limit collection users with accessall to orgid

2025-02-23 03:01:23 +01:00 · 2017-05-04 07:17:01 -04:00 · 2017-05-04 07:17:01 -04:00 · 5b5bd4e099
commit 5b5bd4e099
parent 94fdb72d75
3 changed files with 11 additions and 3 deletions
--- a/src/Core/Models/Data/CollectionUserUserDetails.cs
+++ b/src/Core/Models/Data/CollectionUserUserDetails.cs
@ -6,6 +6,7 @@ namespace Bit.Core.Models.Data
    {
        public Guid? Id { get; set; }
        public Guid OrganizationUserId { get; set; }
+        public Guid? OrganizationId { get; set; }
        public Guid? CollectionId { get; set; }
        public bool AccessAll { get; set; }
        public string Name { get; set; }
--- a/Procedures/CollectionUserUserDetails_ReadByCollectionId.sql
+++ b/Procedures/CollectionUserUserDetails_ReadByCollectionId.sql
@ -4,11 +4,17 @@ AS
 BEGIN
    SET NOCOUNT ON

+    DECLARE @OrganizationId UNIQUEIDENTIFIER = (SELECT [OrganizationId] FROM [dbo].[Collection] WHERE [Id] = @CollectionId)
+
    SELECT
        *
    FROM
        [dbo].[CollectionUserUserDetailsView]
    WHERE
-        [AccessAll] = 1 
-        OR [CollectionId] = @CollectionId
-END
+        [CollectionId] = @CollectionId
+        OR
+        (
+            [OrganizationId] = @OrganizationId
+            AND [AccessAll] = 1
+        )
+END
--- a/src/Sql/dbo/Views/CollectionUserUserDetailsView.sql
+++ b/src/Sql/dbo/Views/CollectionUserUserDetailsView.sql
@ -2,6 +2,7 @@
 AS
 SELECT
    OU.[Id] AS [OrganizationUserId],
+    OU.[OrganizationId],
    OU.[AccessAll],
    CU.[Id],
    CU.[CollectionId],