octoleo/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2024-05-28 14:10:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #315 from aksdb/master

Browse Source 
Restrict join on users_collections to current user (fixes #313)
This commit is contained in:
Daniel García 2018-12-28 21:06:30 +01:00 committed by GitHub
commit 004a3f891f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/db/models/cipher.rs
View File

@ -293,7 +293,7 @@ impl Cipher {
.first::<Self>(&**conn).ok()
}
// Find all ciphers accesible to user
// Find all ciphers accessible to user
pub fn find_by_user(user_uuid: &str, conn: &DbConn) -> Vec<Self> {
ciphers::table
.left_join(users_organizations::table.on(
@ -303,7 +303,9 @@ impl Cipher {
)
)
))
.left_join(ciphers_collections::table)
.left_join(ciphers_collections::table.on(
ciphers::uuid.eq(ciphers_collections::cipher_uuid)
))
.left_join(users_collections::table.on(
ciphers_collections::collection_uuid.eq(users_collections::collection_uuid)
))
@ -352,7 +354,9 @@ impl Cipher {
)
))
.left_join(users_collections::table.on(
users_collections::collection_uuid.eq(ciphers_collections::collection_uuid)
users_collections::collection_uuid.eq(ciphers_collections::collection_uuid).and(
users_collections::user_uuid.eq(user_id)
)
))
.filter(ciphers_collections::cipher_uuid.eq(&self.uuid))
.filter(users_collections::user_uuid.eq(user_id).or( // User has access to collection