diff options
| author | Stefan Melmuk <[email protected]> | 2024-04-27 22:09:00 +0200 |
|---|---|---|
| committer | GitHub <[email protected]> | 2024-04-27 22:09:00 +0200 |
| commit | 9dcc738f856d818b261507376290c544bf712d47 (patch) | |
| tree | dc634427b1e8feeb3912d8c5578215ff93115030 /src/auth.rs | |
| parent | 84a7c7da5dc838a4e5b35695fa3fade4c6b84c37 (diff) | |
| download | vaultwarden-9dcc738f856d818b261507376290c544bf712d47.tar.gz vaultwarden-9dcc738f856d818b261507376290c544bf712d47.zip | |
improve access to collections via groups (#4441)
* refactor get_org_collections_details
* improve access to collection check
* fix get_org_collection_detail too
Diffstat (limited to 'src/auth.rs')
| -rw-r--r-- | src/auth.rs | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/src/auth.rs b/src/auth.rs index 3f92be76..f05eba65 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -689,7 +689,7 @@ impl<'r> FromRequest<'r> for ManagerHeaders { _ => err_handler!("Error getting DB"), }; - if !can_access_collection(&headers.org_user, &col_id, &mut conn).await { + if !Collection::can_access_collection(&headers.org_user, &col_id, &mut conn).await { err_handler!("The current user isn't a manager for this collection") } } @@ -762,10 +762,6 @@ impl From<ManagerHeadersLoose> for Headers { } } } -async fn can_access_collection(org_user: &UserOrganization, col_id: &str, conn: &mut DbConn) -> bool { - org_user.has_full_access() - || Collection::has_access_by_collection_and_user_uuid(col_id, &org_user.user_uuid, conn).await -} impl ManagerHeaders { pub async fn from_loose( @@ -777,7 +773,7 @@ impl ManagerHeaders { if uuid::Uuid::parse_str(col_id).is_err() { err!("Collection Id is malformed!"); } - if !can_access_collection(&h.org_user, col_id, conn).await { + if !Collection::can_access_collection(&h.org_user, col_id, conn).await { err!("You don't have access to all collections!"); } } |