saltyming/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-05-10 21:53:57 +00:00
Code Activity

Fix editing members which have access-all rights

Browse source 
With web-vault v2024.6.2 and lower, if a user has access-all rights either as an org-member or via a group it shouldn't return individual collections.

This probably needs to be changed with newer versions which do not support the `access-all` feature anymore and work with manage.
But with the current version this should solve access right issues.

Fixes #5212

Signed-off-by: BlackDex <black.dex@gmail.com>
This commit is contained in:
BlackDex 2024-11-20 16:11:56 +01:00
parent cdfdc6ff4f
commit 08b54309c2
No known key found for this signature in database
GPG key ID: 58C80A2AA6C765E1
1 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/db/models/organization.rs
View file

@ -462,7 +462,13 @@ impl UserOrganization {
Vec::with_capacity(0)
};
let collections: Vec<Value> = if include_collections {
// Check if a user is in a group which has access to all collections
// If that is the case, we should not return individual collections!
let full_access_group =
CONFIG.org_groups_enabled() && Group::is_in_full_access_group(&self.user_uuid, &self.org_uuid, conn).await;
// If collections are to be included, only include them if the user does not have full access via a group or defined to the user it self
let collections: Vec<Value> = if include_collections && !(full_access_group || self.has_full_access()) {
// Get all collections for the user here already to prevent more queries
let cu: HashMap<String, CollectionUser> =
CollectionUser::find_by_organization_and_user_uuid(&self.org_uuid, &self.user_uuid, conn)