mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2025-08-02 00:59:08 +00:00
fix: restrict collection manage permissions to managers only
Prevent users from getting logged out when they have manage permissions by only allowing manage permissions for MembershipType::Manager and higher roles.
This commit is contained in:
parent
614c8be53b
commit
3cffd0e31a
1 changed files with 5 additions and 3 deletions
|
@ -97,13 +97,13 @@ impl Collection {
|
|||
(
|
||||
cu.read_only,
|
||||
cu.hide_passwords,
|
||||
cu.manage || (is_manager && !cu.read_only && !cu.hide_passwords),
|
||||
is_manager && (cu.manage || (!cu.read_only && !cu.hide_passwords)),
|
||||
)
|
||||
} else if let Some(cg) = cipher_sync_data.user_collections_groups.get(&self.uuid) {
|
||||
(
|
||||
cg.read_only,
|
||||
cg.hide_passwords,
|
||||
cg.manage || (is_manager && !cg.read_only && !cg.hide_passwords),
|
||||
is_manager && (cg.manage || (!cg.read_only && !cg.hide_passwords)),
|
||||
)
|
||||
} else {
|
||||
(false, false, false)
|
||||
|
@ -114,7 +114,9 @@ impl Collection {
|
|||
} else {
|
||||
match Membership::find_confirmed_by_user_and_org(user_uuid, &self.org_uuid, conn).await {
|
||||
Some(m) if m.has_full_access() => (false, false, m.atype >= MembershipType::Manager),
|
||||
Some(_) if self.is_manageable_by_user(user_uuid, conn).await => (false, false, true),
|
||||
Some(m) if m.atype == MembershipType::Manager && self.is_manageable_by_user(user_uuid, conn).await => {
|
||||
(false, false, true)
|
||||
}
|
||||
Some(m) => {
|
||||
let is_manager = m.atype == MembershipType::Manager;
|
||||
let read_only = !self.is_writable_by_user(user_uuid, conn).await;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue