updates

controllers/retrieve_secrets.go

@@ -29,8 +29,8 @@ type ListSecret struct {
 
 func RetrieveSecret(c *gin.Context) {
 	var input RetrieveInput
-	var results []models.Secret
+	//var results []models.Secret
-	var userIsAdmin bool = false
+	//var userIsAdmin bool = false
 
 	// Validate the input matches our struct
 	if err := c.ShouldBindJSON(&input); err != nil {
@@ -55,6 +55,9 @@ func RetrieveSecret(c *gin.Context) {
 	s.DeviceCategory = input.DeviceCategory
 	s.UserName = input.UserName
 
+	retrieveSpecifiedSecret(&s, c)
+
+	/*
 		user_id, err := token.ExtractTokenID(c)
 		if err != nil {
 			c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
@@ -64,23 +67,30 @@ func RetrieveSecret(c *gin.Context) {
 		// Work out which safe to query for this user if the safe was not specified
 		safeList, err := models.UserGetSafesAllowed(int(user_id))
 
+		if err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user safes"})
+			return
+		}
+
 		// If there was only one result then just use that
 		if len(safeList) == 0 {
 			// check if the user is an admin, if not then they seem to have access to zero safes
 			if !models.UserCheckIfAdmin(int(user_id)) {
 				c.JSON(http.StatusBadRequest, gin.H{"error": "user has no access to any secrets"})
 				return
-		}
+			} else {
 				// Don't apply a role filter if user has admin role
-		results, err = models.GetSecrets(&s, userIsAdmin)
+				results, err = models.SecretsGetMultipleSafes(&s, true, []int{})
+			}
+
 		} else if len(safeList) == 1 {
 			s.SafeId = safeList[0].SafeId
 			userIsAdmin = safeList[0].AdminUser || safeList[0].AdminGroup
 			// Don't apply a role filter if user has admin role
-		results, err = models.GetSecrets(&s, userIsAdmin)
+			//results, err = models.GetSecrets(&s, userIsAdmin)
+			results, err = models.SecretsGetMultipleSafes(&s, userIsAdmin, []int{s.SafeId})
 		} else {
-		// TODO - this is tricky. How to query multiple safes?
+			// Create a list of all the safes this user can access
-
 			var safeIds []int
 			for _, safe := range safeList {
 				safeIds = append(safeIds, safe.SafeId)
@@ -94,6 +104,7 @@ func RetrieveSecret(c *gin.Context) {
 			return
 		}
 
+
 		if len(results) == 1 {
 			// output results as json
 			c.JSON(http.StatusOK, gin.H{"message": "success", "data": results})
@@ -104,6 +115,7 @@ func RetrieveSecret(c *gin.Context) {
 			c.JSON(http.StatusBadRequest, gin.H{"error": "found no matching secrets"})
 			return
 		}
+	*/
 }
 
 func RetrieveSecretByDevicename(c *gin.Context) {
@@ -163,23 +175,30 @@ func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
 	// Work out which safe to query for this user if the safe was not specified
 	safeList, err := models.UserGetSafesAllowed(int(user_id))
 
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user safes"})
+		return
+	}
+
 	// If there was only one result then just use that
 	if len(safeList) == 0 {
 		// check if the user is an admin, if not then they seem to have access to zero safes
 		if !models.UserCheckIfAdmin(int(user_id)) {
 			c.JSON(http.StatusBadRequest, gin.H{"error": "user has no access to any secrets"})
 			return
-		}
+		} else {
 			// Don't apply a role filter if user has admin role
-		results, err = models.GetSecrets(s, userIsAdmin)
+			results, err = models.SecretsGetMultipleSafes(s, true, []int{})
+		}
+
 	} else if len(safeList) == 1 {
 		s.SafeId = safeList[0].SafeId
 		userIsAdmin = safeList[0].AdminUser || safeList[0].AdminGroup
 		// Don't apply a role filter if user has admin role
-		results, err = models.GetSecrets(s, userIsAdmin)
+		//results, err = models.GetSecrets(&s, userIsAdmin)
+		results, err = models.SecretsGetMultipleSafes(s, userIsAdmin, []int{s.SafeId})
 	} else {
-		// TODO - this is tricky. How to query multiple safes?
+		// Create a list of all the safes this user can access
-
 		var safeIds []int
 		for _, safe := range safeList {
 			safeIds = append(safeIds, safe.SafeId)
@@ -188,6 +207,11 @@ func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
 		results, err = models.SecretsGetMultipleSafes(s, false, safeIds)
 	}
 
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
 	if len(results) == 1 {
 		// output results as json
 		c.JSON(http.StatusOK, gin.H{"message": "success", "data": results})

controllers/store_secrets.go

@@ -70,13 +70,14 @@ func StoreSecret(c *gin.Context) {
 		return
 	}
 
+	// TODO - replace this with a call to SecretsGetMultipleSafes
+
 	// If this secret already exists in the database then generate an error
 	checkExists, err := models.GetSecrets(&s, false)
 	if err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 		return
 	}
-
 	if len(checkExists) > 0 {
 		log.Printf("StoreSecret not storing secret with '%d' already matching secrets.\n", len(checkExists))
 		c.JSON(http.StatusBadRequest, gin.H{"error": "StoreSecret attempting to store secret already defined. Use update API call instead"})
@@ -156,6 +157,8 @@ func UpdateSecret(c *gin.Context) {
 
 	s.SafeId = safeId
 
+	// TODO - replace this with a call to SecretsGetMultipleSafes
+
 	// Confirm that the secret already exists
 	checkExists, err := models.GetSecrets(&s, false)
 	if err != nil {

models/secret.go

@@ -46,7 +46,7 @@ func (s *Secret) SaveSecret() (*Secret, error) {
 	return s, nil
 }
 
-// TODO - use this function when user has access to multiple safes
+// SecretsGetMultipleSafes queries the specified safes for matching secrets
 func SecretsGetMultipleSafes(s *Secret, adminRole bool, safeIds []int) ([]Secret, error) {
 	var err error
 	var secretResults []Secret
@@ -62,6 +62,12 @@ func SecretsGetMultipleSafes(s *Secret, adminRole bool, safeIds []int) ([]Secret
 		rows, err := db.Queryx(query, args)
 	*/
 
+	args := []interface{}{}
+	var query string
+	if adminRole {
+		// No need to limit query to any safe
+		query = "SELECT * FROM secrets WHERE 1=1 "
+	} else {
 		// Generate placeholders for the IN clause to match multiple SafeId values
 		placeholders := make([]string, len(safeIds))
 		for i := range safeIds {
@@ -69,15 +75,16 @@ func SecretsGetMultipleSafes(s *Secret, adminRole bool, safeIds []int) ([]Secret
 		}
 		placeholderStr := strings.Join(placeholders, ",")
 
-	query := fmt.Sprintf("SELECT * FROM secrets WHERE SafeId IN (%s) ", placeholderStr)
+		// Create query with the necessary placeholders
-	args := []interface{}{}
+		query = fmt.Sprintf("SELECT * FROM secrets WHERE SafeId IN (%s) ", placeholderStr)
 
-	// Add the Safe Ids
+		// Add the Safe Ids to the arguments list
 		for _, g := range safeIds {
 			args = append(args, g)
 		}
+	}
 
-	// Add any other parameters
+	// Add any other arguments to the query if they were specified
 	if s.DeviceName != "" {
 		query += " AND DeviceName LIKE ? "
 		args = append(args, s.DeviceName)
@@ -93,16 +100,6 @@ func SecretsGetMultipleSafes(s *Secret, adminRole bool, safeIds []int) ([]Secret
 		args = append(args, s.UserName)
 	}
 
-	/*
-		// Construct the query
-		query := fmt.Sprintf("SELECT * FROM users WHERE username = ? AND group IN (%s)", placeholderStr)
-		args := make([]interface{}, 0, len(groups)+1)
-		args = append(args, username)
-		for _, g := range safeIds {
-			args = append(args, g)
-		}
-	*/
-
 	// Execute the query
 	rows, err := db.Queryx(query, args...)
 

models/user.go

@@ -364,8 +364,7 @@ func UserGetSafesAllowed(userId int) ([]UserSafe, error) {
 	INNER JOIN groups ON users.GroupId = groups.GroupId
 	INNER JOIN permissions ON groups.GroupId = permissions.GroupId
 	INNER JOIN safes on permissions.SafeId = safes.SafeId
-	WHERE users.UserId=?"
+	WHERE users.UserId=?`, userId)
-	`, userId)
 	if err != nil {
 		log.Printf("UserGetSafesAllowed error executing sql record : '%s'\n", err)
 		return results, err