From 5bda2ef32f1b5dbf957c478744c2cbca0cfc87e6 Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Wed, 30 Aug 2017 15:57:17 -0400 Subject: [PATCH] read collection that are write only --- src/Api/Controllers/CollectionsController.cs | 7 ++- .../Repositories/ICollectionRepository.cs | 2 +- .../SqlServer/CollectionRepository.cs | 4 +- .../Collection_ReadByUserId.sql | 8 +++- .../2017-08-30_00_CollectionWriteOnly.sql | 46 +++++++++++++++++++ util/Setup/Setup.csproj | 1 + 6 files changed, 60 insertions(+), 8 deletions(-) create mode 100644 util/Setup/DbScripts/2017-08-30_00_CollectionWriteOnly.sql diff --git a/src/Api/Controllers/CollectionsController.cs b/src/Api/Controllers/CollectionsController.cs index e3b148141e..cf8571c85c 100644 --- a/src/Api/Controllers/CollectionsController.cs +++ b/src/Api/Controllers/CollectionsController.cs @@ -72,15 +72,14 @@ namespace Bit.Api.Controllers } [HttpGet("~/collections")] - public async Task> GetUser() + public async Task> GetUser([FromQuery]bool writeOnly = false) { - var collections = await _collectionRepository.GetManyByUserIdAsync(_userService.GetProperUserId(User).Value); + var collections = await _collectionRepository.GetManyByUserIdAsync( + _userService.GetProperUserId(User).Value, writeOnly); var responses = collections.Select(c => new CollectionResponseModel(c)); return new ListResponseModel(responses); } - - [HttpGet("{id}/users")] public async Task> GetUsers(string orgId, string id) { diff --git a/src/Core/Repositories/ICollectionRepository.cs b/src/Core/Repositories/ICollectionRepository.cs index 26cae13559..c18161cf34 100644 --- a/src/Core/Repositories/ICollectionRepository.cs +++ b/src/Core/Repositories/ICollectionRepository.cs @@ -11,7 +11,7 @@ namespace Bit.Core.Repositories Task GetCountByOrganizationIdAsync(Guid organizationId); Task>> GetByIdWithGroupsAsync(Guid id); Task> GetManyByOrganizationIdAsync(Guid organizationId); - Task> GetManyByUserIdAsync(Guid userId); + Task> GetManyByUserIdAsync(Guid userId, bool writeOnly); Task> GetManyUserDetailsByIdAsync(Guid organizationId, Guid collectionId); Task CreateAsync(Collection obj, IEnumerable groups); Task ReplaceAsync(Collection obj, IEnumerable groups); diff --git a/src/Core/Repositories/SqlServer/CollectionRepository.cs b/src/Core/Repositories/SqlServer/CollectionRepository.cs index 6c1be72485..e859bb7f55 100644 --- a/src/Core/Repositories/SqlServer/CollectionRepository.cs +++ b/src/Core/Repositories/SqlServer/CollectionRepository.cs @@ -64,13 +64,13 @@ namespace Bit.Core.Repositories.SqlServer } } - public async Task> GetManyByUserIdAsync(Guid userId) + public async Task> GetManyByUserIdAsync(Guid userId, bool writeOnly) { using(var connection = new SqlConnection(ConnectionString)) { var results = await connection.QueryAsync( $"[{Schema}].[Collection_ReadByUserId]", - new { UserId = userId }, + new { UserId = userId, WriteOnly = writeOnly }, commandType: CommandType.StoredProcedure); // Return distinct Id results. diff --git a/src/Sql/dbo/Stored Procedures/Collection_ReadByUserId.sql b/src/Sql/dbo/Stored Procedures/Collection_ReadByUserId.sql index e33013c914..f37d50d2df 100644 --- a/src/Sql/dbo/Stored Procedures/Collection_ReadByUserId.sql +++ b/src/Sql/dbo/Stored Procedures/Collection_ReadByUserId.sql @@ -1,5 +1,6 @@ CREATE PROCEDURE [dbo].[Collection_ReadByUserId] - @UserId UNIQUEIDENTIFIER + @UserId UNIQUEIDENTIFIER, + @WriteOnly BIT AS BEGIN SET NOCOUNT ON @@ -30,4 +31,9 @@ BEGIN OR G.[AccessAll] = 1 OR CG.[CollectionId] IS NOT NULL ) + AND ( + @WriteOnly = 0 + OR CU.[ReadOnly] = 0 + OR CG.[ReadOnly] = 0 + ) END \ No newline at end of file diff --git a/util/Setup/DbScripts/2017-08-30_00_CollectionWriteOnly.sql b/util/Setup/DbScripts/2017-08-30_00_CollectionWriteOnly.sql new file mode 100644 index 0000000000..d4fa34329b --- /dev/null +++ b/util/Setup/DbScripts/2017-08-30_00_CollectionWriteOnly.sql @@ -0,0 +1,46 @@ +IF OBJECT_ID('[dbo].[Collection_ReadByUserId]') IS NOT NULL +BEGIN + DROP PROCEDURE [dbo].[Collection_ReadByUserId] +END +GO + +CREATE PROCEDURE [dbo].[Collection_ReadByUserId] + @UserId UNIQUEIDENTIFIER, + @WriteOnly BIT +AS +BEGIN + SET NOCOUNT ON + + SELECT + C.* + FROM + [dbo].[CollectionView] C + INNER JOIN + [dbo].[OrganizationUser] OU ON C.[OrganizationId] = OU.[OrganizationId] + INNER JOIN + [dbo].[Organization] O ON O.[Id] = C.[OrganizationId] + LEFT JOIN + [dbo].[CollectionUser] CU ON OU.[AccessAll] = 0 AND CU.[CollectionId] = C.[Id] AND CU.[OrganizationUserId] = [OU].[Id] + LEFT JOIN + [dbo].[GroupUser] GU ON CU.[CollectionId] IS NULL AND OU.[AccessAll] = 0 AND GU.[OrganizationUserId] = OU.[Id] + LEFT JOIN + [dbo].[Group] G ON G.[Id] = GU.[GroupId] + LEFT JOIN + [dbo].[CollectionGroup] CG ON G.[AccessAll] = 0 AND CG.[CollectionId] = C.[Id] AND CG.[GroupId] = GU.[GroupId] + WHERE + OU.[UserId] = @UserId + AND OU.[Status] = 2 -- 2 = Confirmed + AND O.[Enabled] = 1 + AND ( + OU.[AccessAll] = 1 + OR CU.[CollectionId] IS NOT NULL + OR G.[AccessAll] = 1 + OR CG.[CollectionId] IS NOT NULL + ) + AND ( + @WriteOnly = 0 + OR CU.[ReadOnly] = 0 + OR CG.[ReadOnly] = 0 + ) +END +GO diff --git a/util/Setup/Setup.csproj b/util/Setup/Setup.csproj index 65a7c9970a..869196201a 100644 --- a/util/Setup/Setup.csproj +++ b/util/Setup/Setup.csproj @@ -7,6 +7,7 @@ +