mirror of
https://github.com/bitwarden/server.git
synced 2024-11-29 13:25:17 +01:00
support access all for collection user details
This commit is contained in:
parent
2c604d61b2
commit
9936f69481
@ -16,17 +16,20 @@ namespace Bit.Api.Controllers
|
||||
public class CollectionsController : Controller
|
||||
{
|
||||
private readonly ICollectionRepository _collectionRepository;
|
||||
private readonly ICollectionUserRepository _collectionUserRepository;
|
||||
private readonly ICollectionService _collectionService;
|
||||
private readonly IUserService _userService;
|
||||
private readonly CurrentContext _currentContext;
|
||||
|
||||
public CollectionsController(
|
||||
ICollectionRepository collectionRepository,
|
||||
ICollectionUserRepository collectionUserRepository,
|
||||
ICollectionService collectionService,
|
||||
IUserService userService,
|
||||
CurrentContext currentContext)
|
||||
{
|
||||
_collectionRepository = collectionRepository;
|
||||
_collectionUserRepository = collectionUserRepository;
|
||||
_collectionService = collectionService;
|
||||
_userService = userService;
|
||||
_currentContext = currentContext;
|
||||
@ -59,11 +62,12 @@ namespace Bit.Api.Controllers
|
||||
}
|
||||
|
||||
[HttpGet("~/collections")]
|
||||
public async Task<ListResponseModel<CollectionResponseModel>> GetUser()
|
||||
public async Task<ListResponseModel<CollectionUserDetailsResponseModel>> GetUser()
|
||||
{
|
||||
var collections = await _collectionRepository.GetManyByUserIdAsync(_userService.GetProperUserId(User).Value);
|
||||
var responses = collections.Select(c => new CollectionResponseModel(c));
|
||||
return new ListResponseModel<CollectionResponseModel>(responses);
|
||||
var collections = await _collectionUserRepository.GetManyDetailsByUserIdAsync(
|
||||
_userService.GetProperUserId(User).Value);
|
||||
var responses = collections.Select(c => new CollectionUserDetailsResponseModel(c));
|
||||
return new ListResponseModel<CollectionUserDetailsResponseModel>(responses);
|
||||
}
|
||||
|
||||
[HttpPost("")]
|
||||
|
@ -1,12 +1,26 @@
|
||||
using System;
|
||||
using Bit.Core.Models.Table;
|
||||
using Bit.Core.Models.Data;
|
||||
|
||||
namespace Bit.Core.Models.Api
|
||||
{
|
||||
public class CollectionResponseModel : ResponseModel
|
||||
{
|
||||
public CollectionResponseModel(Collection collection)
|
||||
: base("collection")
|
||||
public CollectionResponseModel(Collection collection, string obj = "collection")
|
||||
: base(obj)
|
||||
{
|
||||
if(collection == null)
|
||||
{
|
||||
throw new ArgumentNullException(nameof(collection));
|
||||
}
|
||||
|
||||
Id = collection.Id.ToString();
|
||||
OrganizationId = collection.OrganizationId.ToString();
|
||||
Name = collection.Name;
|
||||
}
|
||||
|
||||
public CollectionResponseModel(CollectionUserCollectionDetails collection, string obj = "collection")
|
||||
: base(obj)
|
||||
{
|
||||
if(collection == null)
|
||||
{
|
||||
@ -22,4 +36,15 @@ namespace Bit.Core.Models.Api
|
||||
public string OrganizationId { get; set; }
|
||||
public string Name { get; set; }
|
||||
}
|
||||
|
||||
public class CollectionUserDetailsResponseModel : CollectionResponseModel
|
||||
{
|
||||
public CollectionUserDetailsResponseModel(CollectionUserCollectionDetails collection)
|
||||
: base(collection, "collectionUserDetails")
|
||||
{
|
||||
ReadOnly = collection.ReadOnly;
|
||||
}
|
||||
|
||||
public bool ReadOnly { get; set; }
|
||||
}
|
||||
}
|
||||
|
@ -16,13 +16,11 @@ namespace Bit.Core.Models.Api
|
||||
|
||||
Id = details.Id.ToString();
|
||||
Name = details.Name;
|
||||
CollectionId = details.CollectionId.ToString();
|
||||
ReadOnly = details.ReadOnly;
|
||||
}
|
||||
|
||||
public string Id { get; set; }
|
||||
public string Name { get; set; }
|
||||
public string CollectionId { get; set; }
|
||||
public bool ReadOnly { get; set; }
|
||||
}
|
||||
}
|
||||
|
@ -5,9 +5,8 @@ namespace Bit.Core.Models.Data
|
||||
public class CollectionUserCollectionDetails
|
||||
{
|
||||
public Guid Id { get; set; }
|
||||
public Guid OrganizationUserId { get; set; }
|
||||
public Guid OrganizationId { get; set; }
|
||||
public string Name { get; set; }
|
||||
public Guid CollectionId { get; set; }
|
||||
public bool ReadOnly { get; set; }
|
||||
}
|
||||
}
|
||||
|
@ -41,7 +41,7 @@ namespace Bit.Core.Repositories.SqlServer
|
||||
{
|
||||
var result = await connection.QueryFirstOrDefaultAsync<bool>(
|
||||
$"[{Schema}].[Cipher_ReadCanEditByIdUserId]",
|
||||
new { UserId = userId, CipherId = cipherId },
|
||||
new { UserId = userId, Id = cipherId },
|
||||
commandType: CommandType.StoredProcedure);
|
||||
|
||||
return result;
|
||||
|
@ -113,7 +113,8 @@ namespace Bit.Core.Repositories.SqlServer
|
||||
}
|
||||
}
|
||||
|
||||
public async Task<Tuple<OrganizationUserUserDetails, ICollection<CollectionUserCollectionDetails>>> GetDetailsByIdAsync(Guid id)
|
||||
public async Task<Tuple<OrganizationUserUserDetails, ICollection<CollectionUserCollectionDetails>>>
|
||||
GetDetailsByIdAsync(Guid id)
|
||||
{
|
||||
using(var connection = new SqlConnection(ConnectionString))
|
||||
{
|
||||
|
@ -1,4 +1,4 @@
|
||||
CREATE PROCEDURE [dbo].[Cipher_CanEditByIdUserId]
|
||||
CREATE PROCEDURE [dbo].[Cipher_ReadCanEditByIdUserId]
|
||||
@Id UNIQUEIDENTIFIER,
|
||||
@UserId UNIQUEIDENTIFIER
|
||||
AS
|
||||
|
@ -5,11 +5,9 @@ BEGIN
|
||||
SET NOCOUNT ON
|
||||
|
||||
SELECT
|
||||
CU.*
|
||||
*
|
||||
FROM
|
||||
[dbo].[CollectionUserCollectionDetailsView] CU
|
||||
INNER JOIN
|
||||
[OrganizationUser] OU ON CU.[OrganizationUserId] = OU.[Id]
|
||||
[dbo].[CollectionUserCollectionDetailsView]
|
||||
WHERE
|
||||
OU.[UserId] = @UserId
|
||||
[UserId] = @UserId
|
||||
END
|
@ -1,12 +1,18 @@
|
||||
CREATE VIEW [dbo].[CollectionUserCollectionDetailsView]
|
||||
AS
|
||||
SELECT
|
||||
CU.[Id],
|
||||
CU.[OrganizationUserId],
|
||||
S.[Name],
|
||||
S.[Id] CollectionId,
|
||||
CU.[ReadOnly]
|
||||
C.[Id] Id,
|
||||
C.[OrganizationId],
|
||||
C.[Name],
|
||||
OU.[UserId],
|
||||
OU.[Id] AS [OrganizationUserId],
|
||||
CASE WHEN OU.[AccessAll] = 0 AND CU.[ReadOnly] = 1 THEN 1 ELSE 0 END [ReadOnly]
|
||||
FROM
|
||||
[dbo].[CollectionUser] CU
|
||||
[dbo].[Collection] C
|
||||
INNER JOIN
|
||||
[dbo].[Collection] S ON S.[Id] = CU.[CollectionId]
|
||||
[dbo].[OrganizationUser] OU ON C.[OrganizationId] = OU.[OrganizationId]
|
||||
LEFT JOIN
|
||||
[dbo].[CollectionUser] CU ON OU.[AccessAll] = 0 AND CU.[CollectionId] = C.[Id] AND CU.[OrganizationUserId] = [OU].[Id]
|
||||
WHERE
|
||||
OU.[AccessAll] = 1
|
||||
OR CU.[Id] IS NOT NULL
|
Loading…
Reference in New Issue
Block a user