work on determining which secrets accessible to user

models/secret.go

@@ -16,8 +16,7 @@ import (
 
 // We use the json:"-" field tag to prevent showing these details to the user
 type Secret struct {
-	SecretId int `db:"SecretId" json:"-"`
-	//RoleId         int    `db:"RoleId" json:"-"`
+	SecretId       int    `db:"SecretId" json:"-"`
 	SafeId         int    `db:"SafeId"`
 	DeviceName     string `db:"DeviceName"`
 	DeviceCategory string `db:"DeviceCategory"`
@@ -46,6 +45,81 @@ func (s *Secret) SaveSecret() (*Secret, error) {
 	return s, nil
 }
 
+func SecretsGetAllowedForUser(s *Secret, userId string) ([]UserSecret, error) {
+	// Query based on group
+	// SELECT users.UserId, users.GroupId, permissions.ReadOnly, permissions.SafeId, safes.SafeName, secrets.* FROM users INNER JOIN groups ON users.GroupId = groups.GroupId INNER JOIN permissions ON groups.GroupId = permissions.GroupId INNER JOIN safes on permissions.SafeId = safes.SafeId INNER JOIN secrets on secrets.SafeId = safes.SafeId WHERE users.UserId = 2
+	var secretResults []UserSecret
+
+	return secretResults, nil
+}
+
+func SecretsGetAllowedForGroup(s *Secret, userId int) ([]UserSecret, error) {
+	// Query based on group
+	// SELECT users.UserId, users.GroupId, permissions.ReadOnly, permissions.SafeId, safes.SafeName, secrets.* FROM users INNER JOIN groups ON users.GroupId = groups.GroupId INNER JOIN permissions ON groups.GroupId = permissions.GroupId INNER JOIN safes on permissions.SafeId = safes.SafeId INNER JOIN secrets on secrets.SafeId = safes.SafeId WHERE users.UserId = 2
+	var err error
+	var secretResults []UserSecret
+
+	args := []interface{}{}
+	query := "users.UserId, users.GroupId, permissions.ReadOnly, permissions.SafeId, safes.SafeName, secrets.* FROM users INNER JOIN groups ON users.GroupId = groups.GroupId INNER JOIN permissions ON groups.GroupId = permissions.GroupId INNER JOIN safes on permissions.SafeId = safes.SafeId INNER JOIN secrets on secrets.SafeId = safes.SafeId WHERE users.UserId = ? "
+	args = append(args, userId)
+
+	// Make sure at least one parameter was specified
+	if s.DeviceName == "" && s.DeviceCategory == "" && s.UserName == "" {
+		err = errors.New("no search parameters specified")
+		log.Println(err)
+		return secretResults, err
+	}
+
+	// Add any other arguments to the query if they were specified
+	if s.DeviceName != "" {
+		query += " AND DeviceName LIKE ? "
+		args = append(args, s.DeviceName)
+	}
+
+	if s.DeviceCategory != "" {
+		query += " AND DeviceCategory LIKE ? "
+		args = append(args, s.DeviceCategory)
+	}
+
+	if s.UserName != "" {
+		query += " AND UserName LIKE ? "
+		args = append(args, s.UserName)
+	}
+
+	// Execute the query
+	log.Printf("SecretsGetAllowedForGroup query string : '%s'\n%+v\n", query, args)
+	rows, err := db.Queryx(query, args...)
+
+	if err != nil {
+		log.Printf("SecretsGetAllowedForGroup error executing sql record : '%s'\n", err)
+		return secretResults, err
+	} else {
+		// parse all the results into a slice
+		for rows.Next() {
+			var r UserSecret
+			err = rows.StructScan(&r)
+			if err != nil {
+				log.Printf("SecretsGetAllowedForGroup error parsing sql record : '%s'\n", err)
+				return secretResults, err
+			}
+
+			// Decrypt the secret
+			_, err = r.DecryptSecret()
+			if err != nil {
+				//log.Printf("GetSecret unable to decrypt stored secret '%v' : '%s'\n", r.Secret, err)
+				log.Printf("SecretsGetAllowedForGroup unable to decrypt stored secret : '%s'\n", err)
+				return secretResults, err
+			} else {
+				secretResults = append(secretResults, r)
+			}
+
+		}
+		log.Printf("SecretsGetAllowedForGroup retrieved '%d' results\n", len(secretResults))
+	}
+
+	return secretResults, nil
+}
+
 func SecretsSearchAllSafes(s *Secret) ([]Secret, error) {
 	var err error
 	var secretResults []Secret