nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-06 21:48:12 -05:00
Code

limit AvailableSubvaultsCTE by org id of cipher

Browse Source
This commit is contained in:
Kyle Spearrin 2017-04-21 16:07:06 -04:00
parent 0e2e39e747
commit 89efb07eed
2 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Sql/dbo/Stored Procedures/Cipher_UpdateWithSubvaults.sql
View File

@ -36,8 +36,9 @@ BEGIN
LEFT JOIN LEFT JOIN
[dbo].[SubvaultUser] SU ON OU.[AccessAllSubvaults] = 0 AND SU.[SubvaultId] = S.[Id] AND SU.[OrganizationUserId] = OU.[Id] [dbo].[SubvaultUser] SU ON OU.[AccessAllSubvaults] = 0 AND SU.[SubvaultId] = S.[Id] AND SU.[OrganizationUserId] = OU.[Id]
WHERE WHERE
OU.[Status] = 2 -- Confirmed O.[Id] = @OrganizationId
AND O.[Enabled] = 1 AND O.[Enabled] = 1
AND OU.[Status] = 2 -- Confirmed
AND (OU.[AccessAllSubvaults] = 1 OR SU.[ReadOnly] = 0) AND (OU.[AccessAllSubvaults] = 1 OR SU.[ReadOnly] = 0)
) )
INSERT INTO [dbo].[SubvaultCipher] INSERT INTO [dbo].[SubvaultCipher]

12
src/Sql/dbo/Stored Procedures/SubvaultCipher_UpdateSubvaults.sql
View File

@ -6,6 +6,15 @@ AS
BEGIN BEGIN
SET NOCOUNT ON SET NOCOUNT ON
DECLARE @OrgId UNIQUEIDENTIFIER = (
SELECT TOP 1
[OrganizationId]
FROM
[dbo].[Cipher]
WHERE
[Id] = @CipherId
)
;WITH [AvailableSubvaultsCTE] AS( ;WITH [AvailableSubvaultsCTE] AS(
SELECT SELECT
S.[Id] S.[Id]
@ -18,8 +27,9 @@ BEGIN
LEFT JOIN LEFT JOIN
[dbo].[SubvaultUser] SU ON OU.[AccessAllSubvaults] = 0 AND SU.[SubvaultId] = S.[Id] AND SU.[OrganizationUserId] = OU.[Id] [dbo].[SubvaultUser] SU ON OU.[AccessAllSubvaults] = 0 AND SU.[SubvaultId] = S.[Id] AND SU.[OrganizationUserId] = OU.[Id]
WHERE WHERE
OU.[Status] = 2 -- Confirmed O.[Id] = @OrgId
AND O.[Enabled] = 1 AND O.[Enabled] = 1
AND OU.[Status] = 2 -- Confirmed
AND (OU.[AccessAllSubvaults] = 1 OR SU.[ReadOnly] = 0) AND (OU.[AccessAllSubvaults] = 1 OR SU.[ReadOnly] = 0)
) )
MERGE MERGE