Merge pull request #13 from mprasil/cipher_collection

Implement Collection-Cipher mapping
This commit is contained in:
Daniel García 2018-05-11 22:55:05 +02:00 committed by GitHub
commit ba8a1c27f7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 143 additions and 4 deletions

View file

@ -0,0 +1 @@
DROP TABLE ciphers_collections;

View file

@ -0,0 +1,5 @@
CREATE TABLE ciphers_collections (
cipher_uuid TEXT NOT NULL REFERENCES ciphers (uuid),
collection_uuid TEXT NOT NULL REFERENCES collections (uuid),
PRIMARY KEY (cipher_uuid, collection_uuid)
);

View file

@ -1,4 +1,5 @@
use std::path::Path;
use std::collections::HashSet;
use rocket::Data;
use rocket::http::ContentType;
@ -297,6 +298,47 @@ fn put_cipher(uuid: String, data: Json<CipherData>, headers: Headers, conn: DbCo
Ok(Json(cipher.to_json(&headers.host, &headers.user.uuid, &conn)))
}
#[derive(Deserialize)]
#[allow(non_snake_case)]
struct CollectionsAdminData {
collectionIds: Vec<String>,
}
#[post("/ciphers/<uuid>/collections-admin", data = "<data>")]
fn post_collections_admin(uuid: String, data: Json<CollectionsAdminData>, headers: Headers, conn: DbConn) -> EmptyResult {
let data: CollectionsAdminData = data.into_inner();
let cipher = match Cipher::find_by_uuid(&uuid, &conn) {
Some(cipher) => cipher,
None => err!("Cipher doesn't exist")
};
if !cipher.is_write_accessible_to_user(&headers.user.uuid, &conn) {
err!("Cipher is not write accessible")
}
let posted_collections: HashSet<String> = data.collectionIds.iter().cloned().collect();
let current_collections: HashSet<String> = cipher.get_collections(&headers.user.uuid ,&conn).iter().cloned().collect();
for collection in posted_collections.symmetric_difference(&current_collections) {
match Collection::find_by_uuid(&collection, &conn) {
None => err!("Invalid collection ID provided"),
Some(collection) => {
if collection.is_writable_by_user(&headers.user.uuid, &conn) {
if posted_collections.contains(&collection.uuid) { // Add to collection
CollectionCipher::save(&cipher.uuid, &collection.uuid, &conn);
} else { // Remove from collection
CollectionCipher::delete(&cipher.uuid, &collection.uuid, &conn);
}
} else {
err!("No rights to modify the collection")
}
}
}
}
Ok(())
}
#[post("/ciphers/<uuid>/attachment", format = "multipart/form-data", data = "<data>")]
fn post_attachment(uuid: String, data: Data, content_type: &ContentType, headers: Headers, conn: DbConn) -> JsonResult {

View file

@ -67,6 +67,7 @@ pub fn routes() -> Vec<Route> {
post_organization,
post_organization_collections,
post_organization_collection_update,
post_collections_admin,
get_org_details,
get_org_users,
send_invite,

View file

@ -3,7 +3,7 @@ use serde_json::Value as JsonValue;
use uuid::Uuid;
use super::{User, Organization, UserOrganization, FolderCipher};
use super::{User, Organization, UserOrganization, FolderCipher, UserOrgType};
#[derive(Debug, Identifiable, Queryable, Insertable, Associations)]
#[table_name = "ciphers"]
@ -98,7 +98,7 @@ impl Cipher {
"OrganizationId": self.organization_uuid,
"Attachments": attachments_json,
"OrganizationUseTotp": false,
"CollectionIds": [],
"CollectionIds": self.get_collections(user_uuid, &conn),
"Name": self.name,
"Notes": self.notes,
@ -241,4 +241,27 @@ impl Cipher {
.select(ciphers::all_columns)
.load::<Self>(&**conn).expect("Error loading ciphers")
}
pub fn get_collections(&self, user_id: &str, conn: &DbConn) -> Vec<String> {
ciphers_collections::table
.inner_join(collections::table.on(
collections::uuid.eq(ciphers_collections::collection_uuid)
))
.inner_join(users_organizations::table.on(
users_organizations::org_uuid.eq(collections::org_uuid).and(
users_organizations::user_uuid.eq(user_id)
)
))
.left_join(users_collections::table.on(
users_collections::collection_uuid.eq(ciphers_collections::collection_uuid)
))
.filter(ciphers_collections::cipher_uuid.eq(&self.uuid))
.filter(users_collections::user_uuid.eq(user_id).or( // User has access to collection
users_organizations::access_all.eq(true).or( // User has access all
users_organizations::type_.le(UserOrgType::Admin as i32) // User is admin or owner
)
))
.select(ciphers_collections::collection_uuid)
.load::<String>(&**conn).unwrap_or(vec![])
}
}

View file

@ -2,7 +2,7 @@ use serde_json::Value as JsonValue;
use uuid::Uuid;
use super::Organization;
use super::{Organization, UserOrganization};
#[derive(Debug, Identifiable, Queryable, Insertable, Associations)]
#[table_name = "collections"]
@ -100,6 +100,27 @@ impl Collection {
.select(collections::all_columns)
.first::<Self>(&**conn).ok()
}
pub fn is_writable_by_user(&self, user_uuid: &str, conn: &DbConn) -> bool {
match UserOrganization::find_by_user_and_org(&user_uuid, &self.org_uuid, &conn) {
None => false, // Not in Org
Some(user_org) => {
if user_org.access_all {
true
} else {
match users_collections::table.inner_join(collections::table)
.filter(users_collections::collection_uuid.eq(&self.uuid))
.filter(users_collections::user_uuid.eq(&user_uuid))
.filter(users_collections::read_only.eq(false))
.select(collections::all_columns)
.first::<Self>(&**conn).ok() {
None => false, // Read only or no access to collection
Some(_) => true,
}
}
}
}
}
}
use super::User;
@ -147,4 +168,40 @@ impl CollectionUsers {
_ => false,
}
}
}
use super::Cipher;
#[derive(Debug, Identifiable, Queryable, Insertable, Associations)]
#[table_name = "ciphers_collections"]
#[belongs_to(Cipher, foreign_key = "cipher_uuid")]
#[belongs_to(Collection, foreign_key = "collection_uuid")]
#[primary_key(cipher_uuid, collection_uuid)]
pub struct CollectionCipher {
pub cipher_uuid: String,
pub collection_uuid: String,
}
/// Database methods
impl CollectionCipher {
pub fn save(cipher_uuid: &str, collection_uuid: &str, conn: &DbConn) -> bool {
match diesel::replace_into(ciphers_collections::table)
.values((
ciphers_collections::cipher_uuid.eq(cipher_uuid),
ciphers_collections::collection_uuid.eq(collection_uuid),
)).execute(&**conn) {
Ok(1) => true, // One row inserted
_ => false,
}
}
pub fn delete(cipher_uuid: &str, collection_uuid: &str, conn: &DbConn) -> bool {
match diesel::delete(ciphers_collections::table
.filter(ciphers_collections::cipher_uuid.eq(cipher_uuid))
.filter(ciphers_collections::collection_uuid.eq(collection_uuid)))
.execute(&**conn) {
Ok(1) => true, // One row deleted
_ => false,
}
}
}

View file

@ -14,4 +14,4 @@ pub use self::folder::{Folder, FolderCipher};
pub use self::user::User;
pub use self::organization::Organization;
pub use self::organization::{UserOrganization, UserOrgStatus, UserOrgType};
pub use self::collection::{Collection, CollectionUsers};
pub use self::collection::{Collection, CollectionUsers, CollectionCipher};

View file

@ -101,6 +101,13 @@ table! {
}
}
table! {
ciphers_collections (cipher_uuid, collection_uuid) {
cipher_uuid -> Text,
collection_uuid -> Text,
}
}
table! {
users_organizations (uuid) {
uuid -> Text,
@ -124,6 +131,8 @@ joinable!(folders_ciphers -> ciphers (cipher_uuid));
joinable!(folders_ciphers -> folders (folder_uuid));
joinable!(users_collections -> collections (collection_uuid));
joinable!(users_collections -> users (user_uuid));
joinable!(ciphers_collections -> collections (collection_uuid));
joinable!(ciphers_collections -> ciphers (cipher_uuid));
joinable!(users_organizations -> organizations (org_uuid));
joinable!(users_organizations -> users (user_uuid));
@ -137,5 +146,6 @@ allow_tables_to_appear_in_same_query!(
organizations,
users,
users_collections,
ciphers_collections,
users_organizations,
);