mirror of
https://github.com/bitwarden/server.git
synced 2024-11-25 12:45:18 +01:00
[AC-2604] Fix aggregation of CollectionGroup permissions (#4097)
* Fix aggregation of CollectionGroup permissions - use MAX on Manage column instead of MIN
This commit is contained in:
parent
98b7866c95
commit
53ed608ba1
@ -340,7 +340,7 @@ public class CollectionRepository : Repository<Core.Entities.Collection, Collect
|
||||
ExternalId = collectionGroup.Key.ExternalId,
|
||||
ReadOnly = Convert.ToBoolean(collectionGroup.Min(c => Convert.ToInt32(c.ReadOnly))),
|
||||
HidePasswords = Convert.ToBoolean(collectionGroup.Min(c => Convert.ToInt32(c.HidePasswords))),
|
||||
Manage = Convert.ToBoolean(collectionGroup.Min(c => Convert.ToInt32(c.Manage))),
|
||||
Manage = Convert.ToBoolean(collectionGroup.Max(c => Convert.ToInt32(c.Manage))),
|
||||
})
|
||||
.ToList();
|
||||
}
|
||||
@ -365,7 +365,7 @@ public class CollectionRepository : Repository<Core.Entities.Collection, Collect
|
||||
ExternalId = collectionGroup.Key.ExternalId,
|
||||
ReadOnly = Convert.ToBoolean(collectionGroup.Min(c => Convert.ToInt32(c.ReadOnly))),
|
||||
HidePasswords = Convert.ToBoolean(collectionGroup.Min(c => Convert.ToInt32(c.HidePasswords))),
|
||||
Manage = Convert.ToBoolean(collectionGroup.Min(c => Convert.ToInt32(c.Manage))),
|
||||
Manage = Convert.ToBoolean(collectionGroup.Max(c => Convert.ToInt32(c.Manage))),
|
||||
}).ToListAsync();
|
||||
}
|
||||
}
|
||||
|
@ -13,7 +13,7 @@ BEGIN
|
||||
ExternalId,
|
||||
MIN([ReadOnly]) AS [ReadOnly],
|
||||
MIN([HidePasswords]) AS [HidePasswords],
|
||||
MIN([Manage]) AS [Manage]
|
||||
MAX([Manage]) AS [Manage]
|
||||
FROM
|
||||
[dbo].[UserCollectionDetails](@UserId)
|
||||
WHERE
|
||||
|
@ -13,7 +13,7 @@ BEGIN
|
||||
ExternalId,
|
||||
MIN([ReadOnly]) AS [ReadOnly],
|
||||
MIN([HidePasswords]) AS [HidePasswords],
|
||||
MIN([Manage]) AS [Manage]
|
||||
MAX([Manage]) AS [Manage]
|
||||
FROM
|
||||
[dbo].[UserCollectionDetails_V2](@UserId)
|
||||
WHERE
|
||||
|
@ -13,7 +13,7 @@ BEGIN
|
||||
ExternalId,
|
||||
MIN([ReadOnly]) AS [ReadOnly],
|
||||
MIN([HidePasswords]) AS [HidePasswords],
|
||||
MIN([Manage]) AS [Manage]
|
||||
MAX([Manage]) AS [Manage]
|
||||
FROM
|
||||
[dbo].[UserCollectionDetails](@UserId)
|
||||
GROUP BY
|
||||
|
@ -13,7 +13,7 @@ BEGIN
|
||||
ExternalId,
|
||||
MIN([ReadOnly]) AS [ReadOnly],
|
||||
MIN([HidePasswords]) AS [HidePasswords],
|
||||
MIN([Manage]) AS [Manage]
|
||||
MAX([Manage]) AS [Manage]
|
||||
FROM
|
||||
[dbo].[UserCollectionDetails_V2](@UserId)
|
||||
GROUP BY
|
||||
|
124
util/Migrator/DbScripts/2024-05-20_00_FixManageAggregation.sql
Normal file
124
util/Migrator/DbScripts/2024-05-20_00_FixManageAggregation.sql
Normal file
@ -0,0 +1,124 @@
|
||||
-- We were aggregating CollectionGroup permissions using MIN([Manage]) instead of MAX.
|
||||
-- If the user is a member of multiple groups with overlapping collection permissions, they should get the most
|
||||
-- generous permissions, not the least. This is consistent with ReadOnly and HidePasswords columns.
|
||||
-- Updating both current and V2 sprocs out of caution and because they still need to be reviewed/cleaned up.
|
||||
|
||||
-- Collection_ReadByIdUserId
|
||||
CREATE OR ALTER PROCEDURE [dbo].[Collection_ReadByIdUserId]
|
||||
@Id UNIQUEIDENTIFIER,
|
||||
@UserId UNIQUEIDENTIFIER
|
||||
AS
|
||||
BEGIN
|
||||
SET NOCOUNT ON
|
||||
SELECT
|
||||
Id,
|
||||
OrganizationId,
|
||||
[Name],
|
||||
CreationDate,
|
||||
RevisionDate,
|
||||
ExternalId,
|
||||
MIN([ReadOnly]) AS [ReadOnly],
|
||||
MIN([HidePasswords]) AS [HidePasswords],
|
||||
MAX([Manage]) AS [Manage]
|
||||
FROM
|
||||
[dbo].[UserCollectionDetails](@UserId)
|
||||
WHERE
|
||||
[Id] = @Id
|
||||
GROUP BY
|
||||
Id,
|
||||
OrganizationId,
|
||||
[Name],
|
||||
CreationDate,
|
||||
RevisionDate,
|
||||
ExternalId
|
||||
END
|
||||
GO;
|
||||
|
||||
-- Collection_ReadByIdUserId_V2
|
||||
CREATE OR ALTER PROCEDURE [dbo].[Collection_ReadByIdUserId_V2]
|
||||
@Id UNIQUEIDENTIFIER,
|
||||
@UserId UNIQUEIDENTIFIER
|
||||
AS
|
||||
BEGIN
|
||||
SET NOCOUNT ON
|
||||
SELECT
|
||||
Id,
|
||||
OrganizationId,
|
||||
[Name],
|
||||
CreationDate,
|
||||
RevisionDate,
|
||||
ExternalId,
|
||||
MIN([ReadOnly]) AS [ReadOnly],
|
||||
MIN([HidePasswords]) AS [HidePasswords],
|
||||
MAX([Manage]) AS [Manage]
|
||||
FROM
|
||||
[dbo].[UserCollectionDetails_V2](@UserId)
|
||||
WHERE
|
||||
[Id] = @Id
|
||||
GROUP BY
|
||||
Id,
|
||||
OrganizationId,
|
||||
[Name],
|
||||
CreationDate,
|
||||
RevisionDate,
|
||||
ExternalId
|
||||
END
|
||||
GO;
|
||||
|
||||
-- Collection_ReadByUserId
|
||||
CREATE OR ALTER PROCEDURE [dbo].[Collection_ReadByUserId]
|
||||
@UserId UNIQUEIDENTIFIER
|
||||
AS
|
||||
BEGIN
|
||||
SET NOCOUNT ON
|
||||
|
||||
SELECT
|
||||
Id,
|
||||
OrganizationId,
|
||||
[Name],
|
||||
CreationDate,
|
||||
RevisionDate,
|
||||
ExternalId,
|
||||
MIN([ReadOnly]) AS [ReadOnly],
|
||||
MIN([HidePasswords]) AS [HidePasswords],
|
||||
MAX([Manage]) AS [Manage]
|
||||
FROM
|
||||
[dbo].[UserCollectionDetails](@UserId)
|
||||
GROUP BY
|
||||
Id,
|
||||
OrganizationId,
|
||||
[Name],
|
||||
CreationDate,
|
||||
RevisionDate,
|
||||
ExternalId
|
||||
END
|
||||
GO;
|
||||
|
||||
-- Collection_ReadByUserId_V2
|
||||
CREATE OR ALTER PROCEDURE [dbo].[Collection_ReadByUserId_V2]
|
||||
@UserId UNIQUEIDENTIFIER
|
||||
AS
|
||||
BEGIN
|
||||
SET NOCOUNT ON
|
||||
|
||||
SELECT
|
||||
Id,
|
||||
OrganizationId,
|
||||
[Name],
|
||||
CreationDate,
|
||||
RevisionDate,
|
||||
ExternalId,
|
||||
MIN([ReadOnly]) AS [ReadOnly],
|
||||
MIN([HidePasswords]) AS [HidePasswords],
|
||||
MAX([Manage]) AS [Manage]
|
||||
FROM
|
||||
[dbo].[UserCollectionDetails_V2](@UserId)
|
||||
GROUP BY
|
||||
Id,
|
||||
OrganizationId,
|
||||
[Name],
|
||||
CreationDate,
|
||||
RevisionDate,
|
||||
ExternalId
|
||||
END
|
||||
GO;
|
Loading…
Reference in New Issue
Block a user