[Feature Requests] Introduce "Footguns"

[senpro-ingwersenk]

I got this idea after being poked by my co-workers that assigning permissions to users/groups on collections in orgs no longer worked (#5581) as it used to. Since that feature is technically part of the BitWarden Web UI, of which Vaultwarden uses a light modification, the only "real" place to add Vaultwarden-specific tools would be /admin. And since these very specific utilities might or might not conflict with Bitwarden in some way, they're footguns. :)

The first utility I would like to request here is to allow a user to check the old "full-access" field as mentioned in #5581 (reply in thread) . For context:

vaultwarden=# select count(uuid) from organizations;
 count
-------
    67
(1 row)

vaultwarden=# select avg(count_per_org)::numeric as avg from ( select count(uuid) as count_per_org from collections group by org_uuid ) as org_counts;
         avg
---------------------
 30.1363636363636364
(1 row)

Clicking through all of that is a bit of a nightmare ;) We use a standart set of collections for each org, as they represent a customer we work with. Vaultwarden manages the sensitive information, Outline the documentary ones. The structure is standardized in the company I work at.

Hence, having a bit of batch-processing, knowing that it might conflict with Bitwarden, would be very helpful.

Thank you and kind regards!

[BlackDex]

Well, that full_access flag is going to be removed, so putting any effort into that would be kinda useless in my opinion.

The current testing tagged images have a temporary fix for this which ensures the users with the correct access rights will have the flag enabled again, which does implicate you need to update/save the member again though.

I am in the process of checking the differences between Vaultwarden and upstream in how we handle the API Calls, and what we return etc... Which might help me finding issues we currently have in regards to the roles, collections and groups, but that is currently on-going.

[senpro-ingwersenk]

Sounds good! Hoping something useful wil turn up :) Having to re-apply all those collections for the same group is ... kind of annoying.

If you happen to come across an API endpoint I could use instead, that'd be helpful. Could use https://rest.sh and a little bit of bash hackery to just make a bandaid fix... The group that needs to be applied always has the exact same name; so something that grabs that group uuid, then adds it to all the collections, could work as a workaround.