work on read-only restrictions

controllers/storeSecrets.go

@@ -93,15 +93,6 @@ func StoreSecret(c *gin.Context) {
 	s.DeviceName = input.DeviceName
 	s.DeviceCategory = input.DeviceCategory
 
-	// Query which safes the current user is allowed to access
-	/*
-		user_id, err := token.ExtractTokenID(c)
-		if err != nil {
-			c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
-			return
-		}
-	*/
-
 	// Get userId that we stored in the context earlier
 	if val, ok := c.Get("user-id"); !ok {
 		c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
@@ -111,7 +102,7 @@ func StoreSecret(c *gin.Context) {
 		//log.Printf("user_id: %v\n", user_id)
 	}
 
-	// TODO replace FindSafeId with models.SecretsGetAllowed()
+	// TODO determine whether this access is readonly or not
 
 	safeId, err := CheckSafeAllowed(UserId, input)
 	if err != nil {

models/user.go

@@ -41,6 +41,7 @@ type UserSafe struct {
 	User
 	SafeId   int    `db:"SafeId"`
 	SafeName string `db:"SafeName"`
+	ReadOnly bool   `db:"ReadOnly" json:"readOnly"`
 	//GroupId  int    `db:"GroupId"`
 }
 
@@ -357,10 +358,12 @@ func UserGetSafesAllowed(userId int) ([]UserSafe, error) {
 
 	var results []UserSafe
 
+	// TODO add union for permissions directly assigned to safe via UserId instead of GroupId
+
 	// join users, groups and permissions
 	rows, err := db.Queryx(`
 	SELECT users.UserId, users.GroupId,
-	permissions.SafeId, safes.SafeName FROM users
+	permissions.SafeId, permissions.ReadOnly, safes.SafeName FROM users
 	INNER JOIN groups ON users.GroupId = groups.GroupId
 	INNER JOIN permissions ON groups.GroupId = permissions.GroupId
 	INNER JOIN safes on permissions.SafeId = safes.SafeId