From d282b32d79dea870a54f7020a764b277702c4e54 Mon Sep 17 00:00:00 2001
From: matlink <matlink@matlink.fr>
Date: Sat, 5 Aug 2023 12:21:17 +0200
Subject: [PATCH] Fix issue when user is manager and in a group having access
 to all collections

---
 src/api/core/organizations.rs |  6 ++++--
 src/db/models/group.rs        | 16 ++++++++++++++++
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs
index 3756b358a97..bcb12a8256d 100644
--- a/src/api/core/organizations.rs
+++ b/src/api/core/organizations.rs
@@ -323,6 +323,8 @@ async fn get_org_collections_details(org_id: &str, headers: ManagerHeadersLoose,
     };
 
     let coll_users = CollectionUser::find_by_organization(org_id, &mut conn).await;
+    // uuids of users in groups having access to all collections
+    let all_access_group_uuids = GroupUser::get_all_access_group_users_uuid(org_id, &mut conn).await;
 
     for col in Collection::find_by_organization(org_id, &mut conn).await {
         let groups: Vec<Value> = if CONFIG.org_groups_enabled() {
@@ -356,8 +358,8 @@ async fn get_org_collections_details(org_id: &str, headers: ManagerHeadersLoose,
             })
             .collect();
 
-        // if current user is in any collection-assigned group
-        if group_users.contains(&user_org.uuid) {
+        // if current user is in any collection-assigned group or in a group having access to all collections
+        if group_users.contains(&user_org.uuid) || all_access_group_uuids.contains(&user_org.uuid) {
             assigned = true;
         }
 
diff --git a/src/db/models/group.rs b/src/db/models/group.rs
index 0a69aa985f5..25c1bd20448 100644
--- a/src/db/models/group.rs
+++ b/src/db/models/group.rs
@@ -503,6 +503,22 @@ impl GroupUser {
         .collect()
     }
 
+    pub async fn get_all_access_group_users_uuid(org_uuid: &str, conn: &mut DbConn) -> HashSet<String> {
+        db_run! { conn: {
+            groups_users::table
+                .inner_join(groups::table.on(
+                    groups::uuid.eq(groups_users::groups_uuid)
+                ))
+                .filter(groups::organizations_uuid.eq(org_uuid))
+                .filter(groups::access_all.eq(true))
+                .select(groups_users::users_organizations_uuid)
+                .load::<String>(conn)
+                .expect("Error loading all access group users for organization")
+        }}
+        .into_iter()
+        .collect()
+    }
+
     pub async fn update_user_revision(&self, conn: &mut DbConn) {
         match UserOrganization::find_by_uuid(&self.users_organizations_uuid, conn).await {
             Some(user) => User::update_uuid_revision(&user.user_uuid, conn).await,