bitwarden/util/Migrator/DbScripts/2025-02-11_00_UserSecurityTasks_GetManyByCipherIds.sql

CREATE OR ALTER PROCEDURE [dbo].[UserSecurityTasks_GetManyByCipherIds]
    @OrganizationId UNIQUEIDENTIFIER,
    @CipherIds AS [dbo].[GuidIdArray] READONLY
AS
BEGIN
    SET NOCOUNT ON

    ;WITH BaseCiphers AS (
        SELECT C.[Id], C.[OrganizationId]
        FROM [dbo].[Cipher] C
        INNER JOIN @CipherIds CI ON C.[Id] = CI.[Id]
        INNER JOIN [dbo].[Organization] O ON
            O.[Id] = C.[OrganizationId]
            AND O.[Id] = @OrganizationId
            AND O.[Enabled] = 1
    ),
    UserPermissions AS (
        SELECT DISTINCT
            CC.[CipherId],
            OU.[UserId],
            COALESCE(CU.[Manage], 0) as [Manage]
        FROM [dbo].[CollectionCipher] CC
        INNER JOIN [dbo].[CollectionUser] CU ON
            CU.[CollectionId] = CC.[CollectionId]
        INNER JOIN [dbo].[OrganizationUser] OU ON
            CU.[OrganizationUserId] = OU.[Id]
            AND OU.[OrganizationId] = @OrganizationId
        WHERE COALESCE(CU.[Manage], 0) = 1
    ),
    GroupPermissions AS (
        SELECT DISTINCT
            CC.[CipherId],
            OU.[UserId],
            COALESCE(CG.[Manage], 0) as [Manage]
        FROM [dbo].[CollectionCipher] CC
        INNER JOIN [dbo].[CollectionGroup] CG ON
            CG.[CollectionId] = CC.[CollectionId]
        INNER JOIN [dbo].[GroupUser] GU ON
            GU.[GroupId] = CG.[GroupId]
        INNER JOIN [dbo].[OrganizationUser] OU ON
            GU.[OrganizationUserId] = OU.[Id]
            AND OU.[OrganizationId] = @OrganizationId
        WHERE COALESCE(CG.[Manage], 0) = 1
            AND NOT EXISTS (
                SELECT 1
                FROM UserPermissions UP
                WHERE UP.[CipherId] = CC.[CipherId]
                AND UP.[UserId] = OU.[UserId]
            )
    ),
    CombinedPermissions AS (
        SELECT CipherId, UserId, [Manage]
        FROM UserPermissions
        UNION
        SELECT CipherId, UserId, [Manage]
        FROM GroupPermissions
    )
    SELECT
        P.[UserId],
        U.[Email],
        C.[Id] as CipherId
    FROM BaseCiphers C
    INNER JOIN CombinedPermissions P ON P.CipherId = C.[Id]
    INNER JOIN [dbo].[User] U ON U.[Id] = P.[UserId]
    WHERE P.[Manage] = 1
    ORDER BY U.[Email], C.[Id]
END
GO