mirrored/vaultwarden
1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-11-04 02:18:00 +01:00
Code Issues Releases Aktivität

Merge pull request #3354 from stefan0xC/bulk-delete-endpoints

Quellcode durchsuchen 
add endpoints to bulk delete collections/groups
Dieser Commit ist enthalten in:
Daniel García 2023-03-24 17:09:56 +01:00 committet von GitHub
Commit a428f05e77
Es konnte kein GPG-Schlüssel zu dieser Signatur gefunden werden
GPG-Schlüssel-ID: 4AEE18F83AFDEB23
2 geänderte Dateien mit 122 neuen und 35 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Diff-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

117
src/api/core/organizations.rs
Datei anzeigen

@ -39,6 +39,7 @@ pub fn routes() -> Vec<Route> {
put_organization_collection_update, put_organization_collection_update,
delete_organization_collection, delete_organization_collection,
post_organization_collection_delete, post_organization_collection_delete,
bulk_delete_organization_collections,
get_org_details, get_org_details,
get_org_users, get_org_users,
send_invite, send_invite,
@ -81,6 +82,7 @@ pub fn routes() -> Vec<Route> {
get_group_details, get_group_details,
delete_group, delete_group,
post_delete_group, post_delete_group,
bulk_delete_groups,
get_group_users, get_group_users,
put_group_users, put_group_users,
get_user_groups, get_user_groups,
@ -537,6 +539,34 @@ async fn post_organization_collection_delete_user(
delete_organization_collection_user(org_id, col_id, org_user_id, headers, conn).await delete_organization_collection_user(org_id, col_id, org_user_id, headers, conn).await
} }
async fn _delete_organization_collection(
org_id: &str,
col_id: &str,
headers: &ManagerHeaders,
conn: &mut DbConn,
) -> EmptyResult {
match Collection::find_by_uuid(col_id, conn).await {
None => err!("Collection not found"),
Some(collection) => {
if collection.org_uuid == org_id {
log_event(
EventType::CollectionDeleted as i32,
&collection.uuid,
org_id.to_string(),
headers.user.uuid.clone(),
headers.device.atype,
&headers.ip.ip,
conn,
)
.await;
collection.delete(conn).await
} else {
err!("Collection and Organization id do not match")
}
}
}
}
#[delete("/organizations/<org_id>/collections/<col_id>")] #[delete("/organizations/<org_id>/collections/<col_id>")]
async fn delete_organization_collection( async fn delete_organization_collection(
org_id: String, org_id: String,
@ -544,26 +574,7 @@ async fn delete_organization_collection(
headers: ManagerHeaders, headers: ManagerHeaders,
mut conn: DbConn, mut conn: DbConn,
) -> EmptyResult { ) -> EmptyResult {
match Collection::find_by_uuid(&col_id, &mut conn).await { _delete_organization_collection(&org_id, &col_id, &headers, &mut conn).await
None => err!("Collection not found"),
Some(collection) => {
if collection.org_uuid == org_id {
log_event(
EventType::CollectionDeleted as i32,
&collection.uuid,
org_id,
headers.user.uuid.clone(),
headers.device.atype,
&headers.ip.ip,
&mut conn,
)
.await;
collection.delete(&mut conn).await
} else {
err!("Collection and Organization id do not match")
}
}
}
} }
#[derive(Deserialize, Debug)] #[derive(Deserialize, Debug)]
@ -579,9 +590,38 @@ async fn post_organization_collection_delete(
col_id: String, col_id: String,
headers: ManagerHeaders, headers: ManagerHeaders,
_data: JsonUpcase<DeleteCollectionData>, _data: JsonUpcase<DeleteCollectionData>,
conn: DbConn, mut conn: DbConn,
) -> EmptyResult { ) -> EmptyResult {
delete_organization_collection(org_id, col_id, headers, conn).await _delete_organization_collection(&org_id, &col_id, &headers, &mut conn).await
}
#[derive(Deserialize, Debug)]
#[allow(non_snake_case)]
struct BulkCollectionIds {
Ids: Vec<String>,
OrganizationId: String,
}
#[delete("/organizations/<org_id>/collections", data = "<data>")]
async fn bulk_delete_organization_collections(
org_id: &str,
headers: ManagerHeadersLoose,
data: JsonUpcase<BulkCollectionIds>,
mut conn: DbConn,
) -> EmptyResult {
let data: BulkCollectionIds = data.into_inner().data;
if org_id != data.OrganizationId {
err!("OrganizationId mismatch");
}
let collections = data.Ids;
let headers = ManagerHeaders::from_loose(headers, &collections, &mut conn).await?;
for col_id in collections {
_delete_organization_collection(org_id, &col_id, &headers, &mut conn).await?
}
Ok(())
} }
#[get("/organizations/<org_id>/collections/<coll_id>/details")] #[get("/organizations/<org_id>/collections/<coll_id>/details")]
@ -2363,17 +2403,21 @@ async fn get_group_details(_org_id: String, group_id: String, _headers: AdminHea
} }
#[post("/organizations/<org_id>/groups/<group_id>/delete")] #[post("/organizations/<org_id>/groups/<group_id>/delete")]
async fn post_delete_group(org_id: String, group_id: String, headers: AdminHeaders, conn: DbConn) -> EmptyResult { async fn post_delete_group(org_id: String, group_id: String, headers: AdminHeaders, mut conn: DbConn) -> EmptyResult {
delete_group(org_id, group_id, headers, conn).await _delete_group(org_id, group_id, &headers, &mut conn).await
} }
#[delete("/organizations/<org_id>/groups/<group_id>")] #[delete("/organizations/<org_id>/groups/<group_id>")]
async fn delete_group(org_id: String, group_id: String, headers: AdminHeaders, mut conn: DbConn) -> EmptyResult { async fn delete_group(org_id: String, group_id: String, headers: AdminHeaders, mut conn: DbConn) -> EmptyResult {
_delete_group(org_id, group_id, &headers, &mut conn).await
}
async fn _delete_group(org_id: String, group_id: String, headers: &AdminHeaders, conn: &mut DbConn) -> EmptyResult {
if !CONFIG.org_groups_enabled() { if !CONFIG.org_groups_enabled() {
err!("Group support is disabled"); err!("Group support is disabled");
} }
let group = match Group::find_by_uuid(&group_id, &mut conn).await { let group = match Group::find_by_uuid(&group_id, conn).await {
Some(group) => group, Some(group) => group,
_ => err!("Group not found"), _ => err!("Group not found"),
}; };
@ -2385,11 +2429,30 @@ async fn delete_group(org_id: String, group_id: String, headers: AdminHeaders, m
headers.user.uuid.clone(), headers.user.uuid.clone(),
headers.device.atype, headers.device.atype,
&headers.ip.ip, &headers.ip.ip,
&mut conn, conn,
) )
.await; .await;
group.delete(&mut conn).await group.delete(conn).await
}
#[delete("/organizations/<org_id>/groups", data = "<data>")]
async fn bulk_delete_groups(
org_id: String,
data: JsonUpcase<OrgBulkIds>,
headers: AdminHeaders,
mut conn: DbConn,
) -> EmptyResult {
if !CONFIG.org_groups_enabled() {
err!("Group support is disabled");
}
let data: OrgBulkIds = data.into_inner().data;
for group_id in data.Ids {
_delete_group(org_id.clone(), group_id, &headers, &mut conn).await?
}
Ok(())
} }
#[get("/organizations/<_org_id>/groups/<group_id>")] #[get("/organizations/<_org_id>/groups/<group_id>")]

40
src/auth.rs
Datei anzeigen

@ -598,14 +598,7 @@ impl<'r> FromRequest<'r> for ManagerHeaders {
_ => err_handler!("Error getting DB"), _ => err_handler!("Error getting DB"),
}; };
if !headers.org_user.has_full_access() if !can_access_collection(&headers.org_user, &col_id, &mut conn).await {
&& !Collection::has_access_by_collection_and_user_uuid(
&col_id,
&headers.org_user.user_uuid,
&mut conn,
)
.await
{
err_handler!("The current user isn't a manager for this collection") err_handler!("The current user isn't a manager for this collection")
} }
} }
@ -642,6 +635,7 @@ pub struct ManagerHeadersLoose {
pub host: String, pub host: String,
pub device: Device, pub device: Device,
pub user: User, pub user: User,
pub org_user: UserOrganization,
pub org_user_type: UserOrgType, pub org_user_type: UserOrgType,
pub ip: ClientIp, pub ip: ClientIp,
} }
@ -657,6 +651,7 @@ impl<'r> FromRequest<'r> for ManagerHeadersLoose {
host: headers.host, host: headers.host,
device: headers.device, device: headers.device,
user: headers.user, user: headers.user,
org_user: headers.org_user,
org_user_type: headers.org_user_type, org_user_type: headers.org_user_type,
ip: headers.ip, ip: headers.ip,
}) })
@ -676,6 +671,35 @@ impl From<ManagerHeadersLoose> for Headers {
} }
} }
} }
async fn can_access_collection(org_user: &UserOrganization, col_id: &str, conn: &mut DbConn) -> bool {
org_user.has_full_access()
|| Collection::has_access_by_collection_and_user_uuid(col_id, &org_user.user_uuid, conn).await
}
impl ManagerHeaders {
pub async fn from_loose(
h: ManagerHeadersLoose,
collections: &Vec<String>,
conn: &mut DbConn,
) -> Result<ManagerHeaders, Error> {
for col_id in collections {
if uuid::Uuid::parse_str(col_id).is_err() {
err!("Collection Id is malformed!");
}
if !can_access_collection(&h.org_user, col_id, conn).await {
err!("You don't have access to all collections!");
}
}
Ok(ManagerHeaders {
host: h.host,
device: h.device,
user: h.user,
org_user_type: h.org_user_type,
ip: h.ip,
})
}
}
pub struct OwnerHeaders { pub struct OwnerHeaders {
pub host: String, pub host: String,