CREATE OR ALTER PROCEDURE [dbo].[UserSecurityTasks_GetManyByCipherIds]
@OrganizationId UNIQUEIDENTIFIER,
@CipherIds AS [dbo].[GuidIdArray] READONLY
AS
BEGIN
SET NOCOUNT ON
;WITH BaseCiphers AS (
SELECT C.[Id], C.[OrganizationId]
FROM [dbo].[Cipher] C
INNER JOIN @CipherIds CI ON C.[Id] = CI.[Id]
INNER JOIN [dbo].[Organization] O ON
O.[Id] = C.[OrganizationId]
AND O.[Id] = @OrganizationId
AND O.[Enabled] = 1
),
UserPermissions AS (
SELECT DISTINCT
CC.[CipherId],
OU.[UserId],
COALESCE(CU.[Manage], 0) as [Manage]
FROM [dbo].[CollectionCipher] CC
INNER JOIN [dbo].[CollectionUser] CU ON
CU.[CollectionId] = CC.[CollectionId]
INNER JOIN [dbo].[OrganizationUser] OU ON
CU.[OrganizationUserId] = OU.[Id]
AND OU.[OrganizationId] = @OrganizationId
WHERE COALESCE(CU.[Manage], 0) = 1
),
GroupPermissions AS (
SELECT DISTINCT
CC.[CipherId],
OU.[UserId],
COALESCE(CG.[Manage], 0) as [Manage]
FROM [dbo].[CollectionCipher] CC
INNER JOIN [dbo].[CollectionGroup] CG ON
CG.[CollectionId] = CC.[CollectionId]
INNER JOIN [dbo].[GroupUser] GU ON
GU.[GroupId] = CG.[GroupId]
INNER JOIN [dbo].[OrganizationUser] OU ON
GU.[OrganizationUserId] = OU.[Id]
AND OU.[OrganizationId] = @OrganizationId
WHERE COALESCE(CG.[Manage], 0) = 1
AND NOT EXISTS (
SELECT 1
FROM UserPermissions UP
WHERE UP.[CipherId] = CC.[CipherId]
AND UP.[UserId] = OU.[UserId]
)
),
CombinedPermissions AS (
SELECT CipherId, UserId, [Manage]
FROM UserPermissions
UNION
SELECT CipherId, UserId, [Manage]
FROM GroupPermissions
)
SELECT
P.[UserId],
U.[Email],
C.[Id] as CipherId
FROM BaseCiphers C
INNER JOIN CombinedPermissions P ON P.CipherId = C.[Id]
INNER JOIN [dbo].[User] U ON U.[Id] = P.[UserId]
WHERE P.[Manage] = 1
ORDER BY U.[Email], C.[Id]
END
GO