mirrored/vaultwarden
1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-11-22 05:10:29 +01:00
Code Issues Releases Aktivität

Restrict join on users_collections to current user (fixes #313)

Quellcode durchsuchen
Dieser Commit ist enthalten in:
Andreas Schneider 2018-12-28 15:25:51 +01:00
Ursprung 9f0357ce82
Commit e7ea5097f4
1 geänderte Dateien mit 7 neuen und 3 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Diff-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

10
src/db/models/cipher.rs
Datei anzeigen

@ -293,7 +293,7 @@ impl Cipher {
.first::<Self>(&**conn).ok() .first::<Self>(&**conn).ok()
} }
// Find all ciphers accesible to user // Find all ciphers accessible to user
pub fn find_by_user(user_uuid: &str, conn: &DbConn) -> Vec<Self> { pub fn find_by_user(user_uuid: &str, conn: &DbConn) -> Vec<Self> {
ciphers::table ciphers::table
.left_join(users_organizations::table.on( .left_join(users_organizations::table.on(
@ -303,7 +303,9 @@ impl Cipher {
) )
) )
)) ))
.left_join(ciphers_collections::table) .left_join(ciphers_collections::table.on(
ciphers::uuid.eq(ciphers_collections::cipher_uuid)
))
.left_join(users_collections::table.on( .left_join(users_collections::table.on(
ciphers_collections::collection_uuid.eq(users_collections::collection_uuid) ciphers_collections::collection_uuid.eq(users_collections::collection_uuid)
)) ))
@ -352,7 +354,9 @@ impl Cipher {
) )
)) ))
.left_join(users_collections::table.on( .left_join(users_collections::table.on(
users_collections::collection_uuid.eq(ciphers_collections::collection_uuid) users_collections::collection_uuid.eq(ciphers_collections::collection_uuid).and(
users_collections::user_uuid.eq(user_id)
)
)) ))
.filter(ciphers_collections::cipher_uuid.eq(&self.uuid)) .filter(ciphers_collections::cipher_uuid.eq(&self.uuid))
.filter(users_collections::user_uuid.eq(user_id).or( // User has access to collection .filter(users_collections::user_uuid.eq(user_id).or( // User has access to collection