From 00f87ccb7139cc6d1ab997c46ef9ac8a4a38287e Mon Sep 17 00:00:00 2001
From: Nathan Coad <nathan@thecoads.com>
Date: Tue, 9 Jan 2024 15:28:38 +1100
Subject: [PATCH] improve README

---
 README.md                       | 37 +++++++++++++++++++++++++--------
 controllers/retrieve_secrets.go | 36 ++++++++++----------------------
 main.go                         |  3 ++-
 3 files changed, 41 insertions(+), 35 deletions(-)

diff --git a/README.md b/README.md
index 5beb838..2c92b5b 100644
--- a/README.md
+++ b/README.md
@@ -107,20 +107,31 @@ This API call can only be made once after the service has started. Subsequent ca
 ### User Operations
 
 #### Register User
-POST `/api/admin/user/register`
+POST `/api/admin/user/add`
 
-Data
+Create a new user record by specifying groupId
+Body
 ```
 {
-    "username": "", 
-    "password": "",
-    "RoleId": 2
+    "userName": "Test User", 
+    "password": "Example Password",
+    "groupId": "1",
 }
 ```
 
-OLD: This operation can only be performed by a user with a role that is admin enabled. There are 3 built in roles, which can be viewed via the `/api/admin/roles` endpoint.
+Create a new user record by specifying groupName
+Body
+```
+{
+    "userName": "Test User", 
+    "password": "Example Password",
+    "groupName": "Users",
+}
+```
 
-NEW: This operation can only be performed by a user that is a member of a group with the admin flag enabled.
+Registering a user requires specifying the group to which the user will belong. There are 2 built-in groups, with groupName of 'Administrators' or 'Users' and corresponding groupId of 1 and 2 respectively. Available groups can be retrieved via the `/api/admin/groups/list`
+
+This operation can only be performed by a user that is a member of a group with the admin flag enabled, or a user who has the admin flag enabled individually on their database record.
 
 #### Remove User
 POST `/api/admin/user/delete`
@@ -134,13 +145,21 @@ Data
 
 This operation can only be performed by a user with a role that is admin enabled. Removes user account corresponding to specified userName.
 
-
 #### List Users
 GET `/api/admin/users`
 
 This operation can only be performed by a user with a role that is admin enabled. Lists currently defined users.
 
-### Role Operations
+### Group Operations
+
+#### List Groups
+GET `/api/admin/groups/list`
+
+This operations has not yet been implemented. 
+
+This operation can only be performed by a user with a role that is admin enabled. Lists currently defined groups.
+
+### Role Operations - Deprecated
 
 #### List Roles
 GET `/api/admin/roles`
diff --git a/controllers/retrieve_secrets.go b/controllers/retrieve_secrets.go
index d00bcf1..885787d 100644
--- a/controllers/retrieve_secrets.go
+++ b/controllers/retrieve_secrets.go
@@ -216,38 +216,24 @@ func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
 		return
 	}
 }
+
 func ListSecrets(c *gin.Context) {
-
+	var UserId int
 	var output []ListSecret
-	// TODO implement with new schema
-	/*
-		var results []models.Secret
-		// Get the user and role id of the requestor
-		u, err := models.UserGetRoleFromToken(c)
-		if err != nil {
-			c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
-			return
-		}
-
-		// If user is admin then list everything, otherwise only list for current role
-		results, err = models.GetSecrets(&models.Secret{RoleId: u.RoleId}, u.Admin)
-
-		if err != nil {
-			c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
-			return
-		}
-
-		for _, v := range results {
-			output = append(output, ListSecret(v))
-		}
-	*/
 
 	var results []models.Secret
 	s := models.Secret{}
-	user_id := c.GetInt("user-id")
+
+	// Get userId that we stored in the context earlier
+	if val, ok := c.Get("user-id"); !ok {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
+		return
+	} else {
+		UserId = val.(int)
+	}
 
 	// Work out which safe to query for this user if the safe was not specified
-	safeList, err := models.UserGetSafesAllowed(int(user_id))
+	safeList, err := models.UserGetSafesAllowed(int(UserId))
 
 	if err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user safes"})
diff --git a/main.go b/main.go
index 669885e..88e78a8 100644
--- a/main.go
+++ b/main.go
@@ -246,6 +246,7 @@ func main() {
 	adminOnly.POST("/user/add", controllers.RegisterUser)
 	// TODO
 	//adminOnly.POST("/user/update", controllers.UpdateUser)
+	//adminOnly.GET("/groups/list", controllers.ListGroups)
 	adminOnly.GET("/users", controllers.GetUsers)
 	adminOnly.POST("/unlock", controllers.Unlock)
 
@@ -258,7 +259,7 @@ func main() {
 	protected.Use(middlewares.JwtAuthMiddleware())
 	protected.POST("/retrieve", controllers.RetrieveSecret)
 	protected.GET("/list", controllers.ListSecrets)
-	protected.POST("/retrieveMultiple", controllers.RetrieveMultpleSecrets)
+	protected.POST("/retrieveMultiple", controllers.RetrieveMultpleSecrets) // TODO is this still required?
 	protected.POST("/store", controllers.StoreSecret)
 	protected.POST("/update", controllers.UpdateSecret)
 	// TODO