nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-09 23:28:12 -05:00
Code

read collection that are write only

Browse Source
This commit is contained in:
Kyle Spearrin 2017-08-30 15:57:17 -04:00
parent ff22e00ec5
commit 5bda2ef32f
6 changed files with 60 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/Api/Controllers/CollectionsController.cs
View File

@ -72,15 +72,14 @@ namespace Bit.Api.Controllers
} }
[HttpGet("~/collections")] [HttpGet("~/collections")]
public async Task<ListResponseModel<CollectionResponseModel>> GetUser() public async Task<ListResponseModel<CollectionResponseModel>> GetUser([FromQuery]bool writeOnly = false)
{ {
var collections = await _collectionRepository.GetManyByUserIdAsync(_userService.GetProperUserId(User).Value); var collections = await _collectionRepository.GetManyByUserIdAsync(
_userService.GetProperUserId(User).Value, writeOnly);
var responses = collections.Select(c => new CollectionResponseModel(c)); var responses = collections.Select(c => new CollectionResponseModel(c));
return new ListResponseModel<CollectionResponseModel>(responses); return new ListResponseModel<CollectionResponseModel>(responses);
} }
[HttpGet("{id}/users")] [HttpGet("{id}/users")]
public async Task<ListResponseModel<CollectionUserResponseModel>> GetUsers(string orgId, string id) public async Task<ListResponseModel<CollectionUserResponseModel>> GetUsers(string orgId, string id)
{ {

2
src/Core/Repositories/ICollectionRepository.cs
View File

@ -11,7 +11,7 @@ namespace Bit.Core.Repositories
Task<int> GetCountByOrganizationIdAsync(Guid organizationId); Task<int> GetCountByOrganizationIdAsync(Guid organizationId);
Task<Tuple<Collection, ICollection<SelectionReadOnly>>> GetByIdWithGroupsAsync(Guid id); Task<Tuple<Collection, ICollection<SelectionReadOnly>>> GetByIdWithGroupsAsync(Guid id);
Task<ICollection<Collection>> GetManyByOrganizationIdAsync(Guid organizationId); Task<ICollection<Collection>> GetManyByOrganizationIdAsync(Guid organizationId);
Task<ICollection<Collection>> GetManyByUserIdAsync(Guid userId); Task<ICollection<Collection>> GetManyByUserIdAsync(Guid userId, bool writeOnly);
Task<ICollection<CollectionUserDetails>> GetManyUserDetailsByIdAsync(Guid organizationId, Guid collectionId); Task<ICollection<CollectionUserDetails>> GetManyUserDetailsByIdAsync(Guid organizationId, Guid collectionId);
Task CreateAsync(Collection obj, IEnumerable<SelectionReadOnly> groups); Task CreateAsync(Collection obj, IEnumerable<SelectionReadOnly> groups);
Task ReplaceAsync(Collection obj, IEnumerable<SelectionReadOnly> groups); Task ReplaceAsync(Collection obj, IEnumerable<SelectionReadOnly> groups);

4
src/Core/Repositories/SqlServer/CollectionRepository.cs
View File

@ -64,13 +64,13 @@ namespace Bit.Core.Repositories.SqlServer
} }
} }
public async Task<ICollection<Collection>> GetManyByUserIdAsync(Guid userId) public async Task<ICollection<Collection>> GetManyByUserIdAsync(Guid userId, bool writeOnly)
{ {
using(var connection = new SqlConnection(ConnectionString)) using(var connection = new SqlConnection(ConnectionString))
{ {
var results = await connection.QueryAsync<Collection>( var results = await connection.QueryAsync<Collection>(
$"[{Schema}].[Collection_ReadByUserId]", $"[{Schema}].[Collection_ReadByUserId]",
new { UserId = userId }, new { UserId = userId, WriteOnly = writeOnly },
commandType: CommandType.StoredProcedure); commandType: CommandType.StoredProcedure);
// Return distinct Id results. // Return distinct Id results.

8
src/Sql/dbo/Stored Procedures/Collection_ReadByUserId.sql
View File

@ -1,5 +1,6 @@
CREATE PROCEDURE [dbo].[Collection_ReadByUserId] CREATE PROCEDURE [dbo].[Collection_ReadByUserId]
@UserId UNIQUEIDENTIFIER @UserId UNIQUEIDENTIFIER,
@WriteOnly BIT
AS AS
BEGIN BEGIN
SET NOCOUNT ON SET NOCOUNT ON
@ -30,4 +31,9 @@ BEGIN
OR G.[AccessAll] = 1 OR G.[AccessAll] = 1
OR CG.[CollectionId] IS NOT NULL OR CG.[CollectionId] IS NOT NULL
) )
AND (
@WriteOnly = 0
OR CU.[ReadOnly] = 0
OR CG.[ReadOnly] = 0
)
END END

46
util/Setup/DbScripts/2017-08-30_00_CollectionWriteOnly.sql Normal file
View File

@ -0,0 +1,46 @@
IF OBJECT_ID('[dbo].[Collection_ReadByUserId]') IS NOT NULL
BEGIN
DROP PROCEDURE [dbo].[Collection_ReadByUserId]
END
GO
CREATE PROCEDURE [dbo].[Collection_ReadByUserId]
@UserId UNIQUEIDENTIFIER,
@WriteOnly BIT
AS
BEGIN
SET NOCOUNT ON
SELECT
C.*
FROM
[dbo].[CollectionView] C
INNER JOIN
[dbo].[OrganizationUser] OU ON C.[OrganizationId] = OU.[OrganizationId]
INNER JOIN
[dbo].[Organization] O ON O.[Id] = C.[OrganizationId]
LEFT JOIN
[dbo].[CollectionUser] CU ON OU.[AccessAll] = 0 AND CU.[CollectionId] = C.[Id] AND CU.[OrganizationUserId] = [OU].[Id]
LEFT JOIN
[dbo].[GroupUser] GU ON CU.[CollectionId] IS NULL AND OU.[AccessAll] = 0 AND GU.[OrganizationUserId] = OU.[Id]
LEFT JOIN
[dbo].[Group] G ON G.[Id] = GU.[GroupId]
LEFT JOIN
[dbo].[CollectionGroup] CG ON G.[AccessAll] = 0 AND CG.[CollectionId] = C.[Id] AND CG.[GroupId] = GU.[GroupId]
WHERE
OU.[UserId] = @UserId
AND OU.[Status] = 2 -- 2 = Confirmed
AND O.[Enabled] = 1
AND (
OU.[AccessAll] = 1
OR CU.[CollectionId] IS NOT NULL
OR G.[AccessAll] = 1
OR CG.[CollectionId] IS NOT NULL
)
AND (
@WriteOnly = 0
OR CU.[ReadOnly] = 0
OR CG.[ReadOnly] = 0
)
END
GO

1
util/Setup/Setup.csproj
View File

@ -7,6 +7,7 @@
</PropertyGroup> </PropertyGroup>
<ItemGroup> <ItemGroup>
<EmbeddedResource Include="DbScripts\2017-08-30_00_CollectionWriteOnly.sql" />
<EmbeddedResource Include="DbScripts\2017-08-22_00_LicenseCheckScripts.sql" /> <EmbeddedResource Include="DbScripts\2017-08-22_00_LicenseCheckScripts.sql" />
<EmbeddedResource Include="DbScripts\2017-08-19_00_InitialSetup.sql" /> <EmbeddedResource Include="DbScripts\2017-08-19_00_InitialSetup.sql" />
</ItemGroup> </ItemGroup>