mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2024-11-08 20:12:34 +01:00
Ensure that a user is actually in an org when applying policies
This commit is contained in:
parent
b5f9fe4d3b
commit
fa364c3f2c
@ -4,7 +4,7 @@ use crate::api::EmptyResult;
|
||||
use crate::db::DbConn;
|
||||
use crate::error::MapResult;
|
||||
|
||||
use super::Organization;
|
||||
use super::{Organization, UserOrgStatus};
|
||||
|
||||
db_object! {
|
||||
#[derive(Debug, Identifiable, Queryable, Insertable, Associations, AsChangeset)]
|
||||
@ -134,6 +134,9 @@ impl OrgPolicy {
|
||||
users_organizations::org_uuid.eq(org_policies::org_uuid)
|
||||
.and(users_organizations::user_uuid.eq(user_uuid)))
|
||||
)
|
||||
.filter(
|
||||
users_organizations::status.eq(UserOrgStatus::Confirmed as i32)
|
||||
)
|
||||
.select(org_policies::all_columns)
|
||||
.load::<OrgPolicyDb>(conn)
|
||||
.expect("Error loading org_policy")
|
||||
|
Loading…
Reference in New Issue
Block a user