diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index 82e45a2f5b..4aafd16d69 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -323,7 +323,13 @@ async fn get_org_collections_details(org_id: &str, headers: ManagerHeadersLoose, let coll_users = CollectionUser::find_by_organization(org_id, &mut conn).await; // uuids of users in groups having access to all collections - let all_access_group_uuids = GroupUser::get_all_access_group_users_uuid(org_id, &mut conn).await; + let has_full_access_via_group = if CONFIG.org_groups_enabled() { + GroupUser::get_members_of_full_access_groups(org_id, &mut conn).await + } else { + vec![] + }; + + let has_full_access = user_org.access_all || has_full_access_via_group.contains(&user_org.uuid); for col in Collection::find_by_organization(org_id, &mut conn).await { let groups: Vec = if CONFIG.org_groups_enabled() { @@ -341,9 +347,9 @@ async fn get_org_collections_details(org_id: &str, headers: ManagerHeadersLoose, }; // uuids of users belonging to a group of this collection - let group_users = GroupUser::get_collection_group_users_uuid(&col.uuid, &mut conn).await; + let has_collection_access_via_group = GroupUser::get_group_members_for_collection(&col.uuid, &mut conn).await; - let mut assigned = false; + let mut assigned = has_full_access; let users: Vec = coll_users .iter() .filter(|collection_user| collection_user.collection_uuid == col.uuid) @@ -360,12 +366,7 @@ async fn get_org_collections_details(org_id: &str, headers: ManagerHeadersLoose, // if current user is in any collection-assigned group // or in a group having access to all collections // or itself has access to all collections - if group_users.contains(&user_org.uuid) - || all_access_group_uuids.contains(&user_org.uuid) - || user_org.access_all - { - assigned = true; - } + assigned = !assigned && has_collection_access_via_group.contains(&user_org.uuid); let mut json_object = col.to_json(); json_object["Assigned"] = json!(assigned); diff --git a/src/db/models/group.rs b/src/db/models/group.rs index 25c1bd2044..01e8911cc8 100644 --- a/src/db/models/group.rs +++ b/src/db/models/group.rs @@ -1,5 +1,3 @@ -use std::collections::HashSet; - use chrono::{NaiveDateTime, Utc}; use serde_json::Value; @@ -488,7 +486,7 @@ impl GroupUser { }} } - pub async fn get_collection_group_users_uuid(collection_uuid: &str, conn: &mut DbConn) -> HashSet { + pub async fn get_group_members_for_collection(collection_uuid: &str, conn: &mut DbConn) -> Vec { db_run! { conn: { groups_users::table .inner_join(collections_groups::table.on( @@ -496,6 +494,7 @@ impl GroupUser { )) .filter(collections_groups::collections_uuid.eq(collection_uuid)) .select(groups_users::users_organizations_uuid) + .distinct() .load::(conn) .expect("Error loading group users for collection") }} @@ -503,7 +502,7 @@ impl GroupUser { .collect() } - pub async fn get_all_access_group_users_uuid(org_uuid: &str, conn: &mut DbConn) -> HashSet { + pub async fn get_members_of_full_access_groups(org_uuid: &str, conn: &mut DbConn) -> Vec { db_run! { conn: { groups_users::table .inner_join(groups::table.on( @@ -512,6 +511,7 @@ impl GroupUser { .filter(groups::organizations_uuid.eq(org_uuid)) .filter(groups::access_all.eq(true)) .select(groups_users::users_organizations_uuid) + .distinct() .load::(conn) .expect("Error loading all access group users for organization") }}