From bb100df31a983ca0bfe56a3ad90bd4c6ddc81433 Mon Sep 17 00:00:00 2001 From: Matlink Date: Fri, 4 Aug 2023 21:27:30 +0200 Subject: [PATCH] Fix #3624: fix manager permission within groups --- src/api/core/organizations.rs | 8 ++++++++ src/db/models/group.rs | 25 +++++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index f3d398494b..5497299032 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -337,6 +337,9 @@ async fn get_org_collections_details(org_id: &str, headers: ManagerHeadersLoose, Vec::with_capacity(0) }; + // uuids of users belonging to a group of this collection + let group_users = GroupUser::get_collection_group_users_uuid(&col.uuid, &mut conn).await; + let mut assigned = false; let users: Vec = coll_users .iter() @@ -351,6 +354,11 @@ async fn get_org_collections_details(org_id: &str, headers: ManagerHeadersLoose, }) .collect(); + // if current user is in any collection-assigned group + if group_users.contains(&user_org.uuid) { + assigned = true; + } + if user_org.access_all { assigned = true; } diff --git a/src/db/models/group.rs b/src/db/models/group.rs index 670e311454..43393ddd30 100644 --- a/src/db/models/group.rs +++ b/src/db/models/group.rs @@ -1,3 +1,5 @@ +use std::collections::HashSet; + use chrono::{NaiveDateTime, Utc}; use serde_json::Value; @@ -486,6 +488,29 @@ impl GroupUser { }} } + pub async fn find_by_collection(collection_uuid: &str, conn: &mut DbConn) -> Vec { + db_run! { conn: { + groups_users::table + .inner_join(collections_groups::table.on( + collections_groups::groups_uuid.eq(groups_users::groups_uuid) + )) + .filter(collections_groups::collections_uuid.eq(collection_uuid)) + .select(groups_users::all_columns) + .load::(conn) + .expect("Error loading group users for collection") + .from_db() + }} + } + + /// returns uuid of members of collection groups + pub async fn get_collection_group_users_uuid(collection_uuid: &str, conn: &mut DbConn) -> HashSet { + GroupUser::find_by_collection(collection_uuid, conn) + .await + .iter() + .map(|u| u.users_organizations_uuid.clone()) + .collect() + } + pub async fn update_user_revision(&self, conn: &mut DbConn) { match UserOrganization::find_by_uuid(&self.users_organizations_uuid, conn).await { Some(user) => User::update_uuid_revision(&user.user_uuid, conn).await,