nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 15:42:48 -05:00
Code Activity

Fix policy enforcement against invited users (#1680)

Browse Source
This commit is contained in:
Thomas Rittson
2021-11-03 07:08:13 +10:00
committed by GitHub
parent 07b8e2a946
commit e57bef6af4
4 changed files with 98 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/Core/Repositories/EntityFramework/Queries/PolicyReadByTypeApplicableToUserQuery.cs
View File

@ -27,10 +27,19 @@ namespace Bit.Core.Repositories.EntityFramework.Queries
on pu.ProviderId equals po.ProviderId
select po;
string userEmail = null;
if (_minimumStatus == OrganizationUserStatusType.Invited)
{
// Invited orgUsers do not have a UserId associated with them, so we have to match up their email
userEmail = dbContext.Users.Find(_userId)?.Email;
}
var query = from p in dbContext.Policies
join ou in dbContext.OrganizationUsers
on p.OrganizationId equals ou.OrganizationId
where ou.UserId == _userId &&
where
((_minimumStatus > OrganizationUserStatusType.Invited && ou.UserId == _userId) ||
(_minimumStatus == OrganizationUserStatusType.Invited && ou.Email == userEmail)) &&
p.Type == _policyType &&
p.Enabled &&
ou.Status >= _minimumStatus &&

11
src/Sql/dbo/Functions/PolicyApplicableToUser.sql
View File

@ -23,7 +23,16 @@ LEFT JOIN
ON PUPO.UserId = OU.UserId
AND PUPO.OrganizationId = P.OrganizationId
WHERE
OU.[UserId] = @UserId
(
(
OU.[Status] > 0
AND OU.[UserId] = @UserId
)
OR (
OU.[Status] = 0 -- 'Invited' OrgUsers are not linked to a UserId yet, so we have to look up their email
AND OU.[Email] IN (SELECT U.Email FROM [dbo].[UserView] U WHERE U.Id = @UserId)
)
)
AND P.[Type] = @PolicyType
AND P.[Enabled] = 1
AND OU.[Status] >= @MinimumStatus