From 0a72c4b6db4e254d7579b8dc3bb6e9e3c067947d Mon Sep 17 00:00:00 2001
From: Miroslav Prasil <miroslav@prasil.info>
Date: Sun, 16 Feb 2020 15:01:07 +0000
Subject: [PATCH 1/2] Do not disable invitations via admin API

This was brought up today:

https://github.com/dani-garcia/bitwarden_rs/issues/752#issuecomment-586715073

I don't think it makes much sense in checking whether admin has the
right to send invitation as admin can change the setting anyway.

Removing the condition allows users to forbid regular users from
inviting new users to server while still preserving the option to do so
via the admin API.
---
 src/api/admin.rs | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/api/admin.rs b/src/api/admin.rs
index b3cda21d..c4fad117 100644
--- a/src/api/admin.rs
+++ b/src/api/admin.rs
@@ -153,10 +153,6 @@ fn invite_user(data: Json<InviteData>, _token: AdminToken, conn: DbConn) -> Empt
         err!("User already exists")
     }
 
-    if !CONFIG.invitations_allowed() {
-        err!("Invitations are not allowed")
-    }
-
     let mut user = User::new(email);
     user.save(&conn)?;
 

From 03233429f4475de558c58707224d1cf72aa28c42 Mon Sep 17 00:00:00 2001
From: Miro Prasil <miro@circleci.com>
Date: Sun, 16 Feb 2020 20:28:50 +0000
Subject: [PATCH 2/2] Remove check from Invitation:take()

I've checked the spots when `Invitation::new()` and `Invitation::take()`
are used and it seems like all spots are already correctly gated. So to
enable invitations via admin API even when invitations are otherwise
disabled, this check can be removed.
---
 src/db/models/user.rs | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/db/models/user.rs b/src/db/models/user.rs
index 9646ae58..3a6e95d2 100644
--- a/src/db/models/user.rs
+++ b/src/db/models/user.rs
@@ -319,10 +319,9 @@ impl Invitation {
     }
 
     pub fn take(mail: &str, conn: &DbConn) -> bool {
-        CONFIG.invitations_allowed()
-            && match Self::find_by_mail(mail, &conn) {
-                Some(invitation) => invitation.delete(&conn).is_ok(),
-                None => false,
-            }
+        match Self::find_by_mail(mail, &conn) {
+            Some(invitation) => invitation.delete(&conn).is_ok(),
+            None => false,
+        }
     }
 }