1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-11-22 05:10:29 +01:00

allow the removal of non-confirmed owners

ensure user_to_edit and user_to_delete are actually confirmed users,
before checking if they are the last owner of an organization.
Dieser Commit ist enthalten in:
Stefan Melmuk 2022-09-27 10:10:09 +02:00 committet von Daniel García
Ursprung 0a0f620d0b
Commit 387b5eb2dd
Es konnte kein GPG-Schlüssel zu dieser Signatur gefunden werden
GPG-Schlüssel-ID: FC8A7D14C3CD543A

Datei anzeigen

@ -999,8 +999,11 @@ async fn edit_user(
err!("Only Owners can edit Owner users") err!("Only Owners can edit Owner users")
} }
if user_to_edit.atype == UserOrgType::Owner && new_type != UserOrgType::Owner { if user_to_edit.atype == UserOrgType::Owner
// Removing owner permmission, check that there is at least one other confirmed owner && new_type != UserOrgType::Owner
&& user_to_edit.status == UserOrgStatus::Confirmed as i32
{
// Removing owner permission, check that there is at least one other confirmed owner
if UserOrganization::count_confirmed_by_org_and_type(&org_id, UserOrgType::Owner, &conn).await <= 1 { if UserOrganization::count_confirmed_by_org_and_type(&org_id, UserOrgType::Owner, &conn).await <= 1 {
err!("Can't delete the last owner") err!("Can't delete the last owner")
} }
@ -1097,7 +1100,7 @@ async fn _delete_user(org_id: &str, org_user_id: &str, headers: &AdminHeaders, c
err!("Only Owners can delete Admins or Owners") err!("Only Owners can delete Admins or Owners")
} }
if user_to_delete.atype == UserOrgType::Owner { if user_to_delete.atype == UserOrgType::Owner && user_to_delete.status == UserOrgStatus::Confirmed as i32 {
// Removing owner, check that there is at least one other confirmed owner // Removing owner, check that there is at least one other confirmed owner
if UserOrganization::count_confirmed_by_org_and_type(org_id, UserOrgType::Owner, conn).await <= 1 { if UserOrganization::count_confirmed_by_org_and_type(org_id, UserOrgType::Owner, conn).await <= 1 {
err!("Can't delete the last owner") err!("Can't delete the last owner")