Merge 431df0fcd9 into 3b48e6e903

2025-07-12 23:34:59 +00:00 · 2025-07-03 14:31:01 +02:00 · 2025-07-03 14:31:01 +02:00 · 25ffbc6a8a
commit 25ffbc6a8a
parent 3b48e6e903 431df0fcd9
1 changed files with 18 additions and 5 deletions
--- a/src/api/core/ciphers.rs
+++ b/src/api/core/ciphers.rs
@ -1924,11 +1924,24 @@ impl CipherSyncData {

        // Generate a HashMap with the collections_uuid as key and the CollectionGroup record
        let user_collections_groups: HashMap<CollectionId, CollectionGroup> = if CONFIG.org_groups_enabled() {
-            CollectionGroup::find_by_user(user_id, conn)
-                .await
-                .into_iter()
-                .map(|collection_group| (collection_group.collections_uuid.clone(), collection_group))
-                .collect()
+            let all_user_collection_groups = CollectionGroup::find_by_user(user_id, conn).await;
+            let mut combined_permissions: HashMap<CollectionId, CollectionGroup> = HashMap::new();
+
+            for cg in all_user_collection_groups {
+                match combined_permissions.get_mut(&cg.collections_uuid) {
+                    Some(existing) => {
+                        // Combine permissions by taking the most permissive settings
+                        existing.read_only = existing.read_only && cg.read_only; // false if ANY group allows write
+                        existing.hide_passwords = existing.hide_passwords && cg.hide_passwords; // false if ANY group allows password view
+                        existing.manage = existing.manage || cg.manage; // true if ANY group allows manage
+                    }
+                    None => {
+                        // First group for this collection
+                        combined_permissions.insert(cg.collections_uuid.clone(), cg);
+                    }
+                }
+            }
+            combined_permissions
        } else {
            HashMap::new()
        };