diff --git a/controllers/store_secrets.go b/controllers/store_secrets.go index 893a6b6..c4d678f 100644 --- a/controllers/store_secrets.go +++ b/controllers/store_secrets.go @@ -285,7 +285,7 @@ func UpdateSecret(c *gin.Context) { s.DeviceName = input.DeviceName s.DeviceCategory = input.DeviceCategory - secretList, err := models.SecretsGetAllowedForGroup(&s, user_id) + secretList, err := models.SecretsGetAllowed(&s, user_id) if err != nil { c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("error determining secret : '%s'", err)}) diff --git a/models/secret.go b/models/secret.go index 361a264..18f46b1 100644 --- a/models/secret.go +++ b/models/secret.go @@ -54,20 +54,20 @@ func (s *Secret) SaveSecret() (*Secret, error) { return s, nil } -func SecretsGetAllowedForUser(s *Secret, userId string) ([]UserSecret, error) { - // Query based on group - // SELECT users.UserId, users.GroupId, permissions.ReadOnly, permissions.SafeId, safes.SafeName, secrets.* FROM users INNER JOIN groups ON users.GroupId = groups.GroupId INNER JOIN permissions ON groups.GroupId = permissions.GroupId INNER JOIN safes on permissions.SafeId = safes.SafeId INNER JOIN secrets on secrets.SafeId = safes.SafeId WHERE users.UserId = 2 - var secretResults []UserSecret - - return secretResults, nil -} - -func SecretsGetAllowedForGroup(s *Secret, userId int) ([]UserSecret, error) { +func SecretsGetAllowed(s *Secret, userId int) ([]UserSecret, error) { // Query based on group // SELECT users.UserId, users.GroupId, permissions.ReadOnly, permissions.SafeId, safes.SafeName, secrets.* FROM users INNER JOIN groups ON users.GroupId = groups.GroupId INNER JOIN permissions ON groups.GroupId = permissions.GroupId INNER JOIN safes on permissions.SafeId = safes.SafeId INNER JOIN secrets on secrets.SafeId = safes.SafeId WHERE users.UserId = 2 var err error var secretResults []UserSecret + // Make sure at least one parameter was specified + if s.DeviceName == "" && s.DeviceCategory == "" && s.UserName == "" { + err = errors.New("no search parameters specified") + log.Println(err) + return secretResults, err + } + + // Query for group access queryArgs := []interface{}{} query := `SELECT users.UserId, users.GroupId, permissions.ReadOnly, permissions.SafeId, safes.SafeName, secrets.* FROM users @@ -78,13 +78,32 @@ func SecretsGetAllowedForGroup(s *Secret, userId int) ([]UserSecret, error) { WHERE users.UserId = ? ` queryArgs = append(queryArgs, userId) - // Make sure at least one parameter was specified - if s.DeviceName == "" && s.DeviceCategory == "" && s.UserName == "" { - err = errors.New("no search parameters specified") - log.Println(err) - return secretResults, err + // Add any other arguments to the query if they were specified + if s.DeviceName != "" { + query += " AND DeviceName LIKE ? " + queryArgs = append(queryArgs, s.DeviceName) } + if s.DeviceCategory != "" { + query += " AND DeviceCategory LIKE ? " + queryArgs = append(queryArgs, s.DeviceCategory) + } + + if s.UserName != "" { + query += " AND secrets.UserName LIKE ? " + queryArgs = append(queryArgs, s.UserName) + } + + // Query for user access + query += `UNION + SELECT users.UserId, users.GroupId, permissions.ReadOnly, permissions.SafeId, safes.SafeName, secrets.* + FROM users + INNER JOIN permissions ON users.UserId = permissions.UserId + INNER JOIN safes on permissions.SafeId = safes.SafeId + INNER JOIN secrets on secrets.SafeId = safes.SafeId + WHERE users.UserId = ?` + queryArgs = append(queryArgs, userId) + // Add any other arguments to the query if they were specified if s.DeviceName != "" { query += " AND DeviceName LIKE ? " @@ -102,7 +121,7 @@ func SecretsGetAllowedForGroup(s *Secret, userId int) ([]UserSecret, error) { } // Execute the query - //log.Printf("SecretsGetAllowedForGroup query string : '%s'\n%+v\n", query, queryArgs) + log.Printf("SecretsGetAllowedForGroup query string : '%s'\n%+v\n", query, queryArgs) rows, err := db.Queryx(query, queryArgs...) if err != nil {