Admins are not limited by collection controls

2025-07-02 16:42:50 -05:00 · 2017-09-06 13:01:22 -04:00
parent 06bdda5717
commit b06aae7cfd
8 changed files with 48 additions and 8 deletions
--- a/src/Sql/Sql.sqlproj
+++ b/src/Sql/Sql.sqlproj
@ -212,5 +212,6 @@
    <Build Include="dbo\Views\InstallationView.sql" />
    <Build Include="dbo\Stored Procedures\Organization_ReadByEnabled.sql" />
    <Build Include="dbo\Stored Procedures\User_ReadByPremium.sql" />
+    <Build Include="dbo\Stored Procedures\CipherDetails_ReadById.sql" />
  </ItemGroup>
 </Project>
--- a/src/Sql/dbo/Functions/CipherDetails.sql
+++ b/src/Sql/dbo/Functions/CipherDetails.sql
@ -11,13 +11,15 @@ SELECT
    C.[CreationDate],
    C.[RevisionDate],
    CASE WHEN
-        C.[Favorites] IS NULL
+        @UserId IS NULL
+        OR C.[Favorites] IS NULL
        OR JSON_VALUE(C.[Favorites], CONCAT('$."', @UserId, '"')) IS NULL
    THEN 0
    ELSE 1
    END [Favorite],
    CASE WHEN
-        C.[Folders] IS NULL
+        @UserId IS NULL
+        OR C.[Folders] IS NULL
    THEN NULL
    ELSE TRY_CONVERT(UNIQUEIDENTIFIER, JSON_VALUE(C.[Folders], CONCAT('$."', @UserId, '"')))
    END [FolderId]
--- a/Procedures/CipherDetails_ReadById.sql
+++ b/Procedures/CipherDetails_ReadById.sql
@ -0,0 +1,20 @@
+CREATE PROCEDURE [dbo].[CipherDetails_ReadById]
+    @Id UNIQUEIDENTIFIER
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        C.*,
+        1 [Edit],
+        CASE 
+            WHEN O.[UseTotp] = 1 THEN 1
+            ELSE 0
+        END [OrganizationUseTotp]
+    FROM
+        [dbo].[CipherDetails](NULL) C
+    LEFT JOIN
+        [dbo].[Organization] O ON O.[Id] = C.[OrganizationId]
+    WHERE
+        C.[Id] = @Id
+END
--- a/Procedures/CipherDetails_ReadByUserIdHasCollection.sql
+++ b/Procedures/CipherDetails_ReadByUserIdHasCollection.sql
@ -9,7 +9,11 @@ BEGIN
        CASE 
            WHEN C.[UserId] IS NOT NULL OR OU.[AccessAll] = 1 OR CU.[ReadOnly] = 0 OR G.[AccessAll] = 1 OR CG.[ReadOnly] = 0 THEN 1
            ELSE 0
-        END [Edit]
+        END [Edit],
+        CASE 
+            WHEN C.[UserId] IS NULL AND O.[UseTotp] = 1 THEN 1
+            ELSE 0
+        END [OrganizationUseTotp]
    FROM
        [dbo].[CipherDetails](@UserId) C
    INNER JOIN
--- a/Procedures/Cipher_ReadCanEditByIdUserId.sql
+++ b/Procedures/Cipher_ReadCanEditByIdUserId.sql
@ -14,7 +14,7 @@ BEGIN
                ELSE 0
            END [Edit]
        FROM
-            [dbo].[CipherDetails](@UserId) C
+            [dbo].[Cipher] C
        LEFT JOIN
            [dbo].[Organization] O ON C.[UserId] IS NULL AND O.[Id] = C.[OrganizationId]
        LEFT JOIN