Fix conflicting group permissions (#1473)

* Return collection with highest permission levels * Revert "Return collection with highest permission levels" This reverts commit 06e0f3b73e. * Combine duplicate collectionDetails * Update EF to combine duplicate CollectionDetails * Delete unneeded using statements
2024-11-25 12:45:18 +01:00 · 2021-08-02 11:49:27 +10:00 · 2021-08-02 11:49:27 +10:00 · 8d2b36d187
commit 8d2b36d187
parent 28df4fddb7
7 changed files with 161 additions and 17 deletions
--- a/src/Core/Repositories/EntityFramework/CollectionRepository.cs
+++ b/src/Core/Repositories/EntityFramework/CollectionRepository.cs
@ -70,8 +70,8 @@ namespace Bit.Core.Repositories.EntityFramework
            using (var scope = ServiceScopeFactory.CreateScope())
            {
                var dbContext = GetDatabaseContext(scope);
-                var query = new UserCollectionDetailsQuery(userId);
-                var collection = await query.Run(dbContext).FirstOrDefaultAsync();
+                var query = new CollectionReadByIdUserId(id, userId).Run(dbContext);
+                var collection = await query.FirstOrDefaultAsync();
                return collection;
            }
        }
@ -138,9 +138,9 @@ namespace Bit.Core.Repositories.EntityFramework
            using (var scope = ServiceScopeFactory.CreateScope())
            {
                var dbContext = GetDatabaseContext(scope);
-                var query = new UserCollectionDetailsQuery(userId).Run(dbContext);
-                var data = await query.ToListAsync();
-                return data.GroupBy(c => c.Id).Select(c => c.First()).ToList();
+                var query = new CollectionReadByUserId(userId).Run(dbContext);
+                var collections = await query.ToListAsync();
+                return collections;
            }
        }

--- a/src/Core/Repositories/EntityFramework/Queries/CollectionReadByIdUserId.cs
+++ b/src/Core/Repositories/EntityFramework/Queries/CollectionReadByIdUserId.cs
@ -0,0 +1,22 @@
+using System.Linq;
+using System;
+using Bit.Core.Models.Data;
+
+namespace Bit.Core.Repositories.EntityFramework.Queries
+{
+    public class CollectionReadByIdUserId : CollectionReadByUserId
+    {
+        private readonly Guid _id;
+
+        public CollectionReadByIdUserId(Guid id, Guid userId) : base(userId)
+        {
+            _id = id;
+        }
+
+        public override IQueryable<CollectionDetails> Run(DatabaseContext dbContext)
+        {
+            var query = base.Run(dbContext);
+            return query.Where(c => c.Id == _id);
+        }
+    }
+}
--- a/src/Core/Repositories/EntityFramework/Queries/CollectionReadByUserId.cs
+++ b/src/Core/Repositories/EntityFramework/Queries/CollectionReadByUserId.cs
@ -0,0 +1,34 @@
+using System.Linq;
+using System;
+using Bit.Core.Models.Data;
+
+namespace Bit.Core.Repositories.EntityFramework.Queries
+{
+    public class CollectionReadByUserId : UserCollectionDetailsQuery
+    {
+        private readonly Guid _userId;
+
+        public CollectionReadByUserId(Guid userId) : base(userId)
+        {
+            _userId = userId;
+        }
+
+        public override IQueryable<CollectionDetails> Run(DatabaseContext dbContext)
+        {
+            var query = base.Run(dbContext);
+            return query
+                .GroupBy(c => c.Id)
+                .Select(g => new CollectionDetails
+                {
+                    Id = g.Key,
+                    OrganizationId = g.FirstOrDefault().OrganizationId,
+                    Name = g.FirstOrDefault().Name,
+                    ExternalId = g.FirstOrDefault().ExternalId,
+                    CreationDate = g.FirstOrDefault().CreationDate,
+                    RevisionDate = g.FirstOrDefault().RevisionDate,
+                    ReadOnly = g.Min(c => c.ReadOnly),
+                    HidePasswords = g.Min(c => c.HidePasswords)
+                });
+        }
+    }
+}
--- a/src/Core/Repositories/SqlServer/CollectionRepository.cs
+++ b/src/Core/Repositories/SqlServer/CollectionRepository.cs
@ -104,11 +104,7 @@ namespace Bit.Core.Repositories.SqlServer
                    new { UserId = userId },
                    commandType: CommandType.StoredProcedure);

-                // Return distinct Id results.
-                return results
-                    .GroupBy(c => c.Id)
-                    .Select(c => c.First())
-                    .ToList();
+                return results.ToList();
            }
        }

--- a/Procedures/Collection_ReadByIdUserId.sql
+++ b/Procedures/Collection_ReadByIdUserId.sql
@ -4,12 +4,24 @@
 AS
 BEGIN
    SET NOCOUNT ON
-    SELECT TOP 1
-        *
+    SELECT
+        Id,
+        OrganizationId,
+        [Name],
+        CreationDate,
+        RevisionDate,
+        ExternalId,
+        MIN([ReadOnly]) AS [ReadOnly],
+        MIN([HidePasswords]) AS [HidePasswords]
    FROM
        [dbo].[UserCollectionDetails](@UserId)
    WHERE
        [Id] = @Id
-    ORDER BY
-        [ReadOnly] ASC
-END
+    GROUP BY
+        Id,
+        OrganizationId,
+        [Name],
+        CreationDate,
+        RevisionDate,
+        ExternalId
+END
--- a/Procedures/Collection_ReadByUserId.sql
+++ b/Procedures/Collection_ReadByUserId.sql
@ -5,7 +5,21 @@ BEGIN
    SET NOCOUNT ON

    SELECT
-        *
+        Id,
+        OrganizationId,
+        [Name],
+        CreationDate,
+        RevisionDate,
+        ExternalId,
+        MIN([ReadOnly]) AS [ReadOnly],
+        MIN([HidePasswords]) AS [HidePasswords]
    FROM
        [dbo].[UserCollectionDetails](@UserId)
-END
+    GROUP BY
+        Id,
+        OrganizationId,
+        [Name],
+        CreationDate,
+        RevisionDate,
+        ExternalId
+END
--- a/util/Migrator/DbScripts/2021-07-22_00_FixCollectionReadBy.sql
+++ b/util/Migrator/DbScripts/2021-07-22_00_FixCollectionReadBy.sql
@ -0,0 +1,66 @@
+IF OBJECT_ID('[dbo].[Collection_ReadByUserId]') IS NOT NULL
+BEGIN
+    DROP PROCEDURE [dbo].[Collection_ReadByUserId]
+END
+GO
+
+CREATE PROCEDURE [dbo].[Collection_ReadByUserId]
+    @UserId UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        Id,
+        OrganizationId,
+        [Name],
+        CreationDate,
+        RevisionDate,
+        ExternalId,
+        MIN([ReadOnly]) AS [ReadOnly],
+        MIN([HidePasswords]) AS [HidePasswords]
+    FROM
+        [dbo].[UserCollectionDetails](@UserId)
+    GROUP BY
+        Id,
+        OrganizationId,
+        [Name],
+        CreationDate,
+        RevisionDate,
+        ExternalId
+END
+GO
+
+IF OBJECT_ID('[dbo].[Collection_ReadByIdUserId]') IS NOT NULL
+BEGIN
+    DROP PROCEDURE [dbo].[Collection_ReadByIdUserId]
+END
+GO
+
+CREATE PROCEDURE [dbo].[Collection_ReadByIdUserId]
+    @Id UNIQUEIDENTIFIER,
+    @UserId UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+    SELECT
+        Id,
+        OrganizationId,
+        [Name],
+        CreationDate,
+        RevisionDate,
+        ExternalId,
+        MIN([ReadOnly]) AS [ReadOnly],
+        MIN([HidePasswords]) AS [HidePasswords]
+    FROM
+        [dbo].[UserCollectionDetails](@UserId)
+    WHERE
+        [Id] = @Id
+    GROUP BY
+        Id,
+        OrganizationId,
+        [Name],
+        CreationDate,
+        RevisionDate,
+        ExternalId
+END