permission checks for cipher crud operations

2025-07-03 00:52:49 -05:00 · 2017-03-24 09:27:15 -04:00
parent 0dae19bd4f
commit 10c72fafda
10 changed files with 78 additions and 11 deletions
--- a/src/Sql/Sql.sqlproj
+++ b/src/Sql/Sql.sqlproj
@ -173,5 +173,6 @@
    <Build Include="dbo\Stored Procedures\OrganizationUserUserDetails_ReadByOrganizationId.sql" />
    <Build Include="dbo\Stored Procedures\Subvault_ReadByOrganizationIdAdminUserId.sql" />
    <Build Include="dbo\User Defined Types\GuidIdArray.sql" />
+    <Build Include="dbo\Stored Procedures\SubvaultUser_ReadIsAdminByCipherIdUserId.sql" />
  </ItemGroup>
 </Project>
--- a/Procedures/CipherDetails_Create.sql
+++ b/Procedures/CipherDetails_Create.sql
@ -25,7 +25,7 @@ BEGIN
    VALUES
    (
        @Id,
-        @UserId,
+        CASE WHEN @OrganizationId IS NULL THEN @UserId ELSE NULL END,
        @OrganizationId,
        @Type,
        @Data,
--- a/Procedures/CipherDetails_Update.sql
+++ b/Procedures/CipherDetails_Update.sql
@ -15,7 +15,7 @@ BEGIN
    UPDATE
        [dbo].[Cipher]
    SET
-        [UserId] = @UserId,
+        [UserId] = CASE WHEN @OrganizationId IS NULL THEN @UserId ELSE NULL END,
        [OrganizationId] = @OrganizationId,
        [Type] = @Type,
        [Data] = @Data,
--- a/Procedures/SubvaultUser_ReadIsAdminByCipherIdUserId.sql
+++ b/Procedures/SubvaultUser_ReadIsAdminByCipherIdUserId.sql
@ -0,0 +1,30 @@
+CREATE PROCEDURE [dbo].[SubvaultUser_ReadIsAdminByCipherIdUserId]
+    @UserId UNIQUEIDENTIFIER,
+    @CipherId AS UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    ;WITH [CTE] AS(
+        SELECT
+            CASE WHEN OU.[Type] = 2 THEN SU.[Admin] ELSE 1 END AS [Admin] -- 2 = Regular User
+        FROM
+            [dbo].[SubvaultUser] SU
+        INNER JOIN
+            [dbo].[SubvaultCipher] SC ON SC.SubvaultId = SU.SubvaultId
+        INNER JOIN
+            [dbo].[Cipher] C ON SC.[CipherId] = C.[Id]
+        INNER JOIN
+            [dbo].[OrganizationUser] OU ON OU.Id = SU.OrganizationUserId AND OU.OrganizationId = C.OrganizationId
+        WHERE
+            C.[Id] = @CipherId
+            AND OU.[UserId] = @UserId
+            AND OU.[Status] = 2 -- 2 = Confirmed
+    )
+    SELECT
+        CASE WHEN COUNT(1) > 0 THEN 1 ELSE 0 END
+    FROM
+        [CTE]
+    WHERE
+        [Admin] = 1
+END