Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-01-22 21:51:22 +01:00
Code Issues Projects Releases Wiki Activity

folder permission checks and null folder

Browse Source
This commit is contained in:
Kyle Spearrin 2017-06-09 09:48:44 -04:00
parent d3073e675e
commit f24bc96846
6 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Api/Controllers/CiphersController.cs
View File

@ -255,7 +255,8 @@ namespace Bit.Api.Controllers
public async Task MoveMany([FromBody]CipherBulkMoveRequestModel model)
{
var userId = _userService.GetProperUserId(User).Value;
await _cipherService.MoveManyAsync(model.Ids.Select(i => new Guid(i)), new Guid(model.FolderId), userId);
await _cipherService.MoveManyAsync(model.Ids.Select(i => new Guid(i)),
string.IsNullOrWhiteSpace(model.FolderId) ? (Guid?)null : new Guid(model.FolderId), userId);
}
}
}

1
src/Core/Models/Api/Request/CipherRequestModel.cs
View File

@ -100,7 +100,6 @@ namespace Bit.Core.Models.Api
{
[Required]
public IEnumerable<string> Ids { get; set; }
[Required]
public string FolderId { get; set; }
}
}

2
src/Core/Repositories/ICipherRepository.cs
View File

@ -20,7 +20,7 @@ namespace Bit.Core.Repositories
Task ReplaceAsync(Cipher obj, IEnumerable<Guid> collectionIds);
Task UpdatePartialAsync(Guid id, Guid userId, Guid? folderId, bool favorite);
Task DeleteAsync(IEnumerable<Guid> ids, Guid userId);
Task MoveAsync(IEnumerable<Guid> ids, Guid folderId, Guid userId);
Task MoveAsync(IEnumerable<Guid> ids, Guid? folderId, Guid userId);
Task UpdateUserKeysAndCiphersAsync(User user, IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders);
Task CreateAsync(IEnumerable<Cipher> ciphers, IEnumerable<Folder> folders);
}

2
src/Core/Repositories/SqlServer/CipherRepository.cs
View File

@ -187,7 +187,7 @@ namespace Bit.Core.Repositories.SqlServer
}
}
public async Task MoveAsync(IEnumerable<Guid> ids, Guid folderId, Guid userId)
public async Task MoveAsync(IEnumerable<Guid> ids, Guid? folderId, Guid userId)
{
using(var connection = new SqlConnection(ConnectionString))
{

2
src/Core/Services/ICipherService.cs
View File

@ -12,7 +12,7 @@ namespace Bit.Core.Services
Task SaveDetailsAsync(CipherDetails cipher, Guid savingUserId);
Task DeleteAsync(Cipher cipher, Guid deletingUserId, bool orgAdmin = false);
Task DeleteManyAsync(IEnumerable<Guid> cipherIds, Guid deletingUserId);
Task MoveManyAsync(IEnumerable<Guid> cipherIds, Guid destinationFolderId, Guid movingUserId);
Task MoveManyAsync(IEnumerable<Guid> cipherIds, Guid? destinationFolderId, Guid movingUserId);
Task SaveFolderAsync(Folder folder);
Task DeleteFolderAsync(Folder folder);
Task ShareAsync(Cipher cipher, Guid organizationId, IEnumerable<Guid> collectionIds, Guid userId);

11
src/Core/Services/Implementations/CipherService.cs
View File

@ -106,8 +106,17 @@ namespace Bit.Core.Services
await _pushService.PushSyncCiphersAsync(deletingUserId);
}
public async Task MoveManyAsync(IEnumerable<Guid> cipherIds, Guid destinationFolderId, Guid movingUserId)
public async Task MoveManyAsync(IEnumerable<Guid> cipherIds, Guid? destinationFolderId, Guid movingUserId)
{
if(destinationFolderId.HasValue)
{
var folder = await _folderRepository.GetByIdAsync(destinationFolderId.Value);
if(folder == null || folder.UserId != movingUserId)
{
throw new BadRequestException("Invalid folder.");
}
}
await _cipherRepository.MoveAsync(cipherIds, destinationFolderId, movingUserId);
// push
await _pushService.PushSyncCiphersAsync(movingUserId);