bitwarden-server/util/Migrator/DbScripts/2022-09-08_00_CipherMovePermissions.sql

-- Remove check for Edit permission. User should be able to move the cipher to a different folder even if they don't have Edit permissions

ALTER PROCEDURE [dbo].[Cipher_Move]
    @Ids AS [dbo].[GuidIdArray] READONLY,
    @FolderId AS UNIQUEIDENTIFIER,
    @UserId AS UNIQUEIDENTIFIER
AS
BEGIN
    SET NOCOUNT ON

    DECLARE @UserIdKey VARCHAR(50) = CONCAT('"', @UserId, '"')
    DECLARE @UserIdPath VARCHAR(50) = CONCAT('$.', @UserIdKey)

    ;WITH [IdsToMoveCTE] AS (
        SELECT
            [Id]
        FROM
            [dbo].[UserCipherDetails](@UserId)
        WHERE
            [Id] IN (SELECT * FROM @Ids)
    )
    UPDATE
        [dbo].[Cipher]
    SET
        [Folders] = 
            CASE
            WHEN @FolderId IS NOT NULL AND [Folders] IS NULL THEN
                CONCAT('{', @UserIdKey, ':"', @FolderId, '"', '}')
            WHEN @FolderId IS NOT NULL THEN
                JSON_MODIFY([Folders], @UserIdPath, CAST(@FolderId AS VARCHAR(50)))
            ELSE
                JSON_MODIFY([Folders], @UserIdPath, NULL)
            END
    WHERE
        [Id] IN (SELECT * FROM [IdsToMoveCTE])

    EXEC [dbo].[User_BumpAccountRevisionDate] @UserId
END
GO
Ps 976 moving of read only organization collection items to different folder not possible (#2257) * PS-976 - update PutPartial endpoint to return cipher info, update Cipher_Move sproc to allow users to update a cipher's folder even if they don't have edit permissions * PS-976- fix formatting errors * PS-976 - per cr feedback updated EF query to match cipher_move sproc update, and updated cipher tests to align with existing tests 2022-10-25 21:23:49 +02:00			`-- Remove check for Edit permission. User should be able to move the cipher to a different folder even if they don't have Edit permissions`

			`ALTER PROCEDURE [dbo].[Cipher_Move]`
			`@Ids AS [dbo].[GuidIdArray] READONLY,`
			`@FolderId AS UNIQUEIDENTIFIER,`
			`@UserId AS UNIQUEIDENTIFIER`
			`AS`
			`BEGIN`
			`SET NOCOUNT ON`

			`DECLARE @UserIdKey VARCHAR(50) = CONCAT('"', @UserId, '"')`
			`DECLARE @UserIdPath VARCHAR(50) = CONCAT('$.', @UserIdKey)`

			`;WITH [IdsToMoveCTE] AS (`
			`SELECT`
			`[Id]`
			`FROM`
			`[dbo].[UserCipherDetails](@UserId)`
			`WHERE`
			`[Id] IN (SELECT * FROM @Ids)`
			`)`
			`UPDATE`
			`[dbo].[Cipher]`
			`SET`
			`[Folders] =`
			`CASE`
			`WHEN @FolderId IS NOT NULL AND [Folders] IS NULL THEN`
			`CONCAT('{', @UserIdKey, ':"', @FolderId, '"', '}')`
			`WHEN @FolderId IS NOT NULL THEN`
			`JSON_MODIFY([Folders], @UserIdPath, CAST(@FolderId AS VARCHAR(50)))`
			`ELSE`
			`JSON_MODIFY([Folders], @UserIdPath, NULL)`
			`END`
			`WHERE`
			`[Id] IN (SELECT * FROM [IdsToMoveCTE])`

			`EXEC [dbo].[User_BumpAccountRevisionDate] @UserId`
			`END`
			`GO`