From 4bc430633ecad75a551f0cb636c29504cd8de762 Mon Sep 17 00:00:00 2001
From: Nathan Coad <nathan@thecoads.com>
Date: Tue, 23 Jan 2024 12:09:02 +1100
Subject: [PATCH] fix audit message

---
 controllers/retrieveSecrets.go |  2 +-
 models/secret.go               | 10 ++++++----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/controllers/retrieveSecrets.go b/controllers/retrieveSecrets.go
index 701a477..df6eda5 100644
--- a/controllers/retrieveSecrets.go
+++ b/controllers/retrieveSecrets.go
@@ -161,7 +161,7 @@ func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
 			UserId:    UserId,
 			SecretId:  results[i].SecretId,
 			IpAddress: c.ClientIP(),
-			EventText: fmt.Sprintf("User %s retrieved Secret Id %d", results[0].UserName, results[i].SecretId),
+			EventText: fmt.Sprintf("User %s retrieved SecretId %d", safeList[0].User.UserName, results[i].SecretId),
 		}
 		a.AuditLogAdd()
 	}
diff --git a/models/secret.go b/models/secret.go
index dafb885..9f59079 100644
--- a/models/secret.go
+++ b/models/secret.go
@@ -42,7 +42,8 @@ type SecretRestricted struct {
 // Since there are some ambiguous column names (eg UserName is present in both users and secrets table), the order of fields in this struct matters
 type UserSecret struct {
 	Secret
-	UserUserId int `db:"UserUserId"`
+	UserUserId   int    `db:"UserUserId"`
+	UserUserName string `db:"UserUserName"`
 	User
 	//Group
 	Permission
@@ -85,7 +86,7 @@ func SecretsGetAllowed(s *Secret, userId int) ([]UserSecret, error) {
 	// Query for group access
 	queryArgs := []interface{}{}
 	query := `
-		SELECT users.UserId AS UserUserId, permissions.*,
+		SELECT users.UserId AS UserUserId, users.UserName AS UserUserName, permissions.*,
 		secrets.SecretId, secrets.SafeId, secrets.DeviceName, secrets.DeviceCategory, secrets.UserName
 		FROM users
 		INNER JOIN groups ON users.GroupId = groups.GroupId
@@ -118,7 +119,7 @@ func SecretsGetAllowed(s *Secret, userId int) ([]UserSecret, error) {
 	// Query for user access
 	query += `
 		UNION
-		SELECT users.UserId AS UserUserId, permissions.*,
+		SELECT users.UserId AS UserUserId, users.UserName AS UserUserName, permissions.*,
 		secrets.SecretId, secrets.SafeId, secrets.DeviceName, secrets.DeviceCategory, secrets.UserName
 		FROM users
 		INNER JOIN permissions ON users.UserId = permissions.UserId
@@ -148,7 +149,7 @@ func SecretsGetAllowed(s *Secret, userId int) ([]UserSecret, error) {
 	}
 
 	// Execute the query
-	log.Printf("SecretsGetAllowed query string : '%s'\nArguments:%+v\n", query, queryArgs)
+	//log.Printf("SecretsGetAllowed query string : '%s'\nArguments:%+v\n", query, queryArgs)
 	rows, err := db.Queryx(query, queryArgs...)
 
 	if err != nil {
@@ -172,6 +173,7 @@ func SecretsGetAllowed(s *Secret, userId int) ([]UserSecret, error) {
 
 			// work around to get the UserId populated in the User field of the struct
 			r.User.UserId = r.UserUserId
+			r.User.UserName = r.UserUserName
 
 			// For debugging purposes
 			debugPrint := utils.PrintStructContents(&r, 0)