allow use of secretId when performing operations on secrets

2024-01-16 16:08:40 +11:00
parent c99ffa8368
commit 498dd9a8c3
4 changed files with 38 additions and 10 deletions
--- a/models/secret.go
+++ b/models/secret.go
@@ -88,6 +88,11 @@ func SecretsGetAllowed(s *Secret, userId int) ([]UserSecret, error) {
 	queryArgs = append(queryArgs, userId)

 	// Add any other arguments to the query if they were specified
+	if s.SecretId > 0 {
+		query += " AND SecretId = ? "
+		queryArgs = append(queryArgs, s.SecretId)
+	}
+
 	if s.DeviceName != "" {
 		query += " AND DeviceName LIKE ? "
 		queryArgs = append(queryArgs, s.DeviceName)
@@ -175,7 +180,7 @@ func SecretsGetFromMultipleSafes(s *Secret, safeIds []int) ([]Secret, error) {
 	var err error
 	var secretResults []Secret

-	args := []interface{}{}
+	queryArgs := []interface{}{}
 	var query string
 	// Generate placeholders for the IN clause to match multiple SafeId values
 	placeholders := make([]string, len(safeIds))
@@ -189,28 +194,33 @@ func SecretsGetFromMultipleSafes(s *Secret, safeIds []int) ([]Secret, error) {

 	// Add the Safe Ids to the arguments list
 	for _, g := range safeIds {
-		args = append(args, g)
+		queryArgs = append(queryArgs, g)
 	}

 	// Add any other arguments to the query if they were specified
+	if s.SecretId > 0 {
+		query += " AND SecretId = ? "
+		queryArgs = append(queryArgs, s.SecretId)
+	}
+
 	if s.DeviceName != "" {
 		query += " AND DeviceName LIKE ? "
-		args = append(args, s.DeviceName)
+		queryArgs = append(queryArgs, s.DeviceName)
 	}

 	if s.DeviceCategory != "" {
 		query += " AND DeviceCategory LIKE ? "
-		args = append(args, s.DeviceCategory)
+		queryArgs = append(queryArgs, s.DeviceCategory)
 	}

 	if s.UserName != "" {
 		query += " AND UserName LIKE ? "
-		args = append(args, s.UserName)
+		queryArgs = append(queryArgs, s.UserName)
 	}

 	// Execute the query
-	log.Printf("SecretsGetMultipleSafes query string :\n'%s'\nQuery Args : %+v\n", query, args)
-	rows, err := db.Queryx(query, args...)
+	log.Printf("SecretsGetMultipleSafes query string :\n'%s'\nQuery Args : %+v\n", query, queryArgs)
+	rows, err := db.Queryx(query, queryArgs...)

 	if err != nil {
 		log.Printf("SecretsGetMultipleSafes error executing sql record : '%s'\n", err)