nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-07 05:58:13 -05:00
Code

permissions validation

Browse Source
This commit is contained in:
Kyle Spearrin 2017-04-04 22:07:30 -04:00
parent 7d9a2cdd95
commit 382be7a90b
5 changed files with 22 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Api/Controllers/CiphersController.cs
View File

@ -134,7 +134,7 @@ namespace Bit.Api.Controllers
{ {
var userId = _userService.GetProperUserId(User).Value; var userId = _userService.GetProperUserId(User).Value;
var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), userId); var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
if(cipher == null || cipher.OrganizationId.HasValue || cipher.UserId != userId) if(cipher == null || cipher.UserId != userId)
{ {
throw new NotFoundException(); throw new NotFoundException();
} }

18
src/Core/Models/Api/Request/CipherRequestModel.cs
View File

@ -5,6 +5,7 @@ using Bit.Core.Models.Table;
using Bit.Core.Enums; using Bit.Core.Enums;
using Newtonsoft.Json; using Newtonsoft.Json;
using System.Collections.Generic; using System.Collections.Generic;
using System.Linq;
namespace Bit.Core.Models.Api namespace Bit.Core.Models.Api
{ {
@ -48,12 +49,11 @@ namespace Bit.Core.Models.Api
public Cipher ToCipher(Cipher existingCipher) public Cipher ToCipher(Cipher existingCipher)
{ {
existingCipher.OrganizationId = string.IsNullOrWhiteSpace(OrganizationId) ? null : (Guid?)new Guid(OrganizationId);
switch(existingCipher.Type) switch(existingCipher.Type)
{ {
case CipherType.Login: case CipherType.Login:
existingCipher.Data = JsonConvert.SerializeObject(new LoginDataModel(this), new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore }); existingCipher.Data = JsonConvert.SerializeObject(new LoginDataModel(this),
new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore });
break; break;
default: default:
throw new ArgumentException("Unsupported " + nameof(Type) + "."); throw new ArgumentException("Unsupported " + nameof(Type) + ".");
@ -63,10 +63,20 @@ namespace Bit.Core.Models.Api
} }
} }
public class CipherMoveRequestModel public class CipherMoveRequestModel : IValidatableObject
{ {
[Required]
public IEnumerable<string> SubvaultIds { get; set; } public IEnumerable<string> SubvaultIds { get; set; }
[Required] [Required]
public CipherRequestModel Cipher { get; set; } public CipherRequestModel Cipher { get; set; }
public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
{
if(!SubvaultIds?.Any() ?? false)
{
yield return new ValidationResult("You must select at least one subvault.",
new string[] { nameof(SubvaultIds) });
}
}
} }
} }

10
src/Core/Services/Implementations/CipherService.cs
View File

@ -119,9 +119,9 @@ namespace Bit.Core.Services
throw new BadRequestException(nameof(cipher.Id)); throw new BadRequestException(nameof(cipher.Id));
} }
if(organizationId == default(Guid)) if(cipher.OrganizationId.HasValue)
{ {
throw new BadRequestException(nameof(organizationId)); throw new BadRequestException("Already belongs to an organization.");
} }
if(!cipher.UserId.HasValue || cipher.UserId.Value != movingUserId) if(!cipher.UserId.HasValue || cipher.UserId.Value != movingUserId)
@ -134,8 +134,8 @@ namespace Bit.Core.Services
var subvaultUserDetails = await _subvaultUserRepository.GetPermissionsByUserIdAsync(movingUserId, subvaultIds, var subvaultUserDetails = await _subvaultUserRepository.GetPermissionsByUserIdAsync(movingUserId, subvaultIds,
organizationId); organizationId);
var adminSubvaults = subvaultUserDetails.Where(s => s.Admin).Select(s => s.SubvaultId); var writeableSubvaults = subvaultUserDetails.Where(s => !s.ReadOnly).Select(s => s.SubvaultId);
if(!adminSubvaults.Any()) if(!writeableSubvaults.Any())
{ {
throw new BadRequestException("No subvaults."); throw new BadRequestException("No subvaults.");
} }
@ -143,7 +143,7 @@ namespace Bit.Core.Services
cipher.UserId = null; cipher.UserId = null;
cipher.OrganizationId = organizationId; cipher.OrganizationId = organizationId;
cipher.RevisionDate = DateTime.UtcNow; cipher.RevisionDate = DateTime.UtcNow;
await _cipherRepository.ReplaceAsync(cipher, adminSubvaults); await _cipherRepository.ReplaceAsync(cipher, writeableSubvaults);
// push // push
//await _pushService.PushSyncCipherUpdateAsync(cipher); //await _pushService.PushSyncCipherUpdateAsync(cipher);

6
src/Sql/dbo/Functions/UserCanEditCipher.sql
View File

@ -5,11 +5,7 @@ BEGIN
;WITH [CTE] AS( ;WITH [CTE] AS(
SELECT SELECT
CASE CASE WHEN SU.[ReadOnly] = 0 THEN 1 ELSE 0 END [CanEdit]
WHEN OU.[Type] = 2 AND SU.[Admin] = 1 THEN 1 -- 2 = Regular User
WHEN SU.[ReadOnly] = 0 THEN 1
ELSE 0
END [CanEdit]
FROM FROM
[dbo].[SubvaultUser] SU [dbo].[SubvaultUser] SU
INNER JOIN INNER JOIN

2
src/Sql/dbo/Stored Procedures/SubvaultUser_ReadPermissionsBySubvaultUserId.sql
View File

@ -9,7 +9,7 @@ BEGIN
SELECT SELECT
SU.[SubvaultId], SU.[SubvaultId],
CASE WHEN OU.[Type] = 2 THEN SU.[Admin] ELSE 1 END AS [Admin], -- 2 = Regular User CASE WHEN OU.[Type] = 2 THEN SU.[Admin] ELSE 1 END AS [Admin], -- 2 = Regular User
CASE WHEN OU.[Type] = 2 THEN SU.[ReadOnly] ELSE 0 END AS [ReadOnly] -- 2 = Regular User SU.[ReadOnly]
FROM FROM
[dbo].[SubvaultUser] SU [dbo].[SubvaultUser] SU
INNER JOIN INNER JOIN