diff options
author | Matlink <[email protected]> | 2024-01-01 15:46:03 +0100 |
---|---|---|
committer | GitHub <[email protected]> | 2024-01-01 15:46:03 +0100 |
commit | a641b48884bd66fc8cac4476a69d7f93bf48f2c4 (patch) | |
tree | 97f6a4ee2e3bd36e266ba255eabf2df01642302c | |
parent | 98b2178c7d314a0c4f8d85bf4f5396c7704bc88d (diff) | |
download | vaultwarden-a641b48884bd66fc8cac4476a69d7f93bf48f2c4.tar.gz vaultwarden-a641b48884bd66fc8cac4476a69d7f93bf48f2c4.zip |
Fix #3413: push to users accessing the collections using groups (#3757)
* Fix #3413: push to users acessing the collections using groups
* Notify groups only when enabled
-rw-r--r-- | src/db/models/cipher.rs | 11 | ||||
-rw-r--r-- | src/db/models/organization.rs | 26 |
2 files changed, 36 insertions, 1 deletions
diff --git a/src/db/models/cipher.rs b/src/db/models/cipher.rs index bd3531a0..ec5c5d6a 100644 --- a/src/db/models/cipher.rs +++ b/src/db/models/cipher.rs @@ -273,7 +273,16 @@ impl Cipher { None => { // Belongs to Organization, need to update affected users if let Some(ref org_uuid) = self.organization_uuid { - for user_org in UserOrganization::find_by_cipher_and_org(&self.uuid, org_uuid, conn).await.iter() { + // users having access to the collection + let mut collection_users = + UserOrganization::find_by_cipher_and_org(&self.uuid, org_uuid, conn).await; + if CONFIG.org_groups_enabled() { + // members of a group having access to the collection + let group_users = + UserOrganization::find_by_cipher_and_org_with_group(&self.uuid, org_uuid, conn).await; + collection_users.extend(group_users); + } + for user_org in collection_users { User::update_uuid_revision(&user_org.user_uuid, conn).await; user_uuids.push(user_org.user_uuid.clone()) } diff --git a/src/db/models/organization.rs b/src/db/models/organization.rs index 9c908193..d78ac07c 100644 --- a/src/db/models/organization.rs +++ b/src/db/models/organization.rs @@ -768,6 +768,32 @@ impl UserOrganization { }} } + pub async fn find_by_cipher_and_org_with_group(cipher_uuid: &str, org_uuid: &str, conn: &mut DbConn) -> Vec<Self> { + db_run! { conn: { + users_organizations::table + .filter(users_organizations::org_uuid.eq(org_uuid)) + .inner_join(groups_users::table.on( + groups_users::users_organizations_uuid.eq(users_organizations::uuid) + )) + .left_join(collections_groups::table.on( + collections_groups::groups_uuid.eq(groups_users::groups_uuid) + )) + .left_join(groups::table.on(groups::uuid.eq(groups_users::groups_uuid))) + .left_join(ciphers_collections::table.on( + ciphers_collections::collection_uuid.eq(collections_groups::collections_uuid).and(ciphers_collections::cipher_uuid.eq(&cipher_uuid)) + + )) + .filter( + groups::access_all.eq(true).or( // AccessAll via groups + ciphers_collections::cipher_uuid.eq(&cipher_uuid) // ..or access to collection via group + ) + ) + .select(users_organizations::all_columns) + .distinct() + .load::<UserOrganizationDb>(conn).expect("Error loading user organizations with groups").from_db() + }} + } + pub async fn user_has_ge_admin_access_to_cipher(user_uuid: &str, cipher_uuid: &str, conn: &mut DbConn) -> bool { db_run! { conn: { users_organizations::table |