nathan/smt
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases 2 Wiki Activity

improve README
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Nathan Coad
2024-01-09 15:28:38 +11:00
parent 43fa0b02aa
commit 00f87ccb71
3 changed files with 41 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
README.md
View File

@@ -107,20 +107,31 @@ This API call can only be made once after the service has started. Subsequent ca
### User Operations ### User Operations
#### Register User #### Register User
POST `/api/admin/user/register` POST `/api/admin/user/add`
Data Create a new user record by specifying groupId
Body
``` ```
{ {
"username": "", "userName": "Test User",
"password": "", "password": "Example Password",
"RoleId": 2 "groupId": "1",
} }
``` ```
OLD: This operation can only be performed by a user with a role that is admin enabled. There are 3 built in roles, which can be viewed via the `/api/admin/roles` endpoint. Create a new user record by specifying groupName
Body
```
{
"userName": "Test User",
"password": "Example Password",
"groupName": "Users",
}
```
NEW: This operation can only be performed by a user that is a member of a group with the admin flag enabled. Registering a user requires specifying the group to which the user will belong. There are 2 built-in groups, with groupName of 'Administrators' or 'Users' and corresponding groupId of 1 and 2 respectively. Available groups can be retrieved via the `/api/admin/groups/list`
This operation can only be performed by a user that is a member of a group with the admin flag enabled, or a user who has the admin flag enabled individually on their database record.
#### Remove User #### Remove User
POST `/api/admin/user/delete` POST `/api/admin/user/delete`
@@ -134,13 +145,21 @@ Data
This operation can only be performed by a user with a role that is admin enabled. Removes user account corresponding to specified userName. This operation can only be performed by a user with a role that is admin enabled. Removes user account corresponding to specified userName.
#### List Users #### List Users
GET `/api/admin/users` GET `/api/admin/users`
This operation can only be performed by a user with a role that is admin enabled. Lists currently defined users. This operation can only be performed by a user with a role that is admin enabled. Lists currently defined users.
### Role Operations ### Group Operations
#### List Groups
GET `/api/admin/groups/list`
This operations has not yet been implemented.
This operation can only be performed by a user with a role that is admin enabled. Lists currently defined groups.
### Role Operations - Deprecated
#### List Roles #### List Roles
GET `/api/admin/roles` GET `/api/admin/roles`

36
controllers/retrieve_secrets.go
View File

@@ -216,38 +216,24 @@ func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
return return
} }
} }
func ListSecrets(c *gin.Context) { func ListSecrets(c *gin.Context) {
var UserId int
var output []ListSecret var output []ListSecret
// TODO implement with new schema
/*
var results []models.Secret
// Get the user and role id of the requestor
u, err := models.UserGetRoleFromToken(c)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
// If user is admin then list everything, otherwise only list for current role
results, err = models.GetSecrets(&models.Secret{RoleId: u.RoleId}, u.Admin)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
return
}
for _, v := range results {
output = append(output, ListSecret(v))
}
*/
var results []models.Secret var results []models.Secret
s := models.Secret{} s := models.Secret{}
user_id := c.GetInt("user-id")
// Get userId that we stored in the context earlier
if val, ok := c.Get("user-id"); !ok {
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
return
} else {
UserId = val.(int)
}
// Work out which safe to query for this user if the safe was not specified // Work out which safe to query for this user if the safe was not specified
safeList, err := models.UserGetSafesAllowed(int(user_id)) safeList, err := models.UserGetSafesAllowed(int(UserId))
if err != nil { if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user safes"}) c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user safes"})

3
main.go
View File

@@ -246,6 +246,7 @@ func main() {
adminOnly.POST("/user/add", controllers.RegisterUser) adminOnly.POST("/user/add", controllers.RegisterUser)
// TODO // TODO
//adminOnly.POST("/user/update", controllers.UpdateUser) //adminOnly.POST("/user/update", controllers.UpdateUser)
//adminOnly.GET("/groups/list", controllers.ListGroups)
adminOnly.GET("/users", controllers.GetUsers) adminOnly.GET("/users", controllers.GetUsers)
adminOnly.POST("/unlock", controllers.Unlock) adminOnly.POST("/unlock", controllers.Unlock)
@@ -258,7 +259,7 @@ func main() {
protected.Use(middlewares.JwtAuthMiddleware()) protected.Use(middlewares.JwtAuthMiddleware())
protected.POST("/retrieve", controllers.RetrieveSecret) protected.POST("/retrieve", controllers.RetrieveSecret)
protected.GET("/list", controllers.ListSecrets) protected.GET("/list", controllers.ListSecrets)
protected.POST("/retrieveMultiple", controllers.RetrieveMultpleSecrets) protected.POST("/retrieveMultiple", controllers.RetrieveMultpleSecrets) // TODO is this still required?
protected.POST("/store", controllers.StoreSecret) protected.POST("/store", controllers.StoreSecret)
protected.POST("/update", controllers.UpdateSecret) protected.POST("/update", controllers.UpdateSecret)
// TODO // TODO