mirror of
https://github.com/bitwarden/server.git
synced 2025-07-02 16:42:50 -05:00
[AC-2731] Remove AccessAll - Collection and Cipher functions (#4469)
* Remove AccessAll logic from UserCollectionDetails and UserCipherDetails and EF equivalents
This commit is contained in:
Thomas Rittson
@ -227,7 +227,7 @@ public class CollectionRepository : Repository<Core.Entities.Collection, Collect
|
||||
{
|
||||
var dbContext = GetDatabaseContext(scope);
|
||||
|
||||
var baseCollectionQuery = new UserCollectionDetailsQuery(userId, useFlexibleCollections).Run(dbContext);
|
||||
var baseCollectionQuery = new UserCollectionDetailsQuery(userId).Run(dbContext);
|
||||
|
||||
if (dbContext.Database.IsSqlite())
|
||||
{
|
||||
|
||||
@ -8,87 +8,12 @@ namespace Bit.Infrastructure.EntityFramework.Repositories.Queries;
|
||||
public class UserCipherDetailsQuery : IQuery<CipherDetails>
|
||||
{
|
||||
private readonly Guid? _userId;
|
||||
private readonly bool _useFlexibleCollections;
|
||||
public UserCipherDetailsQuery(Guid? userId, bool useFlexibleCollections)
|
||||
public UserCipherDetailsQuery(Guid? userId)
|
||||
{
|
||||
_userId = userId;
|
||||
_useFlexibleCollections = useFlexibleCollections;
|
||||
}
|
||||
|
||||
public virtual IQueryable<CipherDetails> Run(DatabaseContext dbContext)
|
||||
{
|
||||
return _useFlexibleCollections
|
||||
? Run_VNext(dbContext)
|
||||
: Run_VCurrent(dbContext);
|
||||
}
|
||||
|
||||
private IQueryable<CipherDetails> Run_VCurrent(DatabaseContext dbContext)
|
||||
{
|
||||
var query = from c in dbContext.Ciphers
|
||||
|
||||
join ou in dbContext.OrganizationUsers
|
||||
on new { CipherUserId = c.UserId, c.OrganizationId, UserId = _userId, Status = OrganizationUserStatusType.Confirmed } equals
|
||||
new { CipherUserId = (Guid?)null, OrganizationId = (Guid?)ou.OrganizationId, ou.UserId, ou.Status }
|
||||
|
||||
join o in dbContext.Organizations
|
||||
on new { c.OrganizationId, OuOrganizationId = ou.OrganizationId, Enabled = true } equals
|
||||
new { OrganizationId = (Guid?)o.Id, OuOrganizationId = o.Id, o.Enabled }
|
||||
|
||||
join cc in dbContext.CollectionCiphers
|
||||
on new { ou.AccessAll, CipherId = c.Id } equals
|
||||
new { AccessAll = false, cc.CipherId } into cc_g
|
||||
from cc in cc_g.DefaultIfEmpty()
|
||||
|
||||
join cu in dbContext.CollectionUsers
|
||||
on new { cc.CollectionId, OrganizationUserId = ou.Id } equals
|
||||
new { cu.CollectionId, cu.OrganizationUserId } into cu_g
|
||||
from cu in cu_g.DefaultIfEmpty()
|
||||
|
||||
join gu in dbContext.GroupUsers
|
||||
on new { CollectionId = (Guid?)cu.CollectionId, ou.AccessAll, OrganizationUserId = ou.Id } equals
|
||||
new { CollectionId = (Guid?)null, AccessAll = false, gu.OrganizationUserId } into gu_g
|
||||
from gu in gu_g.DefaultIfEmpty()
|
||||
|
||||
join g in dbContext.Groups
|
||||
on gu.GroupId equals g.Id into g_g
|
||||
from g in g_g.DefaultIfEmpty()
|
||||
|
||||
join cg in dbContext.CollectionGroups
|
||||
on new { g.AccessAll, cc.CollectionId, gu.GroupId } equals
|
||||
new { AccessAll = false, cg.CollectionId, cg.GroupId } into cg_g
|
||||
from cg in cg_g.DefaultIfEmpty()
|
||||
|
||||
where ou.AccessAll || cu.CollectionId != null || g.AccessAll || cg.CollectionId != null
|
||||
|
||||
select c;
|
||||
|
||||
var query2 = from c in dbContext.Ciphers
|
||||
where c.UserId == _userId
|
||||
select c;
|
||||
|
||||
var union = query.Union(query2).Select(c => new CipherDetails
|
||||
{
|
||||
Id = c.Id,
|
||||
UserId = c.UserId,
|
||||
OrganizationId = c.OrganizationId,
|
||||
Type = c.Type,
|
||||
Data = c.Data,
|
||||
Attachments = c.Attachments,
|
||||
CreationDate = c.CreationDate,
|
||||
RevisionDate = c.RevisionDate,
|
||||
DeletedDate = c.DeletedDate,
|
||||
Favorite = _userId.HasValue && c.Favorites != null && c.Favorites.ToLowerInvariant().Contains($"\"{_userId}\":true"),
|
||||
FolderId = GetFolderId(_userId, c),
|
||||
Edit = true,
|
||||
Reprompt = c.Reprompt,
|
||||
ViewPassword = true,
|
||||
OrganizationUseTotp = false,
|
||||
Key = c.Key
|
||||
});
|
||||
return union;
|
||||
}
|
||||
|
||||
private IQueryable<CipherDetails> Run_VNext(DatabaseContext dbContext)
|
||||
{
|
||||
var query = from c in dbContext.Ciphers
|
||||
|
||||
|
||||
@ -6,22 +6,13 @@ namespace Bit.Infrastructure.EntityFramework.Repositories.Queries;
|
||||
public class UserCollectionDetailsQuery : IQuery<CollectionDetails>
|
||||
{
|
||||
private readonly Guid? _userId;
|
||||
private readonly bool _useFlexibleCollections;
|
||||
|
||||
public UserCollectionDetailsQuery(Guid? userId, bool useFlexibleCollections)
|
||||
public UserCollectionDetailsQuery(Guid? userId)
|
||||
{
|
||||
_userId = userId;
|
||||
_useFlexibleCollections = useFlexibleCollections;
|
||||
}
|
||||
|
||||
public virtual IQueryable<CollectionDetails> Run(DatabaseContext dbContext)
|
||||
{
|
||||
return _useFlexibleCollections
|
||||
? Run_vNext(dbContext)
|
||||
: Run_vLegacy(dbContext);
|
||||
}
|
||||
|
||||
private IQueryable<CollectionDetails> Run_vNext(DatabaseContext dbContext)
|
||||
{
|
||||
var query = from c in dbContext.Collections
|
||||
|
||||
@ -69,56 +60,4 @@ public class UserCollectionDetailsQuery : IQuery<CollectionDetails>
|
||||
Manage = (bool?)x.cu.Manage ?? (bool?)x.cg.Manage ?? false,
|
||||
});
|
||||
}
|
||||
|
||||
private IQueryable<CollectionDetails> Run_vLegacy(DatabaseContext dbContext)
|
||||
{
|
||||
var query = from c in dbContext.Collections
|
||||
|
||||
join ou in dbContext.OrganizationUsers
|
||||
on c.OrganizationId equals ou.OrganizationId
|
||||
|
||||
join o in dbContext.Organizations
|
||||
on c.OrganizationId equals o.Id
|
||||
|
||||
join cu in dbContext.CollectionUsers
|
||||
on new { ou.AccessAll, CollectionId = c.Id, OrganizationUserId = ou.Id } equals
|
||||
new { AccessAll = false, cu.CollectionId, cu.OrganizationUserId } into cu_g
|
||||
from cu in cu_g.DefaultIfEmpty()
|
||||
|
||||
join gu in dbContext.GroupUsers
|
||||
on new { CollectionId = (Guid?)cu.CollectionId, ou.AccessAll, OrganizationUserId = ou.Id } equals
|
||||
new { CollectionId = (Guid?)null, AccessAll = false, gu.OrganizationUserId } into gu_g
|
||||
from gu in gu_g.DefaultIfEmpty()
|
||||
|
||||
join g in dbContext.Groups
|
||||
on gu.GroupId equals g.Id into g_g
|
||||
from g in g_g.DefaultIfEmpty()
|
||||
|
||||
join cg in dbContext.CollectionGroups
|
||||
on new { g.AccessAll, CollectionId = c.Id, gu.GroupId } equals
|
||||
new { AccessAll = false, cg.CollectionId, cg.GroupId } into cg_g
|
||||
from cg in cg_g.DefaultIfEmpty()
|
||||
|
||||
where ou.UserId == _userId &&
|
||||
ou.Status == OrganizationUserStatusType.Confirmed &&
|
||||
o.Enabled &&
|
||||
(ou.AccessAll || cu.CollectionId != null || g.AccessAll || cg.CollectionId != null)
|
||||
select new { c, ou, o, cu, gu, g, cg };
|
||||
|
||||
return query.Select(x => new CollectionDetails
|
||||
{
|
||||
Id = x.c.Id,
|
||||
OrganizationId = x.c.OrganizationId,
|
||||
Name = x.c.Name,
|
||||
ExternalId = x.c.ExternalId,
|
||||
CreationDate = x.c.CreationDate,
|
||||
RevisionDate = x.c.RevisionDate,
|
||||
ReadOnly = x.ou.AccessAll || x.g.AccessAll ||
|
||||
!((bool?)x.cu.ReadOnly ?? (bool?)x.cg.ReadOnly ?? false) ? false : true,
|
||||
HidePasswords = x.ou.AccessAll || x.g.AccessAll ||
|
||||
!((bool?)x.cu.HidePasswords ?? (bool?)x.cg.HidePasswords ?? false) ? false : true,
|
||||
Manage = x.ou.AccessAll || x.g.AccessAll ||
|
||||
!((bool?)x.cu.Manage ?? (bool?)x.cg.Manage ?? false) ? false : true,
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user