(users_organizations::user_uuid.eq(user_uuid)) - .filter(users_organizations::org_uuid.eq(org_uuid)) - .filter(users_organizations::status.eq(UserOrgStatus::Confirmed as i32)) - .filter( - // The user is an org admin or higher. - users_organizations::atype.le(UserOrgType::Admin as i32) - // The user was granted full access to the org by an org owner/admin. - .or(users_organizations::access_all.eq(true)) - ) - .count() - .first(&**conn) - .ok() - .unwrap_or(0); - rows != 0 + false } /// Returns the user's access restrictions to this cipher. A return value @@ -324,21 +311,18 @@ impl Cipher { // and `hide_passwords` columns. This could ideally be done as part // of the query, but Diesel doesn't support a max() or bool_or() // function on booleans and this behavior isn't portable anyway. - match query.load::<(bool, bool)>(&**conn).ok() { - Some(vec) => { - let mut read_only = false; - let mut hide_passwords = false; - for (ro, hp) in vec.iter() { - read_only |= ro; - hide_passwords |= hp; - } - - Some((read_only, hide_passwords)) - }, - None => { - // This cipher isn't in any collections accessible to the user. - None + if let Some(vec) = query.load::<(bool, bool)>(&**conn).ok() { + let mut read_only = false; + let mut hide_passwords = false; + for (ro, hp) in vec.iter() { + read_only |= ro; + hide_passwords |= hp; } + + Some((read_only, hide_passwords)) + } else { + // This cipher isn't in any collections accessible to the user. + None } } diff --git a/src/db/models/organization.rs b/src/db/models/organization.rs index 2cce7021..42c4cd9b 100644 --- a/src/db/models/organization.rs +++ b/src/db/models/organization.rs @@ -393,8 +393,13 @@ impl UserOrganization { Ok(()) } + pub fn has_status(self, status: UserOrgStatus) -> bool { + self.status == status as i32 + } + pub fn has_full_access(self) -> bool { - self.access_all || self.atype >= UserOrgType::Admin + (self.access_all || self.atype >= UserOrgType::Admin) && + self.has_status(UserOrgStatus::Confirmed) } pub fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option {