1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-29 13:25:17 +01:00

support access all for collection user details

This commit is contained in:
Kyle Spearrin 2017-05-08 11:27:21 -04:00
parent 2c604d61b2
commit 9936f69481
9 changed files with 56 additions and 25 deletions

View File

@ -16,17 +16,20 @@ namespace Bit.Api.Controllers
public class CollectionsController : Controller
{
private readonly ICollectionRepository _collectionRepository;
private readonly ICollectionUserRepository _collectionUserRepository;
private readonly ICollectionService _collectionService;
private readonly IUserService _userService;
private readonly CurrentContext _currentContext;
public CollectionsController(
ICollectionRepository collectionRepository,
ICollectionUserRepository collectionUserRepository,
ICollectionService collectionService,
IUserService userService,
CurrentContext currentContext)
{
_collectionRepository = collectionRepository;
_collectionUserRepository = collectionUserRepository;
_collectionService = collectionService;
_userService = userService;
_currentContext = currentContext;
@ -59,11 +62,12 @@ namespace Bit.Api.Controllers
}
[HttpGet("~/collections")]
public async Task<ListResponseModel<CollectionResponseModel>> GetUser()
public async Task<ListResponseModel<CollectionUserDetailsResponseModel>> GetUser()
{
var collections = await _collectionRepository.GetManyByUserIdAsync(_userService.GetProperUserId(User).Value);
var responses = collections.Select(c => new CollectionResponseModel(c));
return new ListResponseModel<CollectionResponseModel>(responses);
var collections = await _collectionUserRepository.GetManyDetailsByUserIdAsync(
_userService.GetProperUserId(User).Value);
var responses = collections.Select(c => new CollectionUserDetailsResponseModel(c));
return new ListResponseModel<CollectionUserDetailsResponseModel>(responses);
}
[HttpPost("")]

View File

@ -1,12 +1,26 @@
using System;
using Bit.Core.Models.Table;
using Bit.Core.Models.Data;
namespace Bit.Core.Models.Api
{
public class CollectionResponseModel : ResponseModel
{
public CollectionResponseModel(Collection collection)
: base("collection")
public CollectionResponseModel(Collection collection, string obj = "collection")
: base(obj)
{
if(collection == null)
{
throw new ArgumentNullException(nameof(collection));
}
Id = collection.Id.ToString();
OrganizationId = collection.OrganizationId.ToString();
Name = collection.Name;
}
public CollectionResponseModel(CollectionUserCollectionDetails collection, string obj = "collection")
: base(obj)
{
if(collection == null)
{
@ -22,4 +36,15 @@ namespace Bit.Core.Models.Api
public string OrganizationId { get; set; }
public string Name { get; set; }
}
public class CollectionUserDetailsResponseModel : CollectionResponseModel
{
public CollectionUserDetailsResponseModel(CollectionUserCollectionDetails collection)
: base(collection, "collectionUserDetails")
{
ReadOnly = collection.ReadOnly;
}
public bool ReadOnly { get; set; }
}
}

View File

@ -16,13 +16,11 @@ namespace Bit.Core.Models.Api
Id = details.Id.ToString();
Name = details.Name;
CollectionId = details.CollectionId.ToString();
ReadOnly = details.ReadOnly;
}
public string Id { get; set; }
public string Name { get; set; }
public string CollectionId { get; set; }
public bool ReadOnly { get; set; }
}
}

View File

@ -5,9 +5,8 @@ namespace Bit.Core.Models.Data
public class CollectionUserCollectionDetails
{
public Guid Id { get; set; }
public Guid OrganizationUserId { get; set; }
public Guid OrganizationId { get; set; }
public string Name { get; set; }
public Guid CollectionId { get; set; }
public bool ReadOnly { get; set; }
}
}

View File

@ -41,7 +41,7 @@ namespace Bit.Core.Repositories.SqlServer
{
var result = await connection.QueryFirstOrDefaultAsync<bool>(
$"[{Schema}].[Cipher_ReadCanEditByIdUserId]",
new { UserId = userId, CipherId = cipherId },
new { UserId = userId, Id = cipherId },
commandType: CommandType.StoredProcedure);
return result;

View File

@ -113,7 +113,8 @@ namespace Bit.Core.Repositories.SqlServer
}
}
public async Task<Tuple<OrganizationUserUserDetails, ICollection<CollectionUserCollectionDetails>>> GetDetailsByIdAsync(Guid id)
public async Task<Tuple<OrganizationUserUserDetails, ICollection<CollectionUserCollectionDetails>>>
GetDetailsByIdAsync(Guid id)
{
using(var connection = new SqlConnection(ConnectionString))
{

View File

@ -1,4 +1,4 @@
CREATE PROCEDURE [dbo].[Cipher_CanEditByIdUserId]
CREATE PROCEDURE [dbo].[Cipher_ReadCanEditByIdUserId]
@Id UNIQUEIDENTIFIER,
@UserId UNIQUEIDENTIFIER
AS

View File

@ -5,11 +5,9 @@ BEGIN
SET NOCOUNT ON
SELECT
CU.*
*
FROM
[dbo].[CollectionUserCollectionDetailsView] CU
INNER JOIN
[OrganizationUser] OU ON CU.[OrganizationUserId] = OU.[Id]
[dbo].[CollectionUserCollectionDetailsView]
WHERE
OU.[UserId] = @UserId
[UserId] = @UserId
END

View File

@ -1,12 +1,18 @@
CREATE VIEW [dbo].[CollectionUserCollectionDetailsView]
AS
SELECT
CU.[Id],
CU.[OrganizationUserId],
S.[Name],
S.[Id] CollectionId,
CU.[ReadOnly]
C.[Id] Id,
C.[OrganizationId],
C.[Name],
OU.[UserId],
OU.[Id] AS [OrganizationUserId],
CASE WHEN OU.[AccessAll] = 0 AND CU.[ReadOnly] = 1 THEN 1 ELSE 0 END [ReadOnly]
FROM
[dbo].[CollectionUser] CU
[dbo].[Collection] C
INNER JOIN
[dbo].[Collection] S ON S.[Id] = CU.[CollectionId]
[dbo].[OrganizationUser] OU ON C.[OrganizationId] = OU.[OrganizationId]
LEFT JOIN
[dbo].[CollectionUser] CU ON OU.[AccessAll] = 0 AND CU.[CollectionId] = C.[Id] AND CU.[OrganizationUserId] = [OU].[Id]
WHERE
OU.[AccessAll] = 1
OR CU.[Id] IS NOT NULL