nathan/smt
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases 2 Wiki Activity

admin roles should be able to retrieve any secret
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Nathan Coad
2023-04-05 10:42:35 +10:00
parent 1f80d0b9ad
commit 70f8103901
3 changed files with 41 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
models/secret.go
View File

@@ -45,25 +45,42 @@ func (s *Secret) SaveSecret() (*Secret, error) {
}
// Returns all matching secrets, up to caller to determine how to deal with multiple results
func GetSecrets(s *Secret) ([]Secret, error) {
func GetSecrets(s *Secret, adminRole bool) ([]Secret, error) {
var err error
var rows *sqlx.Rows
var secretResults []Secret
log.Printf("GetSecret querying values '%v'\n", s)
// Determine whether to query for a specific device or a category of devices
// Prefer querying device name than category
if s.DeviceName != "" && s.DeviceCategory != "" {
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND DeviceCategory LIKE ? AND RoleId = ?", s.DeviceName, s.DeviceCategory, s.RoleId)
} else if s.DeviceName != "" {
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND RoleId = ?", s.DeviceName, s.RoleId)
} else if s.DeviceCategory != "" {
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ? AND RoleId = ?", s.DeviceCategory, s.RoleId)
// Admin roles should be able to access all secrets so don't do any filter based on RoleId
if adminRole {
// Determine whether to query for a specific device or a category of devices
// Prefer querying device name than category
if s.DeviceName != "" && s.DeviceCategory != "" {
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND DeviceCategory LIKE ?", s.DeviceName, s.DeviceCategory)
} else if s.DeviceName != "" {
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ?", s.DeviceName)
} else if s.DeviceCategory != "" {
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ?", s.DeviceCategory)
} else {
log.Printf("GetSecret no valid search options specified\n")
err = errors.New("no valid search options specified")
return secretResults, err
}
} else {
log.Printf("GetSecret no valid search options specified\n")
err = errors.New("no valid search options specified")
return secretResults, err
// Determine whether to query for a specific device or a category of devices
// Prefer querying device name than category
if s.DeviceName != "" && s.DeviceCategory != "" {
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND DeviceCategory LIKE ? AND RoleId = ?", s.DeviceName, s.DeviceCategory, s.RoleId)
} else if s.DeviceName != "" {
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND RoleId = ?", s.DeviceName, s.RoleId)
} else if s.DeviceCategory != "" {
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ? AND RoleId = ?", s.DeviceCategory, s.RoleId)
} else {
log.Printf("GetSecret no valid search options specified\n")
err = errors.New("no valid search options specified")
return secretResults, err
}
}
if err != nil {