mirror of
https://github.com/dani-garcia/vaultwarden
synced 2024-12-14 17:43:46 +01:00
Check properly the user membership in Organization
This commit is contained in:
parent
049aa33f17
commit
db111ae2a0
1 changed files with 6 additions and 14 deletions
|
@ -217,7 +217,7 @@ fn delete_organization_collection_user(org_id: String, col_id: String, org_user_
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
match UserOrganization::find_by_uuid(&org_user_id, &conn) {
|
match UserOrganization::find_by_uuid_and_org(&org_user_id, &org_id, &conn) {
|
||||||
None => err!("User not found in organization"),
|
None => err!("User not found in organization"),
|
||||||
Some(user_org) => {
|
Some(user_org) => {
|
||||||
match CollectionUser::find_by_collection_and_user(&collection.uuid, &user_org.user_uuid, &conn) {
|
match CollectionUser::find_by_collection_and_user(&collection.uuid, &user_org.user_uuid, &conn) {
|
||||||
|
@ -412,15 +412,11 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
|
||||||
fn confirm_invite(org_id: String, org_user_id: String, data: JsonUpcase<Value>, headers: AdminHeaders, conn: DbConn) -> EmptyResult {
|
fn confirm_invite(org_id: String, org_user_id: String, data: JsonUpcase<Value>, headers: AdminHeaders, conn: DbConn) -> EmptyResult {
|
||||||
let data = data.into_inner().data;
|
let data = data.into_inner().data;
|
||||||
|
|
||||||
let mut user_to_confirm = match UserOrganization::find_by_uuid(&org_user_id, &conn) {
|
let mut user_to_confirm = match UserOrganization::find_by_uuid_and_org(&org_user_id, &org_id, &conn) {
|
||||||
Some(user) => user,
|
Some(user) => user,
|
||||||
None => err!("Failed to find user membership")
|
None => err!("The specified user isn't a member of the organization")
|
||||||
};
|
};
|
||||||
|
|
||||||
if user_to_confirm.org_uuid != org_id {
|
|
||||||
err!("The specified user isn't a member of the organization")
|
|
||||||
}
|
|
||||||
|
|
||||||
if user_to_confirm.type_ != UserOrgType::User as i32 &&
|
if user_to_confirm.type_ != UserOrgType::User as i32 &&
|
||||||
headers.org_user_type != UserOrgType::Owner as i32 {
|
headers.org_user_type != UserOrgType::Owner as i32 {
|
||||||
err!("Only Owners can confirm Admins or Owners")
|
err!("Only Owners can confirm Admins or Owners")
|
||||||
|
@ -443,15 +439,11 @@ fn confirm_invite(org_id: String, org_user_id: String, data: JsonUpcase<Value>,
|
||||||
|
|
||||||
#[get("/organizations/<org_id>/users/<org_user_id>")]
|
#[get("/organizations/<org_id>/users/<org_user_id>")]
|
||||||
fn get_user(org_id: String, org_user_id: String, _headers: AdminHeaders, conn: DbConn) -> JsonResult {
|
fn get_user(org_id: String, org_user_id: String, _headers: AdminHeaders, conn: DbConn) -> JsonResult {
|
||||||
let user = match UserOrganization::find_by_uuid(&org_user_id, &conn) {
|
let user = match UserOrganization::find_by_uuid_and_org(&org_user_id, &org_id, &conn) {
|
||||||
Some(user) => user,
|
Some(user) => user,
|
||||||
None => err!("Failed to find user membership")
|
None => err!("The specified user isn't a member of the organization")
|
||||||
};
|
};
|
||||||
|
|
||||||
if user.org_uuid != org_id {
|
|
||||||
err!("The specified user isn't a member of the organization")
|
|
||||||
}
|
|
||||||
|
|
||||||
Ok(Json(user.to_json_details(&conn)))
|
Ok(Json(user.to_json_details(&conn)))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -540,7 +532,7 @@ fn edit_user(org_id: String, org_user_id: String, data: JsonUpcase<EditUserData>
|
||||||
|
|
||||||
#[delete("/organizations/<org_id>/users/<org_user_id>")]
|
#[delete("/organizations/<org_id>/users/<org_user_id>")]
|
||||||
fn delete_user(org_id: String, org_user_id: String, headers: AdminHeaders, conn: DbConn) -> EmptyResult {
|
fn delete_user(org_id: String, org_user_id: String, headers: AdminHeaders, conn: DbConn) -> EmptyResult {
|
||||||
let user_to_delete = match UserOrganization::find_by_uuid(&org_user_id, &conn) {
|
let user_to_delete = match UserOrganization::find_by_uuid_and_org(&org_user_id, &org_id, &conn) {
|
||||||
Some(user) => user,
|
Some(user) => user,
|
||||||
None => err!("User to delete isn't member of the organization")
|
None => err!("User to delete isn't member of the organization")
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue