saltyming/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-08-01 16:49:09 +00:00
Code Activity

fix(groups): query full access via group only when necessary

Browse source 
Co-authored-by: Mathijs van Veluw <black.dex@gmail.com>
This commit is contained in:
Matlink 2024-02-17 08:22:45 +01:00
commit 4d9ff9a136
1 changed files with 1 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/api/core/organizations.rs
View file

@ -324,9 +324,7 @@ async fn get_org_collections_details(org_id: &str, headers: ManagerHeadersLoose,
let coll_users = CollectionUser::find_by_organization(org_id, &mut conn).await;
// check if current user has full access to the organization (either directly or via any group)
let has_full_access_via_group =
CONFIG.org_groups_enabled() && GroupUser::has_full_access_by_member(org_id, &user_org.uuid, &mut conn).await;
let has_full_access_to_org = user_org.access_all || has_full_access_via_group;
let has_full_access_to_org = user_org.access_all || (CONFIG.org_groups_enabled() && GroupUser::has_full_access_by_member(org_id, &user_org.uuid, &mut conn).await);
for col in Collection::find_by_organization(org_id, &mut conn).await {
// assigned indicates whether the current user has access to the given collection