return collection readonly details

src/Api/Controllers/CollectionsController.cs

@@ -46,7 +46,7 @@ namespace Bit.Api.Controllers
         }
 
         [HttpGet("{id}/details")]
-        public async Task<CollectionDetailsResponseModel> GetDetails(string orgId, string id)
+        public async Task<CollectionGroupDetailsResponseModel> GetDetails(string orgId, string id)
         {
             var collectionDetails = await _collectionRepository.GetByIdWithGroupsAsync(new Guid(id));
             if(collectionDetails?.Item1 == null || !_currentContext.OrganizationAdmin(collectionDetails.Item1.OrganizationId))
@@ -54,7 +54,7 @@ namespace Bit.Api.Controllers
                 throw new NotFoundException();
             }
 
-            return new CollectionDetailsResponseModel(collectionDetails.Item1, collectionDetails.Item2);
+            return new CollectionGroupDetailsResponseModel(collectionDetails.Item1, collectionDetails.Item2);
         }
 
         [HttpGet("")]
@@ -72,12 +72,19 @@ namespace Bit.Api.Controllers
         }
 
         [HttpGet("~/collections")]
-        public async Task<ListResponseModel<CollectionResponseModel>> GetUser([FromQuery]bool writeOnly = false)
+        public async Task<ListResponseModel<CollectionDetailsResponseModel>> GetUser([FromQuery]bool writeOnly = false)
         {
             var collections = await _collectionRepository.GetManyByUserIdAsync(
-                _userService.GetProperUserId(User).Value, writeOnly);
+                _userService.GetProperUserId(User).Value);
-            var responses = collections.Select(c => new CollectionResponseModel(c));
+
-            return new ListResponseModel<CollectionResponseModel>(responses);
+            // TODO: Deprecated. writeOnly flag can be removed after v1.21.0
+            if(writeOnly)
+            {
+                collections = collections.Where(c => !c.ReadOnly).ToList();
+            }
+
+            var responses = collections.Select(c => new CollectionDetailsResponseModel(c));
+            return new ListResponseModel<CollectionDetailsResponseModel>(responses);
         }
 
         [HttpGet("{id}/users")]

src/Api/Controllers/SyncController.cs

@@ -11,6 +11,7 @@ using Bit.Core.Exceptions;
 using System.Linq;
 using Bit.Core.Models.Table;
 using System.Collections.Generic;
+using Bit.Core.Models.Data;
 
 namespace Bit.Api.Controllers
 {
@@ -59,11 +60,11 @@ namespace Bit.Api.Controllers
             var folders = await _folderRepository.GetManyByUserIdAsync(user.Id);
             var ciphers = await _cipherRepository.GetManyByUserIdAsync(user.Id, hasEnabledOrgs);
 
-            IEnumerable<Collection> collections = null;
+            IEnumerable<CollectionDetails> collections = null;
             IDictionary<Guid, IGrouping<Guid, CollectionCipher>> collectionCiphersGroupDict = null;
             if(hasEnabledOrgs)
             {
-                collections = await _collectionRepository.GetManyByUserIdAsync(user.Id, false);
+                collections = await _collectionRepository.GetManyByUserIdAsync(user.Id);
                 var collectionCiphers = await _collectionCipherRepository.GetManyByUserIdAsync(user.Id);
                 collectionCiphersGroupDict = collectionCiphers.GroupBy(c => c.CipherId).ToDictionary(s => s.Key);
             }

src/Core/Models/Api/Response/CollectionResponseModel.cs

@@ -28,8 +28,19 @@ namespace Bit.Core.Models.Api
 
     public class CollectionDetailsResponseModel : CollectionResponseModel
     {
-        public CollectionDetailsResponseModel(Collection collection, IEnumerable<SelectionReadOnly> groups)
+        public CollectionDetailsResponseModel(CollectionDetails collectionDetails)
-            : base(collection, "collectionDetails")
+            : base(collectionDetails, "collectionDetails")
+        {
+            ReadOnly = collectionDetails.ReadOnly;
+        }
+
+        public bool ReadOnly { get; set; }
+    }
+
+    public class CollectionGroupDetailsResponseModel : CollectionResponseModel
+    {
+        public CollectionGroupDetailsResponseModel(Collection collection, IEnumerable<SelectionReadOnly> groups)
+            : base(collection, "collectionGroupDetails")
         {
             Groups = groups.Select(g => new SelectionReadOnlyResponseModel(g));
         }

src/Core/Models/Api/Response/SyncResponseModel.cs

@@ -14,7 +14,7 @@ namespace Bit.Core.Models.Api
             User user,
             IEnumerable<OrganizationUserOrganizationDetails> organizationUserDetails,
             IEnumerable<Folder> folders,
-            IEnumerable<Collection> collections,
+            IEnumerable<CollectionDetails> collections,
             IEnumerable<CipherDetails> ciphers,
             IDictionary<Guid, IGrouping<Guid, CollectionCipher>> collectionCiphersDict)
             : base("sync")
@@ -22,13 +22,14 @@ namespace Bit.Core.Models.Api
             Profile = new ProfileResponseModel(user, organizationUserDetails);
             Folders = folders.Select(f => new FolderResponseModel(f));
             Ciphers = ciphers.Select(c => new CipherDetailsResponseModel(c, globalSettings, collectionCiphersDict));
-            Collections = collections?.Select(c => new CollectionResponseModel(c)) ?? new List<CollectionResponseModel>();
+            Collections = collections?.Select(
+                c => new CollectionDetailsResponseModel(c)) ?? new List<CollectionDetailsResponseModel>();
             Domains = new DomainsResponseModel(user, false);
         }
 
         public ProfileResponseModel Profile { get; set; }
         public IEnumerable<FolderResponseModel> Folders { get; set; }
-        public IEnumerable<CollectionResponseModel> Collections { get; set; }
+        public IEnumerable<CollectionDetailsResponseModel> Collections { get; set; }
         public IEnumerable<CipherDetailsResponseModel> Ciphers { get; set; }
         public DomainsResponseModel Domains { get; set; }
     }

src/Core/Models/Data/CollectionDetails.cs

@@ -0,0 +1,9 @@
+using Bit.Core.Models.Table;
+
+namespace Bit.Core.Models.Data
+{
+    public class CollectionDetails : Collection
+    {
+        public bool ReadOnly { get; set; }
+    }
+}

src/Core/Repositories/ICollectionRepository.cs

@@ -11,7 +11,7 @@ namespace Bit.Core.Repositories
         Task<int> GetCountByOrganizationIdAsync(Guid organizationId);
         Task<Tuple<Collection, ICollection<SelectionReadOnly>>> GetByIdWithGroupsAsync(Guid id);
         Task<ICollection<Collection>> GetManyByOrganizationIdAsync(Guid organizationId);
-        Task<ICollection<Collection>> GetManyByUserIdAsync(Guid userId, bool writeOnly);
+        Task<ICollection<CollectionDetails>> GetManyByUserIdAsync(Guid userId);
         Task<ICollection<CollectionUserDetails>> GetManyUserDetailsByIdAsync(Guid organizationId, Guid collectionId);
         Task CreateAsync(Collection obj, IEnumerable<SelectionReadOnly> groups);
         Task ReplaceAsync(Collection obj, IEnumerable<SelectionReadOnly> groups);

src/Core/Repositories/SqlServer/CollectionRepository.cs

@@ -64,13 +64,13 @@ namespace Bit.Core.Repositories.SqlServer
             }
         }
 
-        public async Task<ICollection<Collection>> GetManyByUserIdAsync(Guid userId, bool writeOnly)
+        public async Task<ICollection<CollectionDetails>> GetManyByUserIdAsync(Guid userId)
         {
             using(var connection = new SqlConnection(ConnectionString))
             {
-                var results = await connection.QueryAsync<Collection>(
+                var results = await connection.QueryAsync<CollectionDetails>(
                     $"[{Schema}].[Collection_ReadByUserId]",
-                    new { UserId = userId, WriteOnly = writeOnly },
+                    new { UserId = userId },
                     commandType: CommandType.StoredProcedure);
 
                 // Return distinct Id results.

src/Sql/dbo/Stored Procedures/Collection_ReadByUserId.sql

@@ -1,12 +1,20 @@
 CREATE PROCEDURE [dbo].[Collection_ReadByUserId]
-    @UserId UNIQUEIDENTIFIER,
+    @UserId UNIQUEIDENTIFIER
-    @WriteOnly BIT
 AS
 BEGIN
     SET NOCOUNT ON
 
     SELECT
-        C.*
+        C.*,
+        CASE
+            WHEN
+                OU.[AccessAll] = 1
+                OR G.[AccessAll] = 1
+                OR CU.[ReadOnly] = 0
+                OR CG.[ReadOnly] = 0
+            THEN 1
+            ELSE 0
+        END [ReadOnly]
     FROM
         [dbo].[CollectionView] C
     INNER JOIN
@@ -31,11 +39,4 @@ BEGIN
             OR G.[AccessAll] = 1
             OR CG.[CollectionId] IS NOT NULL
         )
-        AND (
-            @WriteOnly = 0
-            OR OU.[AccessAll] = 1
-            OR G.[AccessAll] = 1
-            OR CU.[ReadOnly] = 0
-            OR CG.[ReadOnly] = 0
-        )
 END

util/Setup/DbScripts/2018-06-11_00_WebVaultUpdates.sql

@@ -0,0 +1,49 @@
+IF OBJECT_ID('[dbo].[Collection_ReadByUserId]') IS NOT NULL
+BEGIN
+    DROP PROCEDURE [dbo].[Collection_ReadByUserId]
+END
+GO
+
+CREATE PROCEDURE [dbo].[Collection_ReadByUserId]
+    @UserId UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        C.*,
+        CASE
+            WHEN
+                OU.[AccessAll] = 1
+                OR G.[AccessAll] = 1
+                OR CU.[ReadOnly] = 0
+                OR CG.[ReadOnly] = 0
+            THEN 1
+            ELSE 0
+        END [ReadOnly]
+    FROM
+        [dbo].[CollectionView] C
+    INNER JOIN
+        [dbo].[OrganizationUser] OU ON C.[OrganizationId] = OU.[OrganizationId]
+    INNER JOIN
+        [dbo].[Organization] O ON O.[Id] = C.[OrganizationId]
+    LEFT JOIN
+        [dbo].[CollectionUser] CU ON OU.[AccessAll] = 0 AND CU.[CollectionId] = C.[Id] AND CU.[OrganizationUserId] = [OU].[Id]
+    LEFT JOIN
+        [dbo].[GroupUser] GU ON CU.[CollectionId] IS NULL AND OU.[AccessAll] = 0 AND GU.[OrganizationUserId] = OU.[Id]
+    LEFT JOIN
+        [dbo].[Group] G ON G.[Id] = GU.[GroupId]
+    LEFT JOIN
+        [dbo].[CollectionGroup] CG ON G.[AccessAll] = 0 AND CG.[CollectionId] = C.[Id] AND CG.[GroupId] = GU.[GroupId]
+    WHERE
+        OU.[UserId] = @UserId
+        AND OU.[Status] = 2 -- 2 = Confirmed
+        AND O.[Enabled] = 1
+        AND (
+            OU.[AccessAll] = 1
+            OR CU.[CollectionId] IS NOT NULL
+            OR G.[AccessAll] = 1
+            OR CG.[CollectionId] IS NOT NULL
+        )
+END
+GO

util/Setup/Setup.csproj

@@ -10,9 +10,11 @@
   <ItemGroup>
     <None Remove="DbScripts\2018-04-02_00_Org2fa.sql" />
     <None Remove="DbScripts\2018-04-24_00_CipherQueryTuning.sql" />
+    <None Remove="DbScripts\2018-06-11_00_WebVaultUpdates.sql" />
   </ItemGroup>
 
   <ItemGroup>
+    <EmbeddedResource Include="DbScripts\2018-06-11_00_WebVaultUpdates.sql" />
     <EmbeddedResource Include="DbScripts\2018-04-24_00_CipherQueryTuning.sql" />
     <EmbeddedResource Include="DbScripts\2018-04-02_00_Org2fa.sql" />
     <EmbeddedResource Include="DbScripts\2018-03-21_00_AdminPortal.sql" />