0
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden synced 2024-12-14 09:33:44 +01:00

Fix user invitation

This commit is contained in:
Miroslav Prasil 2018-05-28 17:26:02 +01:00
parent d69d4d0d30
commit 85ecd001a5
2 changed files with 40 additions and 25 deletions

View file

@ -166,10 +166,6 @@ fn post_organization_collections(org_id: String, headers: Headers, data: Json<Ne
collection.save(&conn); collection.save(&conn);
if !org_user.access_all {
CollectionUser::save(&headers.user.uuid, &collection.uuid, false, &conn);
}
Ok(Json(collection.to_json())) Ok(Json(collection.to_json()))
} }
@ -311,7 +307,7 @@ struct InviteData {
#[serde(rename = "type")] #[serde(rename = "type")]
type_: NumberOrString, type_: NumberOrString,
collections: Vec<CollectionData>, collections: Vec<CollectionData>,
accessAll: bool, accessAll: Option<bool>,
} }
#[post("/organizations/<org_id>/users/invite", data = "<data>")] #[post("/organizations/<org_id>/users/invite", data = "<data>")]
@ -346,16 +342,23 @@ fn send_invite(org_id: String, data: Json<InviteData>, headers: Headers, conn: D
None => () None => ()
} }
let mut new_user = UserOrganization::new(user.uuid, org_id.clone()); let mut new_user = UserOrganization::new(user.uuid.clone(), org_id.clone());
let access_all = data.accessAll.unwrap_or(false);
new_user.access_all = data.accessAll; new_user.access_all = access_all;
new_user.type_ = new_type; new_user.type_ = new_type;
// If no accessAll, add the collections received // If no accessAll, add the collections received
if !data.accessAll { if !access_all {
for collection in data.collections.iter() { for col in data.collections.iter() {
// TODO: Check that collection is in org match Collection::find_by_uuid_and_org(&col.id, &org_id, &conn) {
CollectionUser::save(&headers.user.uuid, &collection.id, collection.readOnly, &conn); None => err!("Collection not found in Organization"),
Some(collection) => {
match CollectionUser::save(&user.uuid, &collection.uuid, col.readOnly, &conn) {
Ok(()) => (),
Err(_) => err!("Failed saving collection access for user")
}
}
}
} }
} }
@ -486,9 +489,16 @@ fn edit_user(org_id: String, user_id: String, data: Json<EditUserData>, headers:
// If no accessAll, add the collections received // If no accessAll, add the collections received
if !data.accessAll { if !data.accessAll {
for collection in data.collections.iter() { for col in data.collections.iter() {
// TODO: Check that collection is in org match Collection::find_by_uuid_and_org(&col.id, &org_id, &conn) {
CollectionUser::save(&user_to_edit.user_uuid, &collection.id, collection.readOnly, &conn); None => err!("Collection not found in Organization"),
Some(collection) => {
match CollectionUser::save(&user_to_edit.user_uuid, &collection.uuid, col.readOnly, &conn) {
Ok(()) => (),
Err(_) => err!("Failed saving collection access for user")
}
}
}
} }
} }

View file

@ -102,6 +102,14 @@ impl Collection {
.load::<Self>(&**conn).expect("Error loading collections") .load::<Self>(&**conn).expect("Error loading collections")
} }
pub fn find_by_uuid_and_org(uuid: &str, org_uuid: &str, conn: &DbConn) -> Option<Self> {
collections::table
.filter(collections::uuid.eq(uuid))
.filter(collections::org_uuid.eq(org_uuid))
.select(collections::all_columns)
.first::<Self>(&**conn).ok()
}
pub fn find_by_uuid_and_user(uuid: &str, user_uuid: &str, conn: &DbConn) -> Option<Self> { pub fn find_by_uuid_and_user(uuid: &str, user_uuid: &str, conn: &DbConn) -> Option<Self> {
collections::table collections::table
.left_join(users_collections::table.on( .left_join(users_collections::table.on(
@ -171,16 +179,13 @@ impl CollectionUser {
.load::<Self>(&**conn).expect("Error loading users_collections") .load::<Self>(&**conn).expect("Error loading users_collections")
} }
pub fn save(user_uuid: &str, collection_uuid: &str, read_only:bool, conn: &DbConn) -> bool { pub fn save(user_uuid: &str, collection_uuid: &str, read_only:bool, conn: &DbConn) -> QueryResult<()> {
match diesel::replace_into(users_collections::table) diesel::replace_into(users_collections::table)
.values(( .values((
users_collections::user_uuid.eq(user_uuid), users_collections::user_uuid.eq(user_uuid),
users_collections::collection_uuid.eq(collection_uuid), users_collections::collection_uuid.eq(collection_uuid),
users_collections::read_only.eq(read_only), users_collections::read_only.eq(read_only),
)).execute(&**conn) { )).execute(&**conn).and(Ok(()))
Ok(1) => true, // One row inserted
_ => false,
}
} }
pub fn delete(user_uuid: &str, collection_uuid: &str, conn: &DbConn) -> bool { pub fn delete(user_uuid: &str, collection_uuid: &str, conn: &DbConn) -> bool {