From 10c5476d311ed22b53f5ec1ddcdc1f991aa757ac Mon Sep 17 00:00:00 2001
From: BlackDex <black.dex@gmail.com>
Date: Mon, 6 Mar 2023 16:53:21 +0100
Subject: [PATCH] Fix web-vault Member UI show/edit/save

There was a small bug left in regards to the web-vault v2023.2.0 fixes.
This PR fixes the left items. I think all should be addressed now.
When editing a User, you were not able to see or edit groups, or see
wich collections a user bellonged to.

Fixes #3311
---
 src/api/core/organizations.rs | 27 ++++++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs
index 1353e61b86..c79902a909 100644
--- a/src/api/core/organizations.rs
+++ b/src/api/core/organizations.rs
@@ -748,8 +748,6 @@ struct GetOrgUserData {
     include_groups: Option<bool>,
 }
 
-// includeCollections
-// includeGroups
 #[get("/organizations/<org_id>/users?<data..>")]
 async fn get_org_users(
     data: GetOrgUserData,
@@ -1229,14 +1227,25 @@ async fn _confirm_invite(
     save_result
 }
 
-#[get("/organizations/<org_id>/users/<org_user_id>")]
-async fn get_user(org_id: String, org_user_id: String, _headers: AdminHeaders, mut conn: DbConn) -> JsonResult {
+#[get("/organizations/<org_id>/users/<org_user_id>?<data..>")]
+async fn get_user(
+    org_id: String,
+    org_user_id: String,
+    data: GetOrgUserData,
+    _headers: AdminHeaders,
+    mut conn: DbConn,
+) -> JsonResult {
     let user = match UserOrganization::find_by_uuid_and_org(&org_user_id, &org_id, &mut conn).await {
         Some(user) => user,
         None => err!("The specified user isn't a member of the organization"),
     };
 
-    Ok(Json(user.to_json_details(&mut conn).await))
+    // In this case, when groups are requested we also need to include collections.
+    // Else these will not be shown in the interface, and could lead to missing collections when saved.
+    let include_groups = data.include_groups.unwrap_or(false);
+    Ok(Json(
+        user.to_json_user_details(data.include_collections.unwrap_or(include_groups), include_groups, &mut conn).await,
+    ))
 }
 
 #[derive(Deserialize)]
@@ -1244,6 +1253,7 @@ async fn get_user(org_id: String, org_user_id: String, _headers: AdminHeaders, m
 struct EditUserData {
     Type: NumberOrString,
     Collections: Option<Vec<CollectionData>>,
+    Groups: Option<Vec<String>>,
     AccessAll: bool,
 }
 
@@ -1342,6 +1352,13 @@ async fn edit_user(
         }
     }
 
+    GroupUser::delete_all_by_user(&user_to_edit.uuid, &mut conn).await?;
+
+    for group in data.Groups.iter().flatten() {
+        let mut group_entry = GroupUser::new(String::from(group), user_to_edit.uuid.clone());
+        group_entry.save(&mut conn).await?;
+    }
+
     log_event(
         EventType::OrganizationUserUpdated as i32,
         &user_to_edit.uuid,