admin roles should be able to retrieve any secret
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
@@ -16,6 +16,7 @@ type RetrieveInput struct {
|
||||
|
||||
func RetrieveSecret(c *gin.Context) {
|
||||
var input RetrieveInput
|
||||
var results []models.Secret
|
||||
|
||||
// Validate the input matches our struct
|
||||
if err := c.ShouldBindJSON(&input); err != nil {
|
||||
@@ -37,7 +38,13 @@ func RetrieveSecret(c *gin.Context) {
|
||||
s.DeviceName = input.DeviceName
|
||||
s.DeviceCategory = input.DeviceCategory
|
||||
|
||||
results, err := models.GetSecrets(&s)
|
||||
// Don't apply a role filter if user has admin role
|
||||
if u.Admin {
|
||||
results, err = models.GetSecrets(&s, false)
|
||||
} else {
|
||||
results, err = models.GetSecrets(&s, true)
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
@@ -93,7 +100,7 @@ func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
|
||||
}
|
||||
s.RoleId = u.RoleId
|
||||
|
||||
results, err := models.GetSecrets(s)
|
||||
results, err := models.GetSecrets(s, false)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
@@ -142,7 +149,7 @@ func RetrieveMultpleSecrets(c *gin.Context) {
|
||||
s.DeviceName = input.DeviceName
|
||||
s.DeviceCategory = input.DeviceCategory
|
||||
|
||||
results, err := models.GetSecrets(&s)
|
||||
results, err := models.GetSecrets(&s, false)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
|
||||
@@ -51,7 +51,7 @@ func StoreSecret(c *gin.Context) {
|
||||
}
|
||||
|
||||
// If this secret already exists in the database then generate an error
|
||||
checkExists, err := models.GetSecrets(&s)
|
||||
checkExists, err := models.GetSecrets(&s, false)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
@@ -118,7 +118,7 @@ func UpdateSecret(c *gin.Context) {
|
||||
}
|
||||
|
||||
// Confirm that the secret already exists
|
||||
checkExists, err := models.GetSecrets(&s)
|
||||
checkExists, err := models.GetSecrets(&s, false)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
|
||||
@@ -45,25 +45,42 @@ func (s *Secret) SaveSecret() (*Secret, error) {
|
||||
}
|
||||
|
||||
// Returns all matching secrets, up to caller to determine how to deal with multiple results
|
||||
func GetSecrets(s *Secret) ([]Secret, error) {
|
||||
func GetSecrets(s *Secret, adminRole bool) ([]Secret, error) {
|
||||
var err error
|
||||
var rows *sqlx.Rows
|
||||
var secretResults []Secret
|
||||
|
||||
log.Printf("GetSecret querying values '%v'\n", s)
|
||||
|
||||
// Determine whether to query for a specific device or a category of devices
|
||||
// Prefer querying device name than category
|
||||
if s.DeviceName != "" && s.DeviceCategory != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND DeviceCategory LIKE ? AND RoleId = ?", s.DeviceName, s.DeviceCategory, s.RoleId)
|
||||
} else if s.DeviceName != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND RoleId = ?", s.DeviceName, s.RoleId)
|
||||
} else if s.DeviceCategory != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ? AND RoleId = ?", s.DeviceCategory, s.RoleId)
|
||||
// Admin roles should be able to access all secrets so don't do any filter based on RoleId
|
||||
if adminRole {
|
||||
// Determine whether to query for a specific device or a category of devices
|
||||
// Prefer querying device name than category
|
||||
if s.DeviceName != "" && s.DeviceCategory != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND DeviceCategory LIKE ?", s.DeviceName, s.DeviceCategory)
|
||||
} else if s.DeviceName != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ?", s.DeviceName)
|
||||
} else if s.DeviceCategory != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ?", s.DeviceCategory)
|
||||
} else {
|
||||
log.Printf("GetSecret no valid search options specified\n")
|
||||
err = errors.New("no valid search options specified")
|
||||
return secretResults, err
|
||||
}
|
||||
} else {
|
||||
log.Printf("GetSecret no valid search options specified\n")
|
||||
err = errors.New("no valid search options specified")
|
||||
return secretResults, err
|
||||
// Determine whether to query for a specific device or a category of devices
|
||||
// Prefer querying device name than category
|
||||
if s.DeviceName != "" && s.DeviceCategory != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND DeviceCategory LIKE ? AND RoleId = ?", s.DeviceName, s.DeviceCategory, s.RoleId)
|
||||
} else if s.DeviceName != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceName LIKE ? AND RoleId = ?", s.DeviceName, s.RoleId)
|
||||
} else if s.DeviceCategory != "" {
|
||||
rows, err = db.Queryx("SELECT * FROM secrets WHERE DeviceCategory LIKE ? AND RoleId = ?", s.DeviceCategory, s.RoleId)
|
||||
} else {
|
||||
log.Printf("GetSecret no valid search options specified\n")
|
||||
err = errors.New("no valid search options specified")
|
||||
return secretResults, err
|
||||
}
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user