[PR #36] Better check for cipher access #3905

New Issue

Closed

opened 2025-10-09 18:32:23 +03:00 by OVERLORD · 0 comments

OVERLORD commented 2025-10-09 18:32:23 +03:00

Owner

Copy Link

Original Pull Request: https://github.com/dani-garcia/vaultwarden/pull/36

State: closed
Merged: Yes

---

This checks out two TODOs:

1. Extends Cipher::is_write_accessible_to_user with a check for any collection that might give R/W access to cipher.
2. Implements Cipher::is_accessible_to_user with a proper check for any RO access.

The current solution works quite well, but I don't like the code repetition. Any input would be greatly appreciated how to solve this in some reasonable manner. I was thinking about using into_boxed() at some stage to promote some code reuse, but I just don't know enough about diesel to pull this off successfully.

Other approach would be to split it into multiple sub-checks and aggregate those but that would lead to 5x the amount of queries, which I'd like to avoid.

Any ideas?

**Original Pull Request:** https://github.com/dani-garcia/vaultwarden/pull/36 **State:** closed **Merged:** Yes --- This checks out two TODOs: 1. Extends `Cipher::is_write_accessible_to_user` with a check for any collection that might give R/W access to cipher. 2. Implements `Cipher::is_accessible_to_user` with a proper check for any RO access. The current solution works quite well, but I don't like the code repetition. Any input would be greatly appreciated how to solve this in some reasonable manner. I was thinking about using `into_boxed()` at some stage to promote some code reuse, but I just don't know enough about diesel to pull this off successfully. Other approach would be to split it into multiple sub-checks and aggregate those but that would lead to 5x the amount of queries, which I'd like to avoid. Any ideas?

OVERLORD added the pull-request label 2025-10-09 18:32:23 +03:00

OVERLORD closed this issue 2025-10-09 18:32:24 +03:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

test_dylint

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

better for forum

bug

bug

bug

documentation

duplicate

enhancement

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

SSO

Third party

troubleshooting

troubleshooting

wontfix

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#3905