From 1ffa19d225ac03254ba20e334d95313598404c2e Mon Sep 17 00:00:00 2001 From: Nathan Coad Date: Thu, 11 Jan 2024 12:10:43 +1100 Subject: [PATCH] work on read-only restrictions --- controllers/storeSecrets.go | 11 +---------- models/user.go | 5 ++++- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/controllers/storeSecrets.go b/controllers/storeSecrets.go index 9426710..daed340 100644 --- a/controllers/storeSecrets.go +++ b/controllers/storeSecrets.go @@ -93,15 +93,6 @@ func StoreSecret(c *gin.Context) { s.DeviceName = input.DeviceName s.DeviceCategory = input.DeviceCategory - // Query which safes the current user is allowed to access - /* - user_id, err := token.ExtractTokenID(c) - if err != nil { - c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"}) - return - } - */ - // Get userId that we stored in the context earlier if val, ok := c.Get("user-id"); !ok { c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"}) @@ -111,7 +102,7 @@ func StoreSecret(c *gin.Context) { //log.Printf("user_id: %v\n", user_id) } - // TODO replace FindSafeId with models.SecretsGetAllowed() + // TODO determine whether this access is readonly or not safeId, err := CheckSafeAllowed(UserId, input) if err != nil { diff --git a/models/user.go b/models/user.go index 884cf59..51d6acb 100644 --- a/models/user.go +++ b/models/user.go @@ -41,6 +41,7 @@ type UserSafe struct { User SafeId int `db:"SafeId"` SafeName string `db:"SafeName"` + ReadOnly bool `db:"ReadOnly" json:"readOnly"` //GroupId int `db:"GroupId"` } @@ -357,10 +358,12 @@ func UserGetSafesAllowed(userId int) ([]UserSafe, error) { var results []UserSafe + // TODO add union for permissions directly assigned to safe via UserId instead of GroupId + // join users, groups and permissions rows, err := db.Queryx(` SELECT users.UserId, users.GroupId, - permissions.SafeId, safes.SafeName FROM users + permissions.SafeId, permissions.ReadOnly, safes.SafeName FROM users INNER JOIN groups ON users.GroupId = groups.GroupId INNER JOIN permissions ON groups.GroupId = permissions.GroupId INNER JOIN safes on permissions.SafeId = safes.SafeId