diff --git a/controllers/retrieve_secrets.go b/controllers/retrieve_secrets.go
index 20f04e5..19fe194 100644
--- a/controllers/retrieve_secrets.go
+++ b/controllers/retrieve_secrets.go
@@ -18,8 +18,8 @@ type RetrieveInput struct {
 }
 
 type ListSecret struct {
-	SecretId int `db:"SecretId" json:"-"`
 	//RoleId         int    `db:"RoleId" json:"-"`
+	SecretId       int    `db:"SecretId" json:"-"`
 	SafeId         int    `db:"SafeId"`
 	DeviceName     string `db:"DeviceName"`
 	DeviceCategory string `db:"DeviceCategory"`
@@ -248,6 +248,56 @@ func ListSecrets(c *gin.Context) {
 			output = append(output, ListSecret(v))
 		}
 	*/
+
+	var results []models.Secret
+	var userIsAdmin = false
+	user_id, err := token.ExtractTokenID(c)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
+		return
+	}
+
+	// Work out which safe to query for this user if the safe was not specified
+	safeList, err := models.UserGetSafesAllowed(int(user_id))
+
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user safes"})
+		return
+	}
+
+	// If there was only one result then just use that
+	if len(safeList) == 0 {
+		// check if the user is an admin, if not then they seem to have access to zero safes
+		if !models.UserCheckIfAdmin(int(user_id)) {
+			c.JSON(http.StatusBadRequest, gin.H{"error": "user has no access to any secrets"})
+			return
+		} else {
+			// Don't apply a role filter if user has admin role
+			results, err = models.SecretsGetMultipleSafes(&models.Secret{}, true, []int{})
+		}
+
+	} else if len(safeList) == 1 {
+		userIsAdmin = safeList[0].AdminUser || safeList[0].AdminGroup
+		results, err = models.SecretsGetMultipleSafes(&models.Secret{}, userIsAdmin, []int{safeList[0].SafeId})
+	} else {
+		// Create a list of all the safes this user can access
+		var safeIds []int
+		for _, safe := range safeList {
+			safeIds = append(safeIds, safe.SafeId)
+		}
+
+		results, err = models.SecretsGetMultipleSafes(&models.Secret{}, false, safeIds)
+	}
+
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
+	for _, v := range results {
+		output = append(output, ListSecret(v))
+	}
+
 	// output results as json
 	c.JSON(http.StatusOK, gin.H{"message": "success", "data": output})