[PR #1219] [MERGED] Ensure that a user is actually in an org when applying policies #2915

New issue

Closed

opened 2026-03-03 09:08:55 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 09:08:55 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/1219
Author: @aveao
Created: 11/7/2020
Status: ✅ Merged
Merged: 11/7/2020
Merged by: @dani-garcia

Base: master ← Head: master

📝 Commits (1)

fa364c3 Ensure that a user is actually in an org when applying policies

📊 Changes

1 file changed (+4 additions, -1 deletions)

View changed files

📝 src/db/models/org_policy.rs (+4 -1)

📄 Description

While this patch (which is based on src/db/models/collection.rs's find_by_user_uuid) was initially to fix #1218, you already pushed github.com/dani-garcia/bitwarden_rs@013d4c28b2 just as I was making the PR.

There's however one case that doesn't seem to account that is fixed by this PR: User B (owner of Org A) can invite User A to Org A, and even if User A doesn't accept this invitation, the policies will be applied to them:

I've tested this behavior with and without this patch, verified that that behavior happens, and that this PR resolves that issue.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/1219 **Author:** [@aveao](https://github.com/aveao) **Created:** 11/7/2020 **Status:** ✅ Merged **Merged:** 11/7/2020 **Merged by:** [@dani-garcia](https://github.com/dani-garcia) **Base:** `master` ← **Head:** `master` --- ### 📝 Commits (1) - [`fa364c3`](https://github.com/dani-garcia/vaultwarden/commit/fa364c3f2ce47ab78f970d1fa27ffe6c11d0545d) Ensure that a user is actually in an org when applying policies ### 📊 Changes **1 file changed** (+4 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `src/db/models/org_policy.rs` (+4 -1) </details> ### 📄 Description While this patch (which is based on src/db/models/collection.rs's find_by_user_uuid) was initially to fix #1218, you already pushed https://github.com/dani-garcia/bitwarden_rs/commit/013d4c28b2e06dc654b7f2a1f21b56b1c8a7838d just as I was making the PR. There's however one case that doesn't seem to account that is fixed by this PR: User B (owner of Org A) can invite User A to Org A, and even if User A doesn't accept this invitation, the policies will be applied to them: ![](https://elixi.re/i/v08c0a43.png) ![](https://elixi.re/i/aghgimx7.png) I've tested this behavior with and without this patch, verified that that behavior happens, and that this PR resolves that issue. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>