mirror of
https://github.com/bitwarden/server.git
synced 2024-11-25 12:45:18 +01:00
limit collection scope option when creating cipher
This commit is contained in:
parent
6641d884f5
commit
0b166a080e
@ -143,7 +143,7 @@ namespace Bit.Api.Controllers
|
||||
}
|
||||
|
||||
var userId = _userService.GetProperUserId(User).Value;
|
||||
await _cipherService.SaveAsync(cipher, userId, model.CollectionIds, true);
|
||||
await _cipherService.SaveAsync(cipher, userId, model.CollectionIds, true, false);
|
||||
|
||||
var response = new CipherMiniResponseModel(cipher, _globalSettings, false);
|
||||
return response;
|
||||
@ -188,7 +188,7 @@ namespace Bit.Api.Controllers
|
||||
|
||||
// object cannot be a descendant of CipherDetails, so let's clone it.
|
||||
var cipherClone = CoreHelpers.CloneObject(model.ToCipher(cipher));
|
||||
await _cipherService.SaveAsync(cipherClone, userId, null, true);
|
||||
await _cipherService.SaveAsync(cipherClone, userId, null, true, false);
|
||||
|
||||
var response = new CipherMiniResponseModel(cipherClone, _globalSettings, cipher.OrganizationUseTotp);
|
||||
return response;
|
||||
|
@ -9,11 +9,14 @@ namespace Bit.Core.Services
|
||||
{
|
||||
public interface ICipherService
|
||||
{
|
||||
Task SaveAsync(Cipher cipher, Guid savingUserId, IEnumerable<Guid> collectionIds = null, bool skipPermissionCheck = false);
|
||||
Task SaveDetailsAsync(CipherDetails cipher, Guid savingUserId, IEnumerable<Guid> collectionIds = null, bool skipPermissionCheck = false);
|
||||
Task SaveAsync(Cipher cipher, Guid savingUserId, IEnumerable<Guid> collectionIds = null,
|
||||
bool skipPermissionCheck = false, bool limitCollectionScope = true);
|
||||
Task SaveDetailsAsync(CipherDetails cipher, Guid savingUserId, IEnumerable<Guid> collectionIds = null,
|
||||
bool skipPermissionCheck = false);
|
||||
Task CreateAttachmentAsync(Cipher cipher, Stream stream, string fileName, long requestLength, Guid savingUserId,
|
||||
bool orgAdmin = false);
|
||||
Task CreateAttachmentShareAsync(Cipher cipher, Stream stream, string fileName, long requestLength, string attachmentId,
|
||||
Task CreateAttachmentShareAsync(Cipher cipher, Stream stream, string fileName, long requestLength,
|
||||
string attachmentId,
|
||||
Guid organizationShareId);
|
||||
Task DeleteAsync(Cipher cipher, Guid deletingUserId, bool orgAdmin = false);
|
||||
Task DeleteManyAsync(IEnumerable<Guid> cipherIds, Guid deletingUserId);
|
||||
@ -22,8 +25,10 @@ namespace Bit.Core.Services
|
||||
Task MoveManyAsync(IEnumerable<Guid> cipherIds, Guid? destinationFolderId, Guid movingUserId);
|
||||
Task SaveFolderAsync(Folder folder);
|
||||
Task DeleteFolderAsync(Folder folder);
|
||||
Task ShareAsync(Cipher originalCipher, Cipher cipher, Guid organizationId, IEnumerable<Guid> collectionIds, Guid userId);
|
||||
Task ShareManyAsync(IEnumerable<Cipher> ciphers, Guid organizationId, IEnumerable<Guid> collectionIds, Guid sharingUserId);
|
||||
Task ShareAsync(Cipher originalCipher, Cipher cipher, Guid organizationId, IEnumerable<Guid> collectionIds,
|
||||
Guid userId);
|
||||
Task ShareManyAsync(IEnumerable<Cipher> ciphers, Guid organizationId, IEnumerable<Guid> collectionIds,
|
||||
Guid sharingUserId);
|
||||
Task SaveCollectionsAsync(Cipher cipher, IEnumerable<Guid> collectionIds, Guid savingUserId, bool orgAdmin);
|
||||
Task ImportCiphersAsync(List<Folder> folders, List<CipherDetails> ciphers,
|
||||
IEnumerable<KeyValuePair<int, int>> folderRelationships);
|
||||
|
@ -56,7 +56,7 @@ namespace Bit.Core.Services
|
||||
}
|
||||
|
||||
public async Task SaveAsync(Cipher cipher, Guid savingUserId, IEnumerable<Guid> collectionIds = null,
|
||||
bool skipPermissionCheck = false)
|
||||
bool skipPermissionCheck = false, bool limitCollectionScope = true)
|
||||
{
|
||||
if(!skipPermissionCheck && !(await UserCanEditAsync(cipher, savingUserId)))
|
||||
{
|
||||
@ -67,8 +67,11 @@ namespace Bit.Core.Services
|
||||
{
|
||||
if(cipher.OrganizationId.HasValue && collectionIds != null)
|
||||
{
|
||||
// Set user ID to limit scope of collection ids in the create sproc
|
||||
cipher.UserId = savingUserId;
|
||||
if(limitCollectionScope)
|
||||
{
|
||||
// Set user ID to limit scope of collection ids in the create sproc
|
||||
cipher.UserId = savingUserId;
|
||||
}
|
||||
await _cipherRepository.CreateAsync(cipher, collectionIds);
|
||||
}
|
||||
else
|
||||
|
@ -16,33 +16,46 @@ BEGIN
|
||||
[Id] UNIQUEIDENTIFIER
|
||||
)
|
||||
|
||||
INSERT INTO #AvailableCollections
|
||||
SELECT
|
||||
C.[Id]
|
||||
FROM
|
||||
[dbo].[Collection] C
|
||||
INNER JOIN
|
||||
[Organization] O ON O.[Id] = C.[OrganizationId]
|
||||
INNER JOIN
|
||||
[dbo].[OrganizationUser] OU ON OU.[OrganizationId] = O.[Id] AND OU.[UserId] = @UserId
|
||||
LEFT JOIN
|
||||
[dbo].[CollectionUser] CU ON OU.[AccessAll] = 0 AND CU.[CollectionId] = C.[Id] AND CU.[OrganizationUserId] = OU.[Id]
|
||||
LEFT JOIN
|
||||
[dbo].[GroupUser] GU ON CU.[CollectionId] IS NULL AND OU.[AccessAll] = 0 AND GU.[OrganizationUserId] = OU.[Id]
|
||||
LEFT JOIN
|
||||
[dbo].[Group] G ON G.[Id] = GU.[GroupId]
|
||||
LEFT JOIN
|
||||
[dbo].[CollectionGroup] CG ON G.[AccessAll] = 0 AND CG.[CollectionId] = C.[Id] AND CG.[GroupId] = GU.[GroupId]
|
||||
WHERE
|
||||
O.[Id] = @OrganizationId
|
||||
AND O.[Enabled] = 1
|
||||
AND OU.[Status] = 2 -- Confirmed
|
||||
AND (
|
||||
OU.[AccessAll] = 1
|
||||
OR CU.[ReadOnly] = 0
|
||||
OR G.[AccessAll] = 1
|
||||
OR CG.[ReadOnly] = 0
|
||||
)
|
||||
IF @UserId IS NULL
|
||||
BEGIN
|
||||
INSERT INTO #AvailableCollections
|
||||
SELECT
|
||||
[Id]
|
||||
FROM
|
||||
[dbo].[Collection]
|
||||
WHERE
|
||||
[Id] = @OrganizationId
|
||||
END
|
||||
ELSE
|
||||
BEGIN
|
||||
INSERT INTO #AvailableCollections
|
||||
SELECT
|
||||
C.[Id]
|
||||
FROM
|
||||
[dbo].[Collection] C
|
||||
INNER JOIN
|
||||
[Organization] O ON O.[Id] = C.[OrganizationId]
|
||||
INNER JOIN
|
||||
[dbo].[OrganizationUser] OU ON OU.[OrganizationId] = O.[Id] AND OU.[UserId] = @UserId
|
||||
LEFT JOIN
|
||||
[dbo].[CollectionUser] CU ON OU.[AccessAll] = 0 AND CU.[CollectionId] = C.[Id] AND CU.[OrganizationUserId] = OU.[Id]
|
||||
LEFT JOIN
|
||||
[dbo].[GroupUser] GU ON CU.[CollectionId] IS NULL AND OU.[AccessAll] = 0 AND GU.[OrganizationUserId] = OU.[Id]
|
||||
LEFT JOIN
|
||||
[dbo].[Group] G ON G.[Id] = GU.[GroupId]
|
||||
LEFT JOIN
|
||||
[dbo].[CollectionGroup] CG ON G.[AccessAll] = 0 AND CG.[CollectionId] = C.[Id] AND CG.[GroupId] = GU.[GroupId]
|
||||
WHERE
|
||||
O.[Id] = @OrganizationId
|
||||
AND O.[Enabled] = 1
|
||||
AND OU.[Status] = 2 -- Confirmed
|
||||
AND (
|
||||
OU.[AccessAll] = 1
|
||||
OR CU.[ReadOnly] = 0
|
||||
OR G.[AccessAll] = 1
|
||||
OR CG.[ReadOnly] = 0
|
||||
)
|
||||
END
|
||||
|
||||
IF (SELECT COUNT(1) FROM #AvailableCollections) < 1
|
||||
BEGIN
|
||||
|
@ -255,33 +255,46 @@ BEGIN
|
||||
[Id] UNIQUEIDENTIFIER
|
||||
)
|
||||
|
||||
INSERT INTO #AvailableCollections
|
||||
SELECT
|
||||
C.[Id]
|
||||
FROM
|
||||
[dbo].[Collection] C
|
||||
INNER JOIN
|
||||
[Organization] O ON O.[Id] = C.[OrganizationId]
|
||||
INNER JOIN
|
||||
[dbo].[OrganizationUser] OU ON OU.[OrganizationId] = O.[Id] AND OU.[UserId] = @UserId
|
||||
LEFT JOIN
|
||||
[dbo].[CollectionUser] CU ON OU.[AccessAll] = 0 AND CU.[CollectionId] = C.[Id] AND CU.[OrganizationUserId] = OU.[Id]
|
||||
LEFT JOIN
|
||||
[dbo].[GroupUser] GU ON CU.[CollectionId] IS NULL AND OU.[AccessAll] = 0 AND GU.[OrganizationUserId] = OU.[Id]
|
||||
LEFT JOIN
|
||||
[dbo].[Group] G ON G.[Id] = GU.[GroupId]
|
||||
LEFT JOIN
|
||||
[dbo].[CollectionGroup] CG ON G.[AccessAll] = 0 AND CG.[CollectionId] = C.[Id] AND CG.[GroupId] = GU.[GroupId]
|
||||
WHERE
|
||||
O.[Id] = @OrganizationId
|
||||
AND O.[Enabled] = 1
|
||||
AND OU.[Status] = 2 -- Confirmed
|
||||
AND (
|
||||
OU.[AccessAll] = 1
|
||||
OR CU.[ReadOnly] = 0
|
||||
OR G.[AccessAll] = 1
|
||||
OR CG.[ReadOnly] = 0
|
||||
)
|
||||
IF @UserId IS NULL
|
||||
BEGIN
|
||||
INSERT INTO #AvailableCollections
|
||||
SELECT
|
||||
[Id]
|
||||
FROM
|
||||
[dbo].[Collection]
|
||||
WHERE
|
||||
[Id] = @OrganizationId
|
||||
END
|
||||
ELSE
|
||||
BEGIN
|
||||
INSERT INTO #AvailableCollections
|
||||
SELECT
|
||||
C.[Id]
|
||||
FROM
|
||||
[dbo].[Collection] C
|
||||
INNER JOIN
|
||||
[Organization] O ON O.[Id] = C.[OrganizationId]
|
||||
INNER JOIN
|
||||
[dbo].[OrganizationUser] OU ON OU.[OrganizationId] = O.[Id] AND OU.[UserId] = @UserId
|
||||
LEFT JOIN
|
||||
[dbo].[CollectionUser] CU ON OU.[AccessAll] = 0 AND CU.[CollectionId] = C.[Id] AND CU.[OrganizationUserId] = OU.[Id]
|
||||
LEFT JOIN
|
||||
[dbo].[GroupUser] GU ON CU.[CollectionId] IS NULL AND OU.[AccessAll] = 0 AND GU.[OrganizationUserId] = OU.[Id]
|
||||
LEFT JOIN
|
||||
[dbo].[Group] G ON G.[Id] = GU.[GroupId]
|
||||
LEFT JOIN
|
||||
[dbo].[CollectionGroup] CG ON G.[AccessAll] = 0 AND CG.[CollectionId] = C.[Id] AND CG.[GroupId] = GU.[GroupId]
|
||||
WHERE
|
||||
O.[Id] = @OrganizationId
|
||||
AND O.[Enabled] = 1
|
||||
AND OU.[Status] = 2 -- Confirmed
|
||||
AND (
|
||||
OU.[AccessAll] = 1
|
||||
OR CU.[ReadOnly] = 0
|
||||
OR G.[AccessAll] = 1
|
||||
OR CG.[ReadOnly] = 0
|
||||
)
|
||||
END
|
||||
|
||||
IF (SELECT COUNT(1) FROM #AvailableCollections) < 1
|
||||
BEGIN
|
||||
|
Loading…
Reference in New Issue
Block a user