github-starred/vaultwarden
2
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-03-11 17:41:29 -05:00
Code Issues 79 Packages Projects Releases 78 Wiki Activity

[PR #1219] [MERGED] Ensure that a user is actually in an org when applying policies #6557

New Issue
Closed
opened 2026-03-07 21:00:53 -06:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-03-07 21:00:53 -06:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/1219
Author: @aveao
Created: 11/7/2020
Status: Merged
Merged: 11/7/2020
Merged by: @dani-garcia

Base: masterHead: master

📝 Commits (1)

  • fa364c3 Ensure that a user is actually in an org when applying policies

📊 Changes

1 file changed (+4 additions, -1 deletions)

View changed files

📝 src/db/models/org_policy.rs (+4 -1)

📄 Description

While this patch (which is based on src/db/models/collection.rs's find_by_user_uuid) was initially to fix #1218, you already pushed 013d4c28b2 just as I was making the PR.

There's however one case that doesn't seem to account that is fixed by this PR: User B (owner of Org A) can invite User A to Org A, and even if User A doesn't accept this invitation, the policies will be applied to them:

I've tested this behavior with and without this patch, verified that that behavior happens, and that this PR resolves that issue.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/1219 **Author:** [@aveao](https://github.com/aveao) **Created:** 11/7/2020 **Status:** ✅ Merged **Merged:** 11/7/2020 **Merged by:** [@dani-garcia](https://github.com/dani-garcia) **Base:** `master` ← **Head:** `master` --- ### 📝 Commits (1) - [`fa364c3`](https://github.com/dani-garcia/vaultwarden/commit/fa364c3f2ce47ab78f970d1fa27ffe6c11d0545d) Ensure that a user is actually in an org when applying policies ### 📊 Changes **1 file changed** (+4 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `src/db/models/org_policy.rs` (+4 -1) </details> ### 📄 Description While this patch (which is based on src/db/models/collection.rs's find_by_user_uuid) was initially to fix #1218, you already pushed https://github.com/dani-garcia/bitwarden_rs/commit/013d4c28b2e06dc654b7f2a1f21b56b1c8a7838d just as I was making the PR. There's however one case that doesn't seem to account that is fixed by this PR: User B (owner of Org A) can invite User A to Org A, and even if User A doesn't accept this invitation, the policies will be applied to them: ![](https://elixi.re/i/v08c0a43.png) ![](https://elixi.re/i/aghgimx7.png) I've tested this behavior with and without this patch, verified that that behavior happens, and that this PR resolves that issue. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-03-07 21:00:53 -06:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
wontfix
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#6557
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?