Fix the web-vault v2023.2.0 API calls

- Supports the new Collection/Group/User editing UI's - Support `/partial` endpoint for cipher updating to allow folder and favorite update for read-only ciphers. - Prevent `Favorite`, `Folder`, `read-only` and `hide-passwords` from being added to the organizational sync. - Added and corrected some `Object` key's to the output json. Fixes #3279
2025-07-05 03:55:02 +00:00 · 2023-02-27 16:37:58 +01:00 · 2023-02-27 16:37:58 +01:00 · 7ec00d3850
commit 7ec00d3850
parent af6d17b701
10 changed files with 396 additions and 95 deletions
--- a/src/db/models/cipher.rs
+++ b/src/db/models/cipher.rs
@ -6,7 +6,7 @@ use super::{
    Attachment, CollectionCipher, Favorite, FolderCipher, Group, User, UserOrgStatus, UserOrgType, UserOrganization,
 };

-use crate::api::core::{CipherData, CipherSyncData};
+use crate::api::core::{CipherData, CipherSyncData, CipherSyncType};

 use std::borrow::Cow;

@ -114,6 +114,7 @@ impl Cipher {
        host: &str,
        user_uuid: &str,
        cipher_sync_data: Option<&CipherSyncData>,
+        sync_type: CipherSyncType,
        conn: &mut DbConn,
    ) -> Value {
        use crate::util::format_date;
@ -134,12 +135,18 @@ impl Cipher {
        let password_history_json =
            self.password_history.as_ref().and_then(|s| serde_json::from_str(s).ok()).unwrap_or(Value::Null);

-        let (read_only, hide_passwords) = match self.get_access_restrictions(user_uuid, cipher_sync_data, conn).await {
-            Some((ro, hp)) => (ro, hp),
-            None => {
-                error!("Cipher ownership assertion failure");
-                (true, true)
+        // We don't need these values at all for Organizational syncs
+        // Skip any other database calls if this is the case and just return false.
+        let (read_only, hide_passwords) = if sync_type == CipherSyncType::User {
+            match self.get_access_restrictions(user_uuid, cipher_sync_data, conn).await {
+                Some((ro, hp)) => (ro, hp),
+                None => {
+                    error!("Cipher ownership assertion failure");
+                    (true, true)
+                }
            }
+        } else {
+            (false, false)
        };

        // Get the type_data or a default to an empty json object '{}'.
@ -192,8 +199,6 @@ impl Cipher {
            "CreationDate": format_date(&self.created_at),
            "RevisionDate": format_date(&self.updated_at),
            "DeletedDate": self.deleted_at.map_or(Value::Null, |d| Value::String(format_date(&d))),
-            "FolderId": if let Some(cipher_sync_data) = cipher_sync_data { cipher_sync_data.cipher_folders.get(&self.uuid).map(|c| c.to_string() ) } else { self.get_folder_uuid(user_uuid, conn).await },
-            "Favorite": if let Some(cipher_sync_data) = cipher_sync_data { cipher_sync_data.cipher_favorites.contains(&self.uuid) } else { self.is_favorite(user_uuid, conn).await },
            "Reprompt": self.reprompt.unwrap_or(RepromptType::None as i32),
            "OrganizationId": self.organization_uuid,
            "Attachments": attachments_json,
@ -210,12 +215,6 @@ impl Cipher {

            "Data": data_json,

-            // These values are true by default, but can be false if the
-            // cipher belongs to a collection where the org owner has enabled
-            // the "Read Only" or "Hide Passwords" restrictions for the user.
-            "Edit": !read_only,
-            "ViewPassword": !hide_passwords,
-
            "PasswordHistory": password_history_json,

            // All Cipher types are included by default as null, but only the matching one will be populated
@ -225,6 +224,27 @@ impl Cipher {
            "Identity": null,
        });

+        // These values are only needed for user/default syncs
+        // Not during an organizational sync like `get_org_details`
+        // Skip adding these fields in that case
+        if sync_type == CipherSyncType::User {
+            json_object["FolderId"] = json!(if let Some(cipher_sync_data) = cipher_sync_data {
+                cipher_sync_data.cipher_folders.get(&self.uuid).map(|c| c.to_string())
+            } else {
+                self.get_folder_uuid(user_uuid, conn).await
+            });
+            json_object["Favorite"] = json!(if let Some(cipher_sync_data) = cipher_sync_data {
+                cipher_sync_data.cipher_favorites.contains(&self.uuid)
+            } else {
+                self.is_favorite(user_uuid, conn).await
+            });
+            // These values are true by default, but can be false if the
+            // cipher belongs to a collection or group where the org owner has enabled
+            // the "Read Only" or "Hide Passwords" restrictions for the user.
+            json_object["Edit"] = json!(!read_only);
+            json_object["ViewPassword"] = json!(!hide_passwords);
+        }
+
        let key = match self.atype {
            1 => "Login",
            2 => "SecureNote",
@ -740,6 +760,7 @@ impl Cipher {
            .or_filter(groups::access_all.eq(true)) //Access via group
            .or_filter(collections_groups::collections_uuid.is_not_null()) //Access via group
            .select(ciphers_collections::all_columns)
+            .distinct()
            .load::<(String, String)>(conn).unwrap_or_default()
        }}
    }