admin roles should be able to retrieve any secret

controllers/retrieve_secrets.go

@@ -16,6 +16,7 @@ type RetrieveInput struct {
 
 func RetrieveSecret(c *gin.Context) {
 	var input RetrieveInput
+	var results []models.Secret
 
 	// Validate the input matches our struct
 	if err := c.ShouldBindJSON(&input); err != nil {
@@ -37,7 +38,13 @@ func RetrieveSecret(c *gin.Context) {
 	s.DeviceName = input.DeviceName
 	s.DeviceCategory = input.DeviceCategory
 
-	results, err := models.GetSecrets(&s)
+	// Don't apply a role filter if user has admin role
+	if u.Admin {
+		results, err = models.GetSecrets(&s, false)
+	} else {
+		results, err = models.GetSecrets(&s, true)
+	}
+
 	if err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 		return
@@ -93,7 +100,7 @@ func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
 	}
 	s.RoleId = u.RoleId
 
-	results, err := models.GetSecrets(s)
+	results, err := models.GetSecrets(s, false)
 	if err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 		return
@@ -142,7 +149,7 @@ func RetrieveMultpleSecrets(c *gin.Context) {
 	s.DeviceName = input.DeviceName
 	s.DeviceCategory = input.DeviceCategory
 
-	results, err := models.GetSecrets(&s)
+	results, err := models.GetSecrets(&s, false)
 	if err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 		return