mirror of
https://github.com/dani-garcia/vaultwarden
synced 2024-11-23 20:33:07 +00:00
don't infer manage permission for groups (#5190)
the web-vault v2024.6.2 currently cannot deal with manage permission so instead of relying on the org user type this should just default to false
This commit is contained in:
parent
adb21d5c1a
commit
ff33534c07
2 changed files with 7 additions and 7 deletions
|
@ -2305,14 +2305,14 @@ async fn _restore_organization_user(
|
|||
}
|
||||
|
||||
#[get("/organizations/<org_id>/groups")]
|
||||
async fn get_groups(org_id: &str, headers: ManagerHeadersLoose, mut conn: DbConn) -> JsonResult {
|
||||
async fn get_groups(org_id: &str, _headers: ManagerHeadersLoose, mut conn: DbConn) -> JsonResult {
|
||||
let groups: Vec<Value> = if CONFIG.org_groups_enabled() {
|
||||
// Group::find_by_organization(&org_id, &mut conn).await.iter().map(Group::to_json).collect::<Value>()
|
||||
let groups = Group::find_by_organization(org_id, &mut conn).await;
|
||||
let mut groups_json = Vec::with_capacity(groups.len());
|
||||
|
||||
for g in groups {
|
||||
groups_json.push(g.to_json_details(&headers.org_user.atype, &mut conn).await)
|
||||
groups_json.push(g.to_json_details(&mut conn).await)
|
||||
}
|
||||
groups_json
|
||||
} else {
|
||||
|
@ -2500,7 +2500,7 @@ async fn add_update_group(
|
|||
}
|
||||
|
||||
#[get("/organizations/<_org_id>/groups/<group_id>/details")]
|
||||
async fn get_group_details(_org_id: &str, group_id: &str, headers: AdminHeaders, mut conn: DbConn) -> JsonResult {
|
||||
async fn get_group_details(_org_id: &str, group_id: &str, _headers: AdminHeaders, mut conn: DbConn) -> JsonResult {
|
||||
if !CONFIG.org_groups_enabled() {
|
||||
err!("Group support is disabled");
|
||||
}
|
||||
|
@ -2510,7 +2510,7 @@ async fn get_group_details(_org_id: &str, group_id: &str, headers: AdminHeaders,
|
|||
_ => err!("Group could not be found!"),
|
||||
};
|
||||
|
||||
Ok(Json(group.to_json_details(&(headers.org_user_type as i32), &mut conn).await))
|
||||
Ok(Json(group.to_json_details(&mut conn).await))
|
||||
}
|
||||
|
||||
#[post("/organizations/<org_id>/groups/<group_id>/delete")]
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
use super::{User, UserOrgType, UserOrganization};
|
||||
use super::{User, UserOrganization};
|
||||
use crate::api::EmptyResult;
|
||||
use crate::db::DbConn;
|
||||
use crate::error::MapResult;
|
||||
|
@ -73,7 +73,7 @@ impl Group {
|
|||
})
|
||||
}
|
||||
|
||||
pub async fn to_json_details(&self, user_org_type: &i32, conn: &mut DbConn) -> Value {
|
||||
pub async fn to_json_details(&self, conn: &mut DbConn) -> Value {
|
||||
let collections_groups: Vec<Value> = CollectionGroup::find_by_group(&self.uuid, conn)
|
||||
.await
|
||||
.iter()
|
||||
|
@ -82,7 +82,7 @@ impl Group {
|
|||
"id": entry.collections_uuid,
|
||||
"readOnly": entry.read_only,
|
||||
"hidePasswords": entry.hide_passwords,
|
||||
"manage": *user_org_type >= UserOrgType::Admin || (*user_org_type == UserOrgType::Manager && !entry.read_only && !entry.hide_passwords)
|
||||
"manage": false
|
||||
})
|
||||
})
|
||||
.collect();
|
||||
|
|
Loading…
Reference in a new issue