From 309d9c8fa3fd84219fb057865d9ad02e8001a35c Mon Sep 17 00:00:00 2001
From: Nathan Coad <nathan@thecoads.com>
Date: Tue, 9 Jan 2024 11:17:32 +1100
Subject: [PATCH] try changing query

---
 models/secret.go | 26 ++++++++++++++++----------
 models/user.go   |  7 -------
 2 files changed, 16 insertions(+), 17 deletions(-)

diff --git a/models/secret.go b/models/secret.go
index 02f176c..8facef6 100644
--- a/models/secret.go
+++ b/models/secret.go
@@ -24,6 +24,12 @@ type Secret struct {
 	Secret         string `db:"Secret"`
 }
 
+// Used for querying all secrets the user has access to
+type UserSecret struct {
+	Group
+	Secret
+}
+
 const nonceSize = 12
 
 func (s *Secret) SaveSecret() (*Secret, error) {
@@ -59,16 +65,16 @@ func SecretsGetAllowedForGroup(s *Secret, userId int) ([]UserSecret, error) {
 	var err error
 	var secretResults []UserSecret
 
-	args := []interface{}{}
-	query := `SELECT users.UserId, users.GroupId, permissions.ReadOnly, permissions.SafeId, safes.SafeName, 
+	queryArgs := []interface{}{}
+	query := `SELECT permissions.ReadOnly, permissions.SafeId, safes.SafeName, 
 	secrets.SecretId, secrets.SafeId, secrets.DeviceName, secrets.DeviceCategory, secrets.UserName AS SecretUser, secrets.Secret
-	FROM users
-	INNER JOIN groups ON users.GroupId = groups.GroupId
+	FROM groups
+	INNER JOIN users ON users.GroupId = groups.GroupId
 	INNER JOIN permissions ON groups.GroupId = permissions.GroupId
 	INNER JOIN safes on permissions.SafeId = safes.SafeId
 	INNER JOIN secrets on secrets.SafeId = safes.SafeId
 	WHERE users.UserId = ?`
-	args = append(args, userId)
+	queryArgs = append(queryArgs, userId)
 
 	// Make sure at least one parameter was specified
 	if s.DeviceName == "" && s.DeviceCategory == "" && s.UserName == "" {
@@ -80,22 +86,22 @@ func SecretsGetAllowedForGroup(s *Secret, userId int) ([]UserSecret, error) {
 	// Add any other arguments to the query if they were specified
 	if s.DeviceName != "" {
 		query += " AND DeviceName LIKE ? "
-		args = append(args, s.DeviceName)
+		queryArgs = append(queryArgs, s.DeviceName)
 	}
 
 	if s.DeviceCategory != "" {
 		query += " AND DeviceCategory LIKE ? "
-		args = append(args, s.DeviceCategory)
+		queryArgs = append(queryArgs, s.DeviceCategory)
 	}
 
 	if s.UserName != "" {
 		query += " AND UserName LIKE ? "
-		args = append(args, s.UserName)
+		queryArgs = append(queryArgs, s.UserName)
 	}
 
 	// Execute the query
-	log.Printf("SecretsGetAllowedForGroup query string : '%s'\n%+v\n", query, args)
-	rows, err := db.Queryx(query, args...)
+	log.Printf("SecretsGetAllowedForGroup query string : '%s'\n%+v\n", query, queryArgs)
+	rows, err := db.Queryx(query, queryArgs...)
 
 	if err != nil {
 		log.Printf("SecretsGetAllowedForGroup error executing sql record : '%s'\n", err)
diff --git a/models/user.go b/models/user.go
index f0824f4..49aa108 100644
--- a/models/user.go
+++ b/models/user.go
@@ -43,13 +43,6 @@ type UserSafe struct {
 	GroupId  int    `db:"GroupId"`
 }
 
-// Used for querying all secrets the user has access to
-type UserSecret struct {
-	User
-	Group
-	Secret
-}
-
 func (u *User) SaveUser() (*User, error) {
 
 	var err error