nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 05:00:19 -05:00
Code

fix issues on cipher admin endpoints

Browse Source
This commit is contained in:
Kyle Spearrin 2019-05-01 09:38:13 -04:00
parent 044f21df29
commit b4148d3532
8 changed files with 56 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/Api/Controllers/CiphersController.cs
View File

@ -56,16 +56,16 @@ namespace Bit.Api.Controllers
} }
[HttpGet("{id}/admin")] [HttpGet("{id}/admin")]
public async Task<CipherResponseModel> GetAdmin(string id) public async Task<CipherMiniResponseModel> GetAdmin(string id)
{ {
var cipher = await _cipherRepository.GetDetailsByIdAsync(new Guid(id)); var cipher = await _cipherRepository.GetOrganizationDetailsByIdAsync(new Guid(id));
if(cipher == null || !cipher.OrganizationId.HasValue || if(cipher == null || !cipher.OrganizationId.HasValue ||
!_currentContext.OrganizationAdmin(cipher.OrganizationId.Value)) !_currentContext.OrganizationAdmin(cipher.OrganizationId.Value))
{ {
throw new NotFoundException(); throw new NotFoundException();
} }
return new CipherResponseModel(cipher, _globalSettings); return new CipherMiniResponseModel(cipher, _globalSettings, cipher.OrganizationUseTotp);
} }
[HttpGet("{id}/full-details")] [HttpGet("{id}/full-details")]
@ -179,7 +179,7 @@ namespace Bit.Api.Controllers
public async Task<CipherMiniResponseModel> PutAdmin(string id, [FromBody]CipherRequestModel model) public async Task<CipherMiniResponseModel> PutAdmin(string id, [FromBody]CipherRequestModel model)
{ {
var userId = _userService.GetProperUserId(User).Value; var userId = _userService.GetProperUserId(User).Value;
var cipher = await _cipherRepository.GetDetailsByIdAsync(new Guid(id)); var cipher = await _cipherRepository.GetOrganizationDetailsByIdAsync(new Guid(id));
if(cipher == null || !cipher.OrganizationId.HasValue || if(cipher == null || !cipher.OrganizationId.HasValue ||
!_currentContext.OrganizationAdmin(cipher.OrganizationId.Value)) !_currentContext.OrganizationAdmin(cipher.OrganizationId.Value))
{ {
@ -461,13 +461,13 @@ namespace Bit.Api.Controllers
[HttpPost("{id}/attachment-admin")] [HttpPost("{id}/attachment-admin")]
[RequestSizeLimit(105_906_176)] [RequestSizeLimit(105_906_176)]
[DisableFormValueModelBinding] [DisableFormValueModelBinding]
public async Task<CipherResponseModel> PostAttachmentAdmin(string id) public async Task<CipherMiniResponseModel> PostAttachmentAdmin(string id)
{ {
ValidateAttachment(); ValidateAttachment();
var idGuid = new Guid(id); var idGuid = new Guid(id);
var userId = _userService.GetProperUserId(User).Value; var userId = _userService.GetProperUserId(User).Value;
var cipher = await _cipherRepository.GetDetailsByIdAsync(idGuid); var cipher = await _cipherRepository.GetOrganizationDetailsByIdAsync(idGuid);
if(cipher == null || !cipher.OrganizationId.HasValue || if(cipher == null || !cipher.OrganizationId.HasValue ||
!_currentContext.OrganizationAdmin(cipher.OrganizationId.Value)) !_currentContext.OrganizationAdmin(cipher.OrganizationId.Value))
{ {
@ -480,7 +480,7 @@ namespace Bit.Api.Controllers
Request.ContentLength.GetValueOrDefault(0), userId, true); Request.ContentLength.GetValueOrDefault(0), userId, true);
}); });
return new CipherResponseModel(cipher, _globalSettings); return new CipherMiniResponseModel(cipher, _globalSettings, cipher.OrganizationUseTotp);
} }
[HttpPost("{id}/attachment/{attachmentId}/share")] [HttpPost("{id}/attachment/{attachmentId}/share")]

6
src/Core/Models/Data/CipherDetails.cs
View File

@ -1,13 +1,11 @@
using Bit.Core.Models.Table; using System;
using System;
namespace Core.Models.Data namespace Core.Models.Data
{ {
public class CipherDetails : Cipher public class CipherDetails : CipherOrganizationDetails
{ {
public Guid? FolderId { get; set; } public Guid? FolderId { get; set; }
public bool Favorite { get; set; } public bool Favorite { get; set; }
public bool Edit { get; set; } public bool Edit { get; set; }
public bool OrganizationUseTotp { get; set; }
} }
} }

9
src/Core/Models/Data/CipherOrganizationDetails.cs Normal file
View File

@ -0,0 +1,9 @@
using Bit.Core.Models.Table;
namespace Core.Models.Data
{
public class CipherOrganizationDetails : Cipher
{
public bool OrganizationUseTotp { get; set; }
}
}

2
src/Core/Repositories/ICipherRepository.cs
View File

@ -10,7 +10,7 @@ namespace Bit.Core.Repositories
public interface ICipherRepository : IRepository<Cipher, Guid> public interface ICipherRepository : IRepository<Cipher, Guid>
{ {
Task<CipherDetails> GetByIdAsync(Guid id, Guid userId); Task<CipherDetails> GetByIdAsync(Guid id, Guid userId);
Task<CipherDetails> GetDetailsByIdAsync(Guid id); Task<CipherOrganizationDetails> GetOrganizationDetailsByIdAsync(Guid id);
Task<bool> GetCanEditByIdAsync(Guid userId, Guid cipherId); Task<bool> GetCanEditByIdAsync(Guid userId, Guid cipherId);
Task<ICollection<CipherDetails>> GetManyByUserIdAsync(Guid userId, bool withOrganizations = true); Task<ICollection<CipherDetails>> GetManyByUserIdAsync(Guid userId, bool withOrganizations = true);
Task<ICollection<Cipher>> GetManyByOrganizationIdAsync(Guid organizationId); Task<ICollection<Cipher>> GetManyByOrganizationIdAsync(Guid organizationId);

4
src/Core/Repositories/SqlServer/CipherRepository.cs
View File

@ -36,12 +36,12 @@ namespace Bit.Core.Repositories.SqlServer
} }
} }
public async Task<CipherDetails> GetDetailsByIdAsync(Guid id) public async Task<CipherOrganizationDetails> GetOrganizationDetailsByIdAsync(Guid id)
{ {
using(var connection = new SqlConnection(ConnectionString)) using(var connection = new SqlConnection(ConnectionString))
{ {
var results = await connection.QueryAsync<CipherDetails>( var results = await connection.QueryAsync<CipherDetails>(
$"[{Schema}].[CipherDetails_ReadById]", $"[{Schema}].[CipherOrganizationDetails_ReadById]",
new { Id = id }, new { Id = id },
commandType: CommandType.StoredProcedure); commandType: CommandType.StoredProcedure);

2
src/Sql/Sql.sqlproj
View File

@ -209,7 +209,7 @@
<Build Include="dbo\Views\InstallationView.sql" /> <Build Include="dbo\Views\InstallationView.sql" />
<Build Include="dbo\Stored Procedures\Organization_ReadByEnabled.sql" /> <Build Include="dbo\Stored Procedures\Organization_ReadByEnabled.sql" />
<Build Include="dbo\Stored Procedures\User_ReadByPremium.sql" /> <Build Include="dbo\Stored Procedures\User_ReadByPremium.sql" />
<Build Include="dbo\Stored Procedures\CipherDetails_ReadById.sql" /> <Build Include="dbo\Stored Procedures\CipherOrganizationDetails_ReadById.sql" />
<Build Include="dbo\Stored Procedures\Cipher_DeleteByUserId.sql" /> <Build Include="dbo\Stored Procedures\Cipher_DeleteByUserId.sql" />
<Build Include="dbo\Stored Procedures\User_BumpAccountRevisionDateByCollectionId.sql" /> <Build Include="dbo\Stored Procedures\User_BumpAccountRevisionDateByCollectionId.sql" />
<Build Include="dbo\Stored Procedures\User_BumpAccountRevisionDateByCipherId.sql" /> <Build Include="dbo\Stored Procedures\User_BumpAccountRevisionDateByCipherId.sql" />

5
src/Sql/dbo/Stored Procedures/CipherDetails_ReadById.sql → src/Sql/dbo/Stored Procedures/CipherOrganizationDetails_ReadById.sql
View File

@ -1,4 +1,4 @@
CREATE PROCEDURE [dbo].[CipherDetails_ReadById] CREATE PROCEDURE [dbo].[CipherOrganizationDetails_ReadById]
@Id UNIQUEIDENTIFIER @Id UNIQUEIDENTIFIER
AS AS
BEGIN BEGIN
@ -6,13 +6,12 @@ BEGIN
SELECT SELECT
C.*, C.*,
1 [Edit],
CASE CASE
WHEN O.[UseTotp] = 1 THEN 1 WHEN O.[UseTotp] = 1 THEN 1
ELSE 0 ELSE 0
END [OrganizationUseTotp] END [OrganizationUseTotp]
FROM FROM
[dbo].[CipherDetails](NULL) C [dbo].[CipherView] C
LEFT JOIN LEFT JOIN
[dbo].[Organization] O ON O.[Id] = C.[OrganizationId] [dbo].[Organization] O ON O.[Id] = C.[OrganizationId]
WHERE WHERE

32
util/Migrator/DbScripts/2019-05-01_00_CipherOrgDetailsFix.sql Normal file
View File

@ -0,0 +1,32 @@
IF OBJECT_ID('[dbo].[CipherDetails_ReadById]') IS NOT NULL
BEGIN
DROP PROCEDURE [dbo].[CipherDetails_ReadById]
END
GO
IF OBJECT_ID('[dbo].[CipherOrganizationDetails_ReadById]') IS NOT NULL
BEGIN
DROP PROCEDURE [dbo].[CipherOrganizationDetails_ReadById]
END
GO
CREATE PROCEDURE [dbo].[CipherOrganizationDetails_ReadById]
@Id UNIQUEIDENTIFIER
AS
BEGIN
SET NOCOUNT ON
SELECT
C.*,
CASE
WHEN O.[UseTotp] = 1 THEN 1
ELSE 0
END [OrganizationUseTotp]
FROM
[dbo].[CipherView] C
LEFT JOIN
[dbo].[Organization] O ON O.[Id] = C.[OrganizationId]
WHERE
C.[Id] = @Id
END
GO