try getting ListSecret to work again

2024-01-08 16:04:01 +11:00
parent 46567ab1a4
commit affe9021aa
1 changed files with 51 additions and 1 deletions
--- a/controllers/retrieve_secrets.go
+++ b/controllers/retrieve_secrets.go
@@ -18,8 +18,8 @@ type RetrieveInput struct {
 }
 type ListSecret struct {
 	SecretId int `db:"SecretId" json:"-"`
 	//RoleId         int    `db:"RoleId" json:"-"`
 	SecretId       int    `db:"SecretId" json:"-"`
 	SafeId         int    `db:"SafeId"`
 	DeviceName     string `db:"DeviceName"`
 	DeviceCategory string `db:"DeviceCategory"`
@@ -248,6 +248,56 @@ func ListSecrets(c *gin.Context) {
 			output = append(output, ListSecret(v))
 		}
 	*/
 	var results []models.Secret
 	var userIsAdmin = false
 	user_id, err := token.ExtractTokenID(c)
 	if err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
 		return
 	}
 	// Work out which safe to query for this user if the safe was not specified
 	safeList, err := models.UserGetSafesAllowed(int(user_id))
 	if err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user safes"})
 		return
 	}
 	// If there was only one result then just use that
 	if len(safeList) == 0 {
 		// check if the user is an admin, if not then they seem to have access to zero safes
 		if !models.UserCheckIfAdmin(int(user_id)) {
 			c.JSON(http.StatusBadRequest, gin.H{"error": "user has no access to any secrets"})
 			return
 		} else {
 			// Don't apply a role filter if user has admin role
 			results, err = models.SecretsGetMultipleSafes(&models.Secret{}, true, []int{})
 		}
 	} else if len(safeList) == 1 {
 		userIsAdmin = safeList[0].AdminUser || safeList[0].AdminGroup
 		results, err = models.SecretsGetMultipleSafes(&models.Secret{}, userIsAdmin, []int{safeList[0].SafeId})
 	} else {
 		// Create a list of all the safes this user can access
 		var safeIds []int
 		for _, safe := range safeList {
 			safeIds = append(safeIds, safe.SafeId)
 		}
 		results, err = models.SecretsGetMultipleSafes(&models.Secret{}, false, safeIds)
 	}
 	if err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 		return
 	}
 	for _, v := range results {
 		output = append(output, ListSecret(v))
 	}
 	// output results as json
 	c.JSON(http.StatusOK, gin.H{"message": "success", "data": output})