2018-02-15 00:53:11 +01:00
|
|
|
use chrono::{NaiveDateTime, Utc};
|
2018-10-10 20:40:39 +02:00
|
|
|
use serde_json::Value;
|
2018-02-10 01:00:55 +01:00
|
|
|
|
2018-12-30 23:34:31 +01:00
|
|
|
use super::{
|
2020-08-26 10:27:38 +02:00
|
|
|
Attachment,
|
|
|
|
CollectionCipher,
|
|
|
|
Favorite,
|
|
|
|
FolderCipher,
|
|
|
|
Organization,
|
|
|
|
User,
|
|
|
|
UserOrgStatus,
|
|
|
|
UserOrgType,
|
|
|
|
UserOrganization,
|
2018-12-30 23:34:31 +01:00
|
|
|
};
|
2018-02-15 00:40:34 +01:00
|
|
|
|
2020-08-18 17:15:44 +02:00
|
|
|
db_object! {
|
2021-03-13 22:04:04 +01:00
|
|
|
#[derive(Identifiable, Queryable, Insertable, Associations, AsChangeset)]
|
2020-08-18 17:15:44 +02:00
|
|
|
#[table_name = "ciphers"]
|
|
|
|
#[changeset_options(treat_none_as_null="true")]
|
|
|
|
#[belongs_to(User, foreign_key = "user_uuid")]
|
|
|
|
#[belongs_to(Organization, foreign_key = "organization_uuid")]
|
|
|
|
#[primary_key(uuid)]
|
|
|
|
pub struct Cipher {
|
|
|
|
pub uuid: String,
|
|
|
|
pub created_at: NaiveDateTime,
|
|
|
|
pub updated_at: NaiveDateTime,
|
|
|
|
|
|
|
|
pub user_uuid: Option<String>,
|
|
|
|
pub organization_uuid: Option<String>,
|
|
|
|
|
|
|
|
/*
|
|
|
|
Login = 1,
|
|
|
|
SecureNote = 2,
|
|
|
|
Card = 3,
|
|
|
|
Identity = 4
|
|
|
|
*/
|
|
|
|
pub atype: i32,
|
|
|
|
pub name: String,
|
|
|
|
pub notes: Option<String>,
|
|
|
|
pub fields: Option<String>,
|
|
|
|
|
|
|
|
pub data: String,
|
|
|
|
|
|
|
|
pub password_history: Option<String>,
|
|
|
|
pub deleted_at: Option<NaiveDateTime>,
|
|
|
|
}
|
2018-02-10 01:00:55 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/// Local methods
|
|
|
|
impl Cipher {
|
2019-05-20 21:12:41 +02:00
|
|
|
pub fn new(atype: i32, name: String) -> Self {
|
2018-02-10 01:00:55 +01:00
|
|
|
let now = Utc::now().naive_utc();
|
|
|
|
|
2018-02-15 00:40:34 +01:00
|
|
|
Self {
|
2018-12-07 14:32:40 +01:00
|
|
|
uuid: crate::util::get_uuid(),
|
2018-02-10 01:00:55 +01:00
|
|
|
created_at: now,
|
|
|
|
updated_at: now,
|
|
|
|
|
2018-05-04 19:02:19 +02:00
|
|
|
user_uuid: None,
|
|
|
|
organization_uuid: None,
|
2018-02-10 01:00:55 +01:00
|
|
|
|
2019-05-20 21:12:41 +02:00
|
|
|
atype,
|
2018-03-06 00:02:36 +01:00
|
|
|
name,
|
|
|
|
|
|
|
|
notes: None,
|
|
|
|
fields: None,
|
2018-02-10 01:00:55 +01:00
|
|
|
|
|
|
|
data: String::new(),
|
2018-08-27 23:08:58 +02:00
|
|
|
password_history: None,
|
2020-04-17 22:35:27 +02:00
|
|
|
deleted_at: None,
|
2018-02-10 01:00:55 +01:00
|
|
|
}
|
|
|
|
}
|
2018-02-15 00:40:34 +01:00
|
|
|
}
|
2018-02-10 01:00:55 +01:00
|
|
|
|
2018-12-19 21:52:53 +01:00
|
|
|
use crate::db::DbConn;
|
|
|
|
|
|
|
|
use crate::api::EmptyResult;
|
|
|
|
use crate::error::MapResult;
|
2018-02-15 00:40:34 +01:00
|
|
|
|
|
|
|
/// Database methods
|
|
|
|
impl Cipher {
|
2018-10-10 20:40:39 +02:00
|
|
|
pub fn to_json(&self, host: &str, user_uuid: &str, conn: &DbConn) -> Value {
|
2018-12-19 21:52:53 +01:00
|
|
|
use crate::util::format_date;
|
2018-02-10 01:00:55 +01:00
|
|
|
|
2018-02-15 00:40:34 +01:00
|
|
|
let attachments = Attachment::find_by_cipher(&self.uuid, conn);
|
2021-01-31 21:46:37 +01:00
|
|
|
// When there are no attachments use null instead of an empty array
|
|
|
|
let attachments_json = if attachments.is_empty() {
|
|
|
|
Value::Null
|
|
|
|
} else {
|
|
|
|
attachments.iter().map(|c| c.to_json(host)).collect()
|
|
|
|
};
|
2018-02-10 01:00:55 +01:00
|
|
|
|
2019-06-14 22:51:50 +02:00
|
|
|
let fields_json = self.fields.as_ref().and_then(|s| serde_json::from_str(s).ok()).unwrap_or(Value::Null);
|
|
|
|
let password_history_json = self.password_history.as_ref().and_then(|s| serde_json::from_str(s).ok()).unwrap_or(Value::Null);
|
|
|
|
|
2020-07-03 06:51:20 +02:00
|
|
|
let (read_only, hide_passwords) =
|
2020-08-18 17:15:44 +02:00
|
|
|
match self.get_access_restrictions(&user_uuid, conn) {
|
2020-07-03 06:51:20 +02:00
|
|
|
Some((ro, hp)) => (ro, hp),
|
|
|
|
None => {
|
|
|
|
error!("Cipher ownership assertion failure");
|
|
|
|
(true, true)
|
|
|
|
},
|
|
|
|
};
|
|
|
|
|
2021-01-31 21:46:37 +01:00
|
|
|
// Get the type_data or a default to an empty json object '{}'.
|
|
|
|
// If not passing an empty object, mobile clients will crash.
|
2021-03-27 15:03:46 +01:00
|
|
|
let mut type_data_json: Value = serde_json::from_str(&self.data).unwrap_or_else(|_| json!({}));
|
2021-01-31 21:46:37 +01:00
|
|
|
|
|
|
|
// NOTE: This was marked as *Backwards Compatibilty Code*, but as of January 2021 this is still being used by upstream
|
|
|
|
// Set the first element of the Uris array as Uri, this is needed several (mobile) clients.
|
|
|
|
if self.atype == 1 {
|
|
|
|
if type_data_json["Uris"].is_array() {
|
|
|
|
let uri = type_data_json["Uris"][0]["Uri"].clone();
|
|
|
|
type_data_json["Uri"] = uri;
|
|
|
|
} else {
|
|
|
|
// Upstream always has an Uri key/value
|
|
|
|
type_data_json["Uri"] = Value::Null;
|
|
|
|
}
|
2018-03-06 00:02:36 +01:00
|
|
|
}
|
2021-01-31 21:46:37 +01:00
|
|
|
|
|
|
|
// Clone the type_data and add some default value.
|
|
|
|
let mut data_json = type_data_json.clone();
|
|
|
|
|
|
|
|
// NOTE: This was marked as *Backwards Compatibilty Code*, but as of January 2021 this is still being used by upstream
|
|
|
|
// data_json should always contain the following keys with every atype
|
|
|
|
data_json["Fields"] = json!(fields_json);
|
|
|
|
data_json["Name"] = json!(self.name);
|
|
|
|
data_json["Notes"] = json!(self.notes);
|
|
|
|
data_json["PasswordHistory"] = json!(password_history_json);
|
2018-03-06 00:02:36 +01:00
|
|
|
|
2020-07-03 06:51:20 +02:00
|
|
|
// There are three types of cipher response models in upstream
|
|
|
|
// Bitwarden: "cipherMini", "cipher", and "cipherDetails" (in order
|
|
|
|
// of increasing level of detail). bitwarden_rs currently only
|
|
|
|
// supports the "cipherDetails" type, though it seems like the
|
|
|
|
// Bitwarden clients will ignore extra fields.
|
|
|
|
//
|
|
|
|
// Ref: https://github.com/bitwarden/server/blob/master/src/Core/Models/Api/Response/CipherResponseModel.cs
|
2018-03-06 00:02:36 +01:00
|
|
|
let mut json_object = json!({
|
2020-07-03 06:51:20 +02:00
|
|
|
"Object": "cipherDetails",
|
2018-02-10 01:00:55 +01:00
|
|
|
"Id": self.uuid,
|
2019-05-20 21:12:41 +02:00
|
|
|
"Type": self.atype,
|
2018-02-10 01:00:55 +01:00
|
|
|
"RevisionDate": format_date(&self.updated_at),
|
2020-04-17 22:35:27 +02:00
|
|
|
"DeletedDate": self.deleted_at.map_or(Value::Null, |d| Value::String(format_date(&d))),
|
2020-08-18 17:15:44 +02:00
|
|
|
"FolderId": self.get_folder_uuid(&user_uuid, conn),
|
|
|
|
"Favorite": self.is_favorite(&user_uuid, conn),
|
2018-04-27 13:49:34 +02:00
|
|
|
"OrganizationId": self.organization_uuid,
|
2018-02-15 00:40:34 +01:00
|
|
|
"Attachments": attachments_json,
|
2021-01-31 21:46:37 +01:00
|
|
|
// We have UseTotp set to true by default within the Organization model.
|
|
|
|
// This variable together with UsersGetPremium is used to show or hide the TOTP counter.
|
2018-07-01 15:49:16 +02:00
|
|
|
"OrganizationUseTotp": true,
|
2020-07-03 06:51:20 +02:00
|
|
|
|
|
|
|
// This field is specific to the cipherDetails type.
|
2020-08-18 17:15:44 +02:00
|
|
|
"CollectionIds": self.get_collections(user_uuid, conn),
|
2018-03-06 00:02:36 +01:00
|
|
|
|
|
|
|
"Name": self.name,
|
|
|
|
"Notes": self.notes,
|
|
|
|
"Fields": fields_json,
|
|
|
|
|
2018-02-15 00:40:34 +01:00
|
|
|
"Data": data_json,
|
2018-03-06 00:02:36 +01:00
|
|
|
|
2020-07-03 06:51:20 +02:00
|
|
|
// These values are true by default, but can be false if the
|
|
|
|
// cipher belongs to a collection where the org owner has enabled
|
|
|
|
// the "Read Only" or "Hide Passwords" restrictions for the user.
|
|
|
|
"Edit": !read_only,
|
|
|
|
"ViewPassword": !hide_passwords,
|
2018-08-27 23:08:58 +02:00
|
|
|
|
|
|
|
"PasswordHistory": password_history_json,
|
2021-01-31 21:46:37 +01:00
|
|
|
|
|
|
|
// All Cipher types are included by default as null, but only the matching one will be populated
|
|
|
|
"Login": null,
|
|
|
|
"SecureNote": null,
|
|
|
|
"Card": null,
|
|
|
|
"Identity": null,
|
2018-03-06 00:02:36 +01:00
|
|
|
});
|
|
|
|
|
2019-05-20 21:12:41 +02:00
|
|
|
let key = match self.atype {
|
2018-03-06 00:02:36 +01:00
|
|
|
1 => "Login",
|
|
|
|
2 => "SecureNote",
|
|
|
|
3 => "Card",
|
|
|
|
4 => "Identity",
|
|
|
|
_ => panic!("Wrong type"),
|
|
|
|
};
|
|
|
|
|
2021-01-31 21:46:37 +01:00
|
|
|
json_object[key] = type_data_json;
|
2018-03-06 00:02:36 +01:00
|
|
|
json_object
|
2018-02-10 01:00:55 +01:00
|
|
|
}
|
|
|
|
|
2018-09-01 17:59:13 +02:00
|
|
|
pub fn update_users_revision(&self, conn: &DbConn) -> Vec<String> {
|
|
|
|
let mut user_uuids = Vec::new();
|
2018-08-21 18:31:01 +02:00
|
|
|
match self.user_uuid {
|
2018-09-01 17:59:13 +02:00
|
|
|
Some(ref user_uuid) => {
|
|
|
|
User::update_uuid_revision(&user_uuid, conn);
|
|
|
|
user_uuids.push(user_uuid.clone())
|
2018-12-30 23:34:31 +01:00
|
|
|
}
|
|
|
|
None => {
|
|
|
|
// Belongs to Organization, need to update affected users
|
2018-08-21 18:31:01 +02:00
|
|
|
if let Some(ref org_uuid) = self.organization_uuid {
|
|
|
|
UserOrganization::find_by_cipher_and_org(&self.uuid, &org_uuid, conn)
|
2018-12-30 23:34:31 +01:00
|
|
|
.iter()
|
|
|
|
.for_each(|user_org| {
|
|
|
|
User::update_uuid_revision(&user_org.user_uuid, conn);
|
|
|
|
user_uuids.push(user_org.user_uuid.clone())
|
|
|
|
});
|
2018-08-21 18:31:01 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
};
|
2018-09-01 17:59:13 +02:00
|
|
|
user_uuids
|
2018-08-21 18:31:01 +02:00
|
|
|
}
|
|
|
|
|
2018-12-19 21:52:53 +01:00
|
|
|
pub fn save(&mut self, conn: &DbConn) -> EmptyResult {
|
2018-08-21 18:31:01 +02:00
|
|
|
self.update_users_revision(conn);
|
2018-02-15 01:07:57 +01:00
|
|
|
self.updated_at = Utc::now().naive_utc();
|
2020-09-22 12:13:02 +02:00
|
|
|
|
|
|
|
db_run! { conn:
|
2020-08-18 17:15:44 +02:00
|
|
|
sqlite, mysql {
|
2020-09-22 12:13:02 +02:00
|
|
|
match diesel::replace_into(ciphers::table)
|
2020-08-18 17:15:44 +02:00
|
|
|
.values(CipherDb::to_db(self))
|
|
|
|
.execute(conn)
|
2020-09-22 12:13:02 +02:00
|
|
|
{
|
|
|
|
Ok(_) => Ok(()),
|
|
|
|
// Record already exists and causes a Foreign Key Violation because replace_into() wants to delete the record first.
|
|
|
|
Err(diesel::result::Error::DatabaseError(diesel::result::DatabaseErrorKind::ForeignKeyViolation, _)) => {
|
|
|
|
diesel::update(ciphers::table)
|
|
|
|
.filter(ciphers::uuid.eq(&self.uuid))
|
|
|
|
.set(CipherDb::to_db(self))
|
|
|
|
.execute(conn)
|
|
|
|
.map_res("Error saving cipher")
|
|
|
|
}
|
|
|
|
Err(e) => Err(e.into()),
|
|
|
|
}.map_res("Error saving cipher")
|
|
|
|
}
|
2020-08-18 17:15:44 +02:00
|
|
|
postgresql {
|
|
|
|
let value = CipherDb::to_db(self);
|
|
|
|
diesel::insert_into(ciphers::table)
|
|
|
|
.values(&value)
|
|
|
|
.on_conflict(ciphers::uuid)
|
|
|
|
.do_update()
|
|
|
|
.set(&value)
|
|
|
|
.execute(conn)
|
|
|
|
.map_res("Error saving cipher")
|
|
|
|
}
|
|
|
|
}
|
2018-02-10 01:00:55 +01:00
|
|
|
}
|
|
|
|
|
2018-12-19 21:52:53 +01:00
|
|
|
pub fn delete(&self, conn: &DbConn) -> EmptyResult {
|
2018-08-21 18:31:01 +02:00
|
|
|
self.update_users_revision(conn);
|
|
|
|
|
2020-08-18 17:15:44 +02:00
|
|
|
FolderCipher::delete_all_by_cipher(&self.uuid, conn)?;
|
|
|
|
CollectionCipher::delete_all_by_cipher(&self.uuid, conn)?;
|
|
|
|
Attachment::delete_all_by_cipher(&self.uuid, conn)?;
|
2020-08-26 10:27:38 +02:00
|
|
|
Favorite::delete_all_by_cipher(&self.uuid, conn)?;
|
2018-05-15 18:27:53 +02:00
|
|
|
|
2020-08-18 17:15:44 +02:00
|
|
|
db_run! { conn: {
|
|
|
|
diesel::delete(ciphers::table.filter(ciphers::uuid.eq(&self.uuid)))
|
|
|
|
.execute(conn)
|
|
|
|
.map_res("Error deleting cipher")
|
|
|
|
}}
|
2018-02-10 01:00:55 +01:00
|
|
|
}
|
|
|
|
|
2018-12-19 21:52:53 +01:00
|
|
|
pub fn delete_all_by_organization(org_uuid: &str, conn: &DbConn) -> EmptyResult {
|
2018-05-18 17:52:51 +02:00
|
|
|
for cipher in Self::find_by_org(org_uuid, &conn) {
|
|
|
|
cipher.delete(&conn)?;
|
|
|
|
}
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
|
2018-12-19 21:52:53 +01:00
|
|
|
pub fn delete_all_by_user(user_uuid: &str, conn: &DbConn) -> EmptyResult {
|
2018-10-12 16:20:10 +02:00
|
|
|
for cipher in Self::find_owned_by_user(user_uuid, &conn) {
|
|
|
|
cipher.delete(&conn)?;
|
|
|
|
}
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
|
2018-12-19 21:52:53 +01:00
|
|
|
pub fn move_to_folder(&self, folder_uuid: Option<String>, user_uuid: &str, conn: &DbConn) -> EmptyResult {
|
2020-08-18 17:15:44 +02:00
|
|
|
User::update_uuid_revision(user_uuid, conn);
|
2019-01-28 00:39:14 +01:00
|
|
|
|
2020-08-18 17:15:44 +02:00
|
|
|
match (self.get_folder_uuid(&user_uuid, conn), folder_uuid) {
|
2019-01-28 00:39:14 +01:00
|
|
|
// No changes
|
|
|
|
(None, None) => Ok(()),
|
|
|
|
(Some(ref old), Some(ref new)) if old == new => Ok(()),
|
|
|
|
|
|
|
|
// Add to folder
|
2020-08-18 17:15:44 +02:00
|
|
|
(None, Some(new)) => FolderCipher::new(&new, &self.uuid).save(conn),
|
2019-01-28 00:39:14 +01:00
|
|
|
|
|
|
|
// Remove from folder
|
2020-08-18 17:15:44 +02:00
|
|
|
(Some(old), None) => match FolderCipher::find_by_folder_and_cipher(&old, &self.uuid, conn) {
|
|
|
|
Some(old) => old.delete(conn),
|
2019-01-28 00:39:14 +01:00
|
|
|
None => err!("Couldn't move from previous folder"),
|
|
|
|
},
|
|
|
|
|
|
|
|
// Move to another folder
|
|
|
|
(Some(old), Some(new)) => {
|
2020-08-18 17:15:44 +02:00
|
|
|
if let Some(old) = FolderCipher::find_by_folder_and_cipher(&old, &self.uuid, conn) {
|
|
|
|
old.delete(conn)?;
|
2018-04-30 11:52:15 +02:00
|
|
|
}
|
2020-08-18 17:15:44 +02:00
|
|
|
FolderCipher::new(&new, &self.uuid).save(conn)
|
2018-04-30 11:52:15 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-07-03 06:51:20 +02:00
|
|
|
/// Returns whether this cipher is directly owned by the user.
|
2020-07-03 18:00:33 +02:00
|
|
|
pub fn is_owned_by_user(&self, user_uuid: &str) -> bool {
|
|
|
|
self.user_uuid.is_some() && self.user_uuid.as_ref().unwrap() == user_uuid
|
2018-04-30 11:52:15 +02:00
|
|
|
}
|
|
|
|
|
2020-07-03 06:51:20 +02:00
|
|
|
/// Returns whether this cipher is owned by an org in which the user has full access.
|
|
|
|
pub fn is_in_full_access_org(&self, user_uuid: &str, conn: &DbConn) -> bool {
|
2020-07-03 19:49:10 +02:00
|
|
|
if let Some(ref org_uuid) = self.organization_uuid {
|
2020-08-18 17:15:44 +02:00
|
|
|
if let Some(user_org) = UserOrganization::find_by_user_and_org(&user_uuid, &org_uuid, conn) {
|
2020-07-03 19:49:10 +02:00
|
|
|
return user_org.has_full_access();
|
|
|
|
}
|
2020-07-03 18:00:33 +02:00
|
|
|
}
|
2020-07-03 19:49:10 +02:00
|
|
|
|
|
|
|
false
|
2018-04-30 11:52:15 +02:00
|
|
|
}
|
|
|
|
|
2020-07-03 06:51:20 +02:00
|
|
|
/// Returns the user's access restrictions to this cipher. A return value
|
|
|
|
/// of None means that this cipher does not belong to the user, and is
|
|
|
|
/// not in any collection the user has access to. Otherwise, the user has
|
|
|
|
/// access to this cipher, and Some(read_only, hide_passwords) represents
|
|
|
|
/// the access restrictions.
|
|
|
|
pub fn get_access_restrictions(&self, user_uuid: &str, conn: &DbConn) -> Option<(bool, bool)> {
|
|
|
|
// Check whether this cipher is directly owned by the user, or is in
|
|
|
|
// a collection that the user has full access to. If so, there are no
|
|
|
|
// access restrictions.
|
2020-07-03 18:00:33 +02:00
|
|
|
if self.is_owned_by_user(&user_uuid) || self.is_in_full_access_org(&user_uuid, &conn) {
|
2020-07-03 06:51:20 +02:00
|
|
|
return Some((false, false));
|
|
|
|
}
|
|
|
|
|
2020-08-18 17:15:44 +02:00
|
|
|
db_run! {conn: {
|
|
|
|
// Check whether this cipher is in any collections accessible to the
|
|
|
|
// user. If so, retrieve the access flags for each collection.
|
|
|
|
let query = ciphers::table
|
|
|
|
.filter(ciphers::uuid.eq(&self.uuid))
|
|
|
|
.inner_join(ciphers_collections::table.on(
|
|
|
|
ciphers::uuid.eq(ciphers_collections::cipher_uuid)))
|
|
|
|
.inner_join(users_collections::table.on(
|
|
|
|
ciphers_collections::collection_uuid.eq(users_collections::collection_uuid)
|
|
|
|
.and(users_collections::user_uuid.eq(user_uuid))))
|
|
|
|
.select((users_collections::read_only, users_collections::hide_passwords));
|
|
|
|
|
|
|
|
// There's an edge case where a cipher can be in multiple collections
|
|
|
|
// with inconsistent access flags. For example, a cipher could be in
|
|
|
|
// one collection where the user has read-only access, but also in
|
|
|
|
// another collection where the user has read/write access. To handle
|
|
|
|
// this, we do a boolean OR of all values in each of the `read_only`
|
|
|
|
// and `hide_passwords` columns. This could ideally be done as part
|
|
|
|
// of the query, but Diesel doesn't support a max() or bool_or()
|
|
|
|
// function on booleans and this behavior isn't portable anyway.
|
2020-08-28 22:10:28 +02:00
|
|
|
if let Ok(vec) = query.load::<(bool, bool)>(conn) {
|
2020-08-18 17:15:44 +02:00
|
|
|
let mut read_only = false;
|
|
|
|
let mut hide_passwords = false;
|
|
|
|
for (ro, hp) in vec.iter() {
|
|
|
|
read_only |= ro;
|
|
|
|
hide_passwords |= hp;
|
|
|
|
}
|
2020-07-03 19:49:10 +02:00
|
|
|
|
2020-08-18 17:15:44 +02:00
|
|
|
Some((read_only, hide_passwords))
|
|
|
|
} else {
|
|
|
|
// This cipher isn't in any collections accessible to the user.
|
|
|
|
None
|
|
|
|
}
|
|
|
|
}}
|
2020-07-03 06:51:20 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
pub fn is_write_accessible_to_user(&self, user_uuid: &str, conn: &DbConn) -> bool {
|
|
|
|
match self.get_access_restrictions(&user_uuid, &conn) {
|
|
|
|
Some((read_only, _hide_passwords)) => !read_only,
|
|
|
|
None => false,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn is_accessible_to_user(&self, user_uuid: &str, conn: &DbConn) -> bool {
|
|
|
|
self.get_access_restrictions(&user_uuid, &conn).is_some()
|
|
|
|
}
|
|
|
|
|
2020-08-19 11:16:27 +02:00
|
|
|
// Returns whether this cipher is a favorite of the specified user.
|
|
|
|
pub fn is_favorite(&self, user_uuid: &str, conn: &DbConn) -> bool {
|
2020-08-26 10:27:38 +02:00
|
|
|
Favorite::is_favorite(&self.uuid, user_uuid, conn)
|
2020-08-19 11:16:27 +02:00
|
|
|
}
|
|
|
|
|
2020-08-26 10:27:38 +02:00
|
|
|
// Sets whether this cipher is a favorite of the specified user.
|
2020-08-19 11:16:27 +02:00
|
|
|
pub fn set_favorite(&self, favorite: Option<bool>, user_uuid: &str, conn: &DbConn) -> EmptyResult {
|
2020-08-26 10:27:38 +02:00
|
|
|
match favorite {
|
|
|
|
None => Ok(()), // No change requested.
|
|
|
|
Some(status) => Favorite::set_favorite(status, &self.uuid, user_uuid, conn),
|
2020-08-19 11:16:27 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-04-30 11:52:15 +02:00
|
|
|
pub fn get_folder_uuid(&self, user_uuid: &str, conn: &DbConn) -> Option<String> {
|
2020-08-18 17:15:44 +02:00
|
|
|
db_run! {conn: {
|
|
|
|
folders_ciphers::table
|
|
|
|
.inner_join(folders::table)
|
|
|
|
.filter(folders::user_uuid.eq(&user_uuid))
|
|
|
|
.filter(folders_ciphers::cipher_uuid.eq(&self.uuid))
|
|
|
|
.select(folders_ciphers::folder_uuid)
|
|
|
|
.first::<String>(conn)
|
|
|
|
.ok()
|
|
|
|
}}
|
2018-04-30 11:52:15 +02:00
|
|
|
}
|
|
|
|
|
2018-02-15 00:40:34 +01:00
|
|
|
pub fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option<Self> {
|
2020-08-18 17:15:44 +02:00
|
|
|
db_run! {conn: {
|
|
|
|
ciphers::table
|
|
|
|
.filter(ciphers::uuid.eq(uuid))
|
|
|
|
.first::<CipherDb>(conn)
|
|
|
|
.ok()
|
|
|
|
.from_db()
|
|
|
|
}}
|
2018-02-10 01:00:55 +01:00
|
|
|
}
|
|
|
|
|
2020-09-01 09:49:48 +02:00
|
|
|
// Find all ciphers accessible or visible to the specified user.
|
|
|
|
//
|
|
|
|
// "Accessible" means the user has read access to the cipher, either via
|
|
|
|
// direct ownership or via collection access.
|
|
|
|
//
|
|
|
|
// "Visible" usually means the same as accessible, except when an org
|
|
|
|
// owner/admin sets their account to have access to only selected
|
|
|
|
// collections in the org (presumably because they aren't interested in
|
|
|
|
// the other collections in the org). In this case, if `visible_only` is
|
|
|
|
// true, then the non-interesting ciphers will not be returned. As a
|
|
|
|
// result, those ciphers will not appear in "My Vault" for the org
|
|
|
|
// owner/admin, but they can still be accessed via the org vault view.
|
|
|
|
pub fn find_by_user(user_uuid: &str, visible_only: bool, conn: &DbConn) -> Vec<Self> {
|
2020-08-18 17:15:44 +02:00
|
|
|
db_run! {conn: {
|
2020-09-01 09:49:48 +02:00
|
|
|
let mut query = ciphers::table
|
2020-08-18 17:15:44 +02:00
|
|
|
.left_join(ciphers_collections::table.on(
|
|
|
|
ciphers::uuid.eq(ciphers_collections::cipher_uuid)
|
|
|
|
))
|
2020-09-01 09:49:48 +02:00
|
|
|
.left_join(users_organizations::table.on(
|
|
|
|
ciphers::organization_uuid.eq(users_organizations::org_uuid.nullable())
|
|
|
|
.and(users_organizations::user_uuid.eq(user_uuid))
|
|
|
|
.and(users_organizations::status.eq(UserOrgStatus::Confirmed as i32))
|
|
|
|
))
|
2020-08-18 17:15:44 +02:00
|
|
|
.left_join(users_collections::table.on(
|
|
|
|
ciphers_collections::collection_uuid.eq(users_collections::collection_uuid)
|
2020-09-01 09:49:48 +02:00
|
|
|
// Ensure that users_collections::user_uuid is NULL for unconfirmed users.
|
|
|
|
.and(users_organizations::user_uuid.eq(users_collections::user_uuid))
|
2020-08-18 17:15:44 +02:00
|
|
|
))
|
2020-09-01 09:49:48 +02:00
|
|
|
.filter(ciphers::user_uuid.eq(user_uuid)) // Cipher owner
|
|
|
|
.or_filter(users_organizations::access_all.eq(true)) // access_all in org
|
|
|
|
.or_filter(users_collections::user_uuid.eq(user_uuid)) // Access to collection
|
|
|
|
.into_boxed();
|
|
|
|
|
|
|
|
if !visible_only {
|
|
|
|
query = query.or_filter(
|
|
|
|
users_organizations::atype.le(UserOrgType::Admin as i32) // Org admin/owner
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
query
|
2020-08-18 17:15:44 +02:00
|
|
|
.select(ciphers::all_columns)
|
|
|
|
.distinct()
|
|
|
|
.load::<CipherDb>(conn).expect("Error loading ciphers").from_db()
|
|
|
|
}}
|
2018-05-12 00:53:37 +02:00
|
|
|
}
|
|
|
|
|
2020-09-01 09:49:48 +02:00
|
|
|
// Find all ciphers visible to the specified user.
|
|
|
|
pub fn find_by_user_visible(user_uuid: &str, conn: &DbConn) -> Vec<Self> {
|
|
|
|
Self::find_by_user(user_uuid, true, conn)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Find all ciphers directly owned by the specified user.
|
2018-05-12 00:53:37 +02:00
|
|
|
pub fn find_owned_by_user(user_uuid: &str, conn: &DbConn) -> Vec<Self> {
|
2020-08-18 17:15:44 +02:00
|
|
|
db_run! {conn: {
|
|
|
|
ciphers::table
|
2021-01-31 21:46:37 +01:00
|
|
|
.filter(
|
|
|
|
ciphers::user_uuid.eq(user_uuid)
|
|
|
|
.and(ciphers::organization_uuid.is_null())
|
|
|
|
)
|
2020-08-18 17:15:44 +02:00
|
|
|
.load::<CipherDb>(conn).expect("Error loading ciphers").from_db()
|
|
|
|
}}
|
2018-02-10 01:00:55 +01:00
|
|
|
}
|
2018-02-16 00:32:26 +01:00
|
|
|
|
2020-06-03 17:57:03 +02:00
|
|
|
pub fn count_owned_by_user(user_uuid: &str, conn: &DbConn) -> i64 {
|
2020-08-18 17:15:44 +02:00
|
|
|
db_run! {conn: {
|
|
|
|
ciphers::table
|
|
|
|
.filter(ciphers::user_uuid.eq(user_uuid))
|
|
|
|
.count()
|
|
|
|
.first::<i64>(conn)
|
|
|
|
.ok()
|
|
|
|
.unwrap_or(0)
|
|
|
|
}}
|
2020-05-28 10:42:36 +02:00
|
|
|
}
|
|
|
|
|
2018-04-27 13:49:34 +02:00
|
|
|
pub fn find_by_org(org_uuid: &str, conn: &DbConn) -> Vec<Self> {
|
2020-08-18 17:15:44 +02:00
|
|
|
db_run! {conn: {
|
|
|
|
ciphers::table
|
|
|
|
.filter(ciphers::organization_uuid.eq(org_uuid))
|
|
|
|
.load::<CipherDb>(conn).expect("Error loading ciphers").from_db()
|
|
|
|
}}
|
2018-04-27 13:49:34 +02:00
|
|
|
}
|
|
|
|
|
2020-06-03 20:37:31 +02:00
|
|
|
pub fn count_by_org(org_uuid: &str, conn: &DbConn) -> i64 {
|
2020-08-18 17:15:44 +02:00
|
|
|
db_run! {conn: {
|
|
|
|
ciphers::table
|
|
|
|
.filter(ciphers::organization_uuid.eq(org_uuid))
|
|
|
|
.count()
|
|
|
|
.first::<i64>(conn)
|
|
|
|
.ok()
|
|
|
|
.unwrap_or(0)
|
|
|
|
}}
|
2020-06-03 20:37:31 +02:00
|
|
|
}
|
|
|
|
|
2018-02-16 00:32:26 +01:00
|
|
|
pub fn find_by_folder(folder_uuid: &str, conn: &DbConn) -> Vec<Self> {
|
2020-08-18 17:15:44 +02:00
|
|
|
db_run! {conn: {
|
|
|
|
folders_ciphers::table.inner_join(ciphers::table)
|
|
|
|
.filter(folders_ciphers::folder_uuid.eq(folder_uuid))
|
|
|
|
.select(ciphers::all_columns)
|
|
|
|
.load::<CipherDb>(conn).expect("Error loading ciphers").from_db()
|
|
|
|
}}
|
2018-02-16 00:32:26 +01:00
|
|
|
}
|
2018-05-09 12:55:05 +02:00
|
|
|
|
2018-05-11 15:24:41 +02:00
|
|
|
pub fn get_collections(&self, user_id: &str, conn: &DbConn) -> Vec<String> {
|
2020-08-18 17:15:44 +02:00
|
|
|
db_run! {conn: {
|
|
|
|
ciphers_collections::table
|
|
|
|
.inner_join(collections::table.on(
|
|
|
|
collections::uuid.eq(ciphers_collections::collection_uuid)
|
|
|
|
))
|
|
|
|
.inner_join(users_organizations::table.on(
|
|
|
|
users_organizations::org_uuid.eq(collections::org_uuid).and(
|
|
|
|
users_organizations::user_uuid.eq(user_id)
|
|
|
|
)
|
|
|
|
))
|
|
|
|
.left_join(users_collections::table.on(
|
|
|
|
users_collections::collection_uuid.eq(ciphers_collections::collection_uuid).and(
|
|
|
|
users_collections::user_uuid.eq(user_id)
|
|
|
|
)
|
|
|
|
))
|
|
|
|
.filter(ciphers_collections::cipher_uuid.eq(&self.uuid))
|
|
|
|
.filter(users_collections::user_uuid.eq(user_id).or( // User has access to collection
|
|
|
|
users_organizations::access_all.eq(true).or( // User has access all
|
|
|
|
users_organizations::atype.le(UserOrgType::Admin as i32) // User is admin or owner
|
|
|
|
)
|
|
|
|
))
|
|
|
|
.select(ciphers_collections::collection_uuid)
|
|
|
|
.load::<String>(conn).unwrap_or_default()
|
|
|
|
}}
|
2018-05-09 12:55:05 +02:00
|
|
|
}
|
2018-02-10 01:00:55 +01:00
|
|
|
}
|