Support Manager role #1223
Closed
Support Manager role #1223
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This is just a copy of the recently closed PR #1222 which noted that there probably should be a better way to do this. |
|
You mean it is possible not to add any extra line in |
|
Yes, there is. You probably need to do these checks in auth.rs, and when thinking about it and checking your changes, there are also some cases where you have access as a Manager, but there is no collection_id provided. But those items you want to have checked before they enter the function at all i think. Also, i see some other issues like always saving the CollectionUser, which should not be done when the user as access to all collections. And i'm missing some function, like changing a collection name. |
BlackDex
added a commit
to BlackDex/vaultwarden
that referenced
this pull request
Nov 27, 2020
This has been requested a few times (dani-garcia#1136 & dani-garcia#246 & forum), and there already were two (1:1 duplicate) PR's (dani-garcia#1222 & dani-garcia#1223) which needed some changes and no followups or further comments unfortunally. This PR adds two auth headers. - ManagerHeaders Checks if the user-type is Manager or higher and if the manager is part of that collection or not. - ManagerHeadersLoose Check if the user-type is Manager or higher, but does not check if the user is part of the collection, needed for a few features like retreiving all the users of an org. I think this is the safest way to implement this instead of having to check this within every function which needs this manually. Also some extra checks if a manager has access to all collections or just a selection.
BlackDex
added a commit
to BlackDex/vaultwarden
that referenced
this pull request
Dec 2, 2020
This has been requested a few times (dani-garcia#1136 & dani-garcia#246 & forum), and there already were two (1:1 duplicate) PR's (dani-garcia#1222 & dani-garcia#1223) which needed some changes and no followups or further comments unfortunally. This PR adds two auth headers. - ManagerHeaders Checks if the user-type is Manager or higher and if the manager is part of that collection or not. - ManagerHeadersLoose Check if the user-type is Manager or higher, but does not check if the user is part of the collection, needed for a few features like retreiving all the users of an org. I think this is the safest way to implement this instead of having to check this within every function which needs this manually. Also some extra checks if a manager has access to all collections or just a selection. fixes dani-garcia#1136
|
Going to close this PR as #1242 has been merged :). |
|
Thank you for your time! |
Koisell
pushed a commit
to Koisell/vaultwarden
that referenced
this pull request
Feb 17, 2021
This has been requested a few times (dani-garcia#1136 & dani-garcia#246 & forum), and there already were two (1:1 duplicate) PR's (dani-garcia#1222 & dani-garcia#1223) which needed some changes and no followups or further comments unfortunally. This PR adds two auth headers. - ManagerHeaders Checks if the user-type is Manager or higher and if the manager is part of that collection or not. - ManagerHeadersLoose Check if the user-type is Manager or higher, but does not check if the user is part of the collection, needed for a few features like retreiving all the users of an org. I think this is the safest way to implement this instead of having to check this within every function which needs this manually. Also some extra checks if a manager has access to all collections or just a selection. fixes dani-garcia#1136
thelittlefireman
pushed a commit
to thelittlefireman/bitwarden_rs
that referenced
this pull request
Mar 19, 2021
This has been requested a few times (dani-garcia#1136 & dani-garcia#246 & forum), and there already were two (1:1 duplicate) PR's (dani-garcia#1222 & dani-garcia#1223) which needed some changes and no followups or further comments unfortunally. This PR adds two auth headers. - ManagerHeaders Checks if the user-type is Manager or higher and if the manager is part of that collection or not. - ManagerHeadersLoose Check if the user-type is Manager or higher, but does not check if the user is part of the collection, needed for a few features like retreiving all the users of an org. I think this is the safest way to implement this instead of having to check this within every function which needs this manually. Also some extra checks if a manager has access to all collections or just a selection. fixes dani-garcia#1136
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Wanna fix #1136
This is my first time with Rust. Feel free to ask for changes (especially for error handling).
Maybe the function
check_manager_in_collectioncan be moved to a better spot.