Skip to content

Commit

Permalink
Fix #3624: fix manager permission within groups
Browse files Browse the repository at this point in the history
  • Loading branch information
matlink committed Aug 4, 2023
1 parent 3dbfc48 commit e7beb25
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 1 deletion.
10 changes: 9 additions & 1 deletion src/api/core/organizations.rs
Original file line number Diff line number Diff line change
Expand Up @@ -325,7 +325,7 @@ async fn get_org_collections_details(org_id: &str, headers: ManagerHeadersLoose,
let coll_users = CollectionUser::find_by_organization(org_id, &mut conn).await;

for col in Collection::find_by_organization(org_id, &mut conn).await {
let groups: Vec<Value> = if CONFIG.org_groups_enabled() {
let groups = if CONFIG.org_groups_enabled() {
CollectionGroup::find_by_collection(&col.uuid, &mut conn)
.await
.iter()
Expand All @@ -339,6 +339,9 @@ async fn get_org_collections_details(org_id: &str, headers: ManagerHeadersLoose,
Vec::with_capacity(0)
};

// uuids of users belonging to a group of this collection
let group_users = GroupUser::get_collection_group_users_uuid(&col.uuid, &mut conn).await;

let mut assigned = false;
let users: Vec<Value> = coll_users
.iter()
Expand All @@ -353,6 +356,11 @@ async fn get_org_collections_details(org_id: &str, headers: ManagerHeadersLoose,
})
.collect();

// if current user is in any collection-assigned group
if group_users.contains(&user_org.uuid) {
assigned = true;
}

if user_org.access_all {
assigned = true;
}
Expand Down
25 changes: 25 additions & 0 deletions src/db/models/group.rs
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
use std::collections::HashSet;

use chrono::{NaiveDateTime, Utc};
use serde_json::Value;

Expand Down Expand Up @@ -486,6 +488,29 @@ impl GroupUser {
}}
}

pub async fn find_by_collection(collection_uuid: &str, conn: &mut DbConn) -> Vec<Self> {
db_run! { conn: {
groups_users::table
.inner_join(collections_groups::table.on(
collections_groups::groups_uuid.eq(groups_users::groups_uuid)
))
.filter(collections_groups::collections_uuid.eq(collection_uuid))
.select(groups_users::all_columns)
.load::<GroupUserDb>(conn)
.expect("Error loading group users for collection")
.from_db()
}}
}

/// returns uuid of members of collection groups
pub async fn get_collection_group_users_uuid(collection_uuid: &str, conn: &mut DbConn) -> HashSet<String> {
GroupUser::find_by_collection(collection_uuid, conn)
.await
.iter()
.map(|u| u.users_organizations_uuid.clone())
.collect()
}

pub async fn update_user_revision(&self, conn: &mut DbConn) {
match UserOrganization::find_by_uuid(&self.users_organizations_uuid, conn).await {
Some(user) => User::update_uuid_revision(&user.user_uuid, conn).await,
Expand Down

0 comments on commit e7beb25

Please sign in to comment.