read collection that are write only

2025-06-30 15:42:48 -05:00 · 2017-08-30 15:57:17 -04:00
parent ff22e00ec5
commit 5bda2ef32f
6 changed files with 60 additions and 8 deletions
--- a/src/Api/Controllers/CollectionsController.cs
+++ b/src/Api/Controllers/CollectionsController.cs
@ -72,15 +72,14 @@ namespace Bit.Api.Controllers
        }

        [HttpGet("~/collections")]
-        public async Task<ListResponseModel<CollectionResponseModel>> GetUser()
+        public async Task<ListResponseModel<CollectionResponseModel>> GetUser([FromQuery]bool writeOnly = false)
        {
-            var collections = await _collectionRepository.GetManyByUserIdAsync(_userService.GetProperUserId(User).Value);
+            var collections = await _collectionRepository.GetManyByUserIdAsync(
+                _userService.GetProperUserId(User).Value, writeOnly);
            var responses = collections.Select(c => new CollectionResponseModel(c));
            return new ListResponseModel<CollectionResponseModel>(responses);
        }

-
-
        [HttpGet("{id}/users")]
        public async Task<ListResponseModel<CollectionUserResponseModel>> GetUsers(string orgId, string id)
        {
--- a/src/Core/Repositories/ICollectionRepository.cs
+++ b/src/Core/Repositories/ICollectionRepository.cs
@ -11,7 +11,7 @@ namespace Bit.Core.Repositories
        Task<int> GetCountByOrganizationIdAsync(Guid organizationId);
        Task<Tuple<Collection, ICollection<SelectionReadOnly>>> GetByIdWithGroupsAsync(Guid id);
        Task<ICollection<Collection>> GetManyByOrganizationIdAsync(Guid organizationId);
-        Task<ICollection<Collection>> GetManyByUserIdAsync(Guid userId);
+        Task<ICollection<Collection>> GetManyByUserIdAsync(Guid userId, bool writeOnly);
        Task<ICollection<CollectionUserDetails>> GetManyUserDetailsByIdAsync(Guid organizationId, Guid collectionId);
        Task CreateAsync(Collection obj, IEnumerable<SelectionReadOnly> groups);
        Task ReplaceAsync(Collection obj, IEnumerable<SelectionReadOnly> groups);
--- a/src/Core/Repositories/SqlServer/CollectionRepository.cs
+++ b/src/Core/Repositories/SqlServer/CollectionRepository.cs
@ -64,13 +64,13 @@ namespace Bit.Core.Repositories.SqlServer
            }
        }

-        public async Task<ICollection<Collection>> GetManyByUserIdAsync(Guid userId)
+        public async Task<ICollection<Collection>> GetManyByUserIdAsync(Guid userId, bool writeOnly)
        {
            using(var connection = new SqlConnection(ConnectionString))
            {
                var results = await connection.QueryAsync<Collection>(
                    $"[{Schema}].[Collection_ReadByUserId]",
-                    new { UserId = userId },
+                    new { UserId = userId, WriteOnly = writeOnly },
                    commandType: CommandType.StoredProcedure);

                // Return distinct Id results.
--- a/Procedures/Collection_ReadByUserId.sql
+++ b/Procedures/Collection_ReadByUserId.sql
@ -1,5 +1,6 @@
 CREATE PROCEDURE [dbo].[Collection_ReadByUserId]
-    @UserId UNIQUEIDENTIFIER
+    @UserId UNIQUEIDENTIFIER,
+    @WriteOnly BIT
 AS
 BEGIN
    SET NOCOUNT ON
@ -30,4 +31,9 @@ BEGIN
            OR G.[AccessAll] = 1
            OR CG.[CollectionId] IS NOT NULL
        )
+        AND (
+            @WriteOnly = 0
+            OR CU.[ReadOnly] = 0
+            OR CG.[ReadOnly] = 0
+        )
 END