From 89efb07eed24f9e5b9f4e65baeb7f827bac734f9 Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Fri, 21 Apr 2017 16:07:06 -0400 Subject: [PATCH] limit AvailableSubvaultsCTE by org id of cipher --- .../Stored Procedures/Cipher_UpdateWithSubvaults.sql | 3 ++- .../SubvaultCipher_UpdateSubvaults.sql | 12 +++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/src/Sql/dbo/Stored Procedures/Cipher_UpdateWithSubvaults.sql b/src/Sql/dbo/Stored Procedures/Cipher_UpdateWithSubvaults.sql index 3971ff35ad..d5278b0d24 100644 --- a/src/Sql/dbo/Stored Procedures/Cipher_UpdateWithSubvaults.sql +++ b/src/Sql/dbo/Stored Procedures/Cipher_UpdateWithSubvaults.sql @@ -36,8 +36,9 @@ BEGIN LEFT JOIN [dbo].[SubvaultUser] SU ON OU.[AccessAllSubvaults] = 0 AND SU.[SubvaultId] = S.[Id] AND SU.[OrganizationUserId] = OU.[Id] WHERE - OU.[Status] = 2 -- Confirmed + O.[Id] = @OrganizationId AND O.[Enabled] = 1 + AND OU.[Status] = 2 -- Confirmed AND (OU.[AccessAllSubvaults] = 1 OR SU.[ReadOnly] = 0) ) INSERT INTO [dbo].[SubvaultCipher] diff --git a/src/Sql/dbo/Stored Procedures/SubvaultCipher_UpdateSubvaults.sql b/src/Sql/dbo/Stored Procedures/SubvaultCipher_UpdateSubvaults.sql index 3e340bdc6a..7d19891af8 100644 --- a/src/Sql/dbo/Stored Procedures/SubvaultCipher_UpdateSubvaults.sql +++ b/src/Sql/dbo/Stored Procedures/SubvaultCipher_UpdateSubvaults.sql @@ -6,6 +6,15 @@ AS BEGIN SET NOCOUNT ON + DECLARE @OrgId UNIQUEIDENTIFIER = ( + SELECT TOP 1 + [OrganizationId] + FROM + [dbo].[Cipher] + WHERE + [Id] = @CipherId + ) + ;WITH [AvailableSubvaultsCTE] AS( SELECT S.[Id] @@ -18,8 +27,9 @@ BEGIN LEFT JOIN [dbo].[SubvaultUser] SU ON OU.[AccessAllSubvaults] = 0 AND SU.[SubvaultId] = S.[Id] AND SU.[OrganizationUserId] = OU.[Id] WHERE - OU.[Status] = 2 -- Confirmed + O.[Id] = @OrgId AND O.[Enabled] = 1 + AND OU.[Status] = 2 -- Confirmed AND (OU.[AccessAllSubvaults] = 1 OR SU.[ReadOnly] = 0) ) MERGE