combine sql query for user and group permissions

2024-01-09 14:52:03 +11:00
parent 92dcd67381
commit 90da2367be
2 changed files with 35 additions and 16 deletions
--- a/controllers/store_secrets.go
+++ b/controllers/store_secrets.go
@@ -285,7 +285,7 @@ func UpdateSecret(c *gin.Context) {
 	s.DeviceName = input.DeviceName
 	s.DeviceCategory = input.DeviceCategory
-	secretList, err := models.SecretsGetAllowedForGroup(&s, user_id)
+	secretList, err := models.SecretsGetAllowed(&s, user_id)
 	if err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("error determining secret : '%s'", err)})
--- a/models/secret.go
+++ b/models/secret.go
@@ -54,20 +54,20 @@ func (s *Secret) SaveSecret() (*Secret, error) {
 	return s, nil
 }
-func SecretsGetAllowedForUser(s *Secret, userId string) ([]UserSecret, error) {
+func SecretsGetAllowed(s *Secret, userId int) ([]UserSecret, error) {
 	// Query based on group
 	// SELECT users.UserId, users.GroupId, permissions.ReadOnly, permissions.SafeId, safes.SafeName, secrets.* FROM users INNER JOIN groups ON users.GroupId = groups.GroupId INNER JOIN permissions ON groups.GroupId = permissions.GroupId INNER JOIN safes on permissions.SafeId = safes.SafeId INNER JOIN secrets on secrets.SafeId = safes.SafeId WHERE users.UserId = 2
 	var secretResults []UserSecret
 	return secretResults, nil
 }
 func SecretsGetAllowedForGroup(s *Secret, userId int) ([]UserSecret, error) {
 	// Query based on group
 	// SELECT users.UserId, users.GroupId, permissions.ReadOnly, permissions.SafeId, safes.SafeName, secrets.* FROM users INNER JOIN groups ON users.GroupId = groups.GroupId INNER JOIN permissions ON groups.GroupId = permissions.GroupId INNER JOIN safes on permissions.SafeId = safes.SafeId INNER JOIN secrets on secrets.SafeId = safes.SafeId WHERE users.UserId = 2
 	var err error
 	var secretResults []UserSecret
 	// Make sure at least one parameter was specified
 	if s.DeviceName == "" && s.DeviceCategory == "" && s.UserName == "" {
 		err = errors.New("no search parameters specified")
 		log.Println(err)
 		return secretResults, err
 	}
 	// Query for group access
 	queryArgs := []interface{}{}
 	query := `SELECT users.UserId, users.GroupId, permissions.ReadOnly, permissions.SafeId, safes.SafeName, secrets.*
 	FROM users
@@ -78,13 +78,32 @@ func SecretsGetAllowedForGroup(s *Secret, userId int) ([]UserSecret, error) {
 	WHERE users.UserId = ? `
 	queryArgs = append(queryArgs, userId)
-	// Make sure at least one parameter was specified
+	// Add any other arguments to the query if they were specified
-	if s.DeviceName == "" && s.DeviceCategory == "" && s.UserName == "" {
+	if s.DeviceName != "" {
-		err = errors.New("no search parameters specified")
+		query += " AND DeviceName LIKE ? "
-		log.Println(err)
+		queryArgs = append(queryArgs, s.DeviceName)
 		return secretResults, err
 	}
 	if s.DeviceCategory != "" {
 		query += " AND DeviceCategory LIKE ? "
 		queryArgs = append(queryArgs, s.DeviceCategory)
 	}
 	if s.UserName != "" {
 		query += " AND secrets.UserName LIKE ? "
 		queryArgs = append(queryArgs, s.UserName)
 	}
 	// Query for user access
 	query += `UNION
 	SELECT users.UserId, users.GroupId, permissions.ReadOnly, permissions.SafeId, safes.SafeName, secrets.*
 	FROM users
 	INNER JOIN permissions ON users.UserId = permissions.UserId
 	INNER JOIN safes on permissions.SafeId = safes.SafeId
 	INNER JOIN secrets on secrets.SafeId = safes.SafeId
 	WHERE users.UserId = ?`
 	queryArgs = append(queryArgs, userId)
 	// Add any other arguments to the query if they were specified
 	if s.DeviceName != "" {
 		query += " AND DeviceName LIKE ? "
@@ -102,7 +121,7 @@ func SecretsGetAllowedForGroup(s *Secret, userId int) ([]UserSecret, error) {
 	}
 	// Execute the query
-	//log.Printf("SecretsGetAllowedForGroup query string : '%s'\n%+v\n", query, queryArgs)
+	log.Printf("SecretsGetAllowedForGroup query string : '%s'\n%+v\n", query, queryArgs)
 	rows, err := db.Queryx(query, queryArgs...)
 	if err != nil {