nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-05-28 23:04:50 -05:00
Code

limit collection users with accessall to orgid

Browse Source
This commit is contained in:
Kyle Spearrin 2017-05-04 07:17:01 -04:00
parent 94fdb72d75
commit 5b5bd4e099
3 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Core/Models/Data/CollectionUserUserDetails.cs
View File

@ -6,6 +6,7 @@ namespace Bit.Core.Models.Data
{ {
public Guid? Id { get; set; } public Guid? Id { get; set; }
public Guid OrganizationUserId { get; set; } public Guid OrganizationUserId { get; set; }
public Guid? OrganizationId { get; set; }
public Guid? CollectionId { get; set; } public Guid? CollectionId { get; set; }
public bool AccessAll { get; set; } public bool AccessAll { get; set; }
public string Name { get; set; } public string Name { get; set; }

12
src/Sql/dbo/Stored Procedures/CollectionUserUserDetails_ReadByCollectionId.sql
View File

@ -4,11 +4,17 @@ AS
BEGIN BEGIN
SET NOCOUNT ON SET NOCOUNT ON
DECLARE @OrganizationId UNIQUEIDENTIFIER = (SELECT [OrganizationId] FROM [dbo].[Collection] WHERE [Id] = @CollectionId)
SELECT SELECT
* *
FROM FROM
[dbo].[CollectionUserUserDetailsView] [dbo].[CollectionUserUserDetailsView]
WHERE WHERE
[AccessAll] = 1 [CollectionId] = @CollectionId
OR [CollectionId] = @CollectionId OR
END (
[OrganizationId] = @OrganizationId
AND [AccessAll] = 1
)
END

1
src/Sql/dbo/Views/CollectionUserUserDetailsView.sql
View File

@ -2,6 +2,7 @@
AS AS
SELECT SELECT
OU.[Id] AS [OrganizationUserId], OU.[Id] AS [OrganizationUserId],
OU.[OrganizationId],
OU.[AccessAll], OU.[AccessAll],
CU.[Id], CU.[Id],
CU.[CollectionId], CU.[CollectionId],