add search by username

README.md

@@ -80,6 +80,10 @@ WantedBy=multi-user.target
 ```
 ## API Usage
 
+API calls should return http status code of **200** if successful, or **4xx** if unsuccessful. API calls that are unsuccessful will also include a JSON response with the key `error` and a value of the reason for the failure. Successful API calls will include a `message` key with a value of either success or something more detailed such as "user deletion success"
+
+API calls that create or modify a record will include the created/updated record in the JSON response.
+
 ### Login
 **POST** `/api/login`
 
@@ -390,14 +394,21 @@ If the secretId is known, that can also be used to query for the secret. In this
 **GET** `/api/secret/retrieve/name/<searchname>`
 
 Search for a secret specified by deviceName using a GET request. 
-Must be logged in to execute this command. Only secrets registered with the current user's RoleId can be retrieved.
+Must be logged in to execute this command. Only secrets in safes that the current user can access can be retrieved.
 
 #### Search by device category
 
 **GET** `/api/secret/retrieve/category/<searchname>`
 
 Search for a secret specified by deviceCategory using a GET request. 
-Must be logged in to execute this command. Only secrets registered with the current user's RoleId can be retrieved.
+Must be logged in to execute this command. Only secrets in safes that the current user can access can be retrieved.
+
+#### Search by username
+
+**GET** `/api/secret/retrieve/user/<searchname>`
+
+Search for a secret specified by userName using a GET request. 
+Must be logged in to execute this command. Only secrets in safes that the current user can access can be retrieved.
 
 #### Update Secret
 **POST** `/api/secret/update`

controllers/retrieveSecrets.go

@@ -92,6 +92,20 @@ func RetrieveSecretByDevicecategory(c *gin.Context) {
 	retrieveSpecifiedSecret(&s, c)
 }
 
+func RetrieveSecretByUsername(c *gin.Context) {
+	userName := c.Param("username")
+
+	if userName == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "no username value specified"})
+		return
+	}
+
+	// Create object based on specified data
+	s := models.Secret{UserName: userName}
+
+	retrieveSpecifiedSecret(&s, c)
+}
+
 func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
 	/*
 		// Get the user and role id of the requestor

main.go

@@ -270,6 +270,9 @@ func main() {
 	// Other functions for admin
 	adminOnly.POST("/unlock", controllers.Unlock)
 	adminOnly.GET("/logs", controllers.GetAuditLogsHandler)
+	// TODO
+	//adminOnly.GET("/logs/secret/:id", controllers.GetAuditLogsBySecretHandler)
+	//adminOnly.GET("/logs/user/:id", controllers.GetAuditLogsByUserHandler)
 
 	// Get secrets
 	secretRoutes := router.Group("/api/secret")
@@ -293,6 +296,7 @@ func main() {
 	// See https://gin-gonic.com/docs/examples/param-in-path/
 	secretRoutes.GET("/retrieve/name/:devicename", controllers.RetrieveSecretByDevicename)
 	secretRoutes.GET("/retrieve/category/:devicecategory", controllers.RetrieveSecretByDevicecategory)
+	secretRoutes.GET("/retrieve/user/:username", controllers.RetrieveSecretByUsername)
 
 	// Initializing the server in a goroutine so that
 	// it won't block the graceful shutdown handling below