try to improve ListSecrets
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
@@ -1,6 +1,7 @@
|
|||||||
package controllers
|
package controllers
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
"smt/models"
|
"smt/models"
|
||||||
@@ -221,7 +222,7 @@ func ListSecrets(c *gin.Context) {
|
|||||||
var UserId int
|
var UserId int
|
||||||
var output []ListSecret
|
var output []ListSecret
|
||||||
|
|
||||||
var results []models.Secret
|
//var results []models.Secret
|
||||||
s := models.Secret{}
|
s := models.Secret{}
|
||||||
|
|
||||||
// Get userId that we stored in the context earlier
|
// Get userId that we stored in the context earlier
|
||||||
@@ -232,41 +233,56 @@ func ListSecrets(c *gin.Context) {
|
|||||||
UserId = val.(int)
|
UserId = val.(int)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Work out which safe to query for this user if the safe was not specified
|
secretList, err := models.SecretsGetAllowed(&s, UserId)
|
||||||
safeList, err := models.UserGetSafesAllowed(int(UserId))
|
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user safes"})
|
errString := fmt.Sprintf("error getting allowed secrets : '%s'", err)
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// If there was only one result then just use that
|
|
||||||
if len(safeList) == 0 {
|
|
||||||
errString := "no matching secret or user has no access to specified secret"
|
|
||||||
log.Printf("ListSecrets %s\n", errString)
|
log.Printf("ListSecrets %s\n", errString)
|
||||||
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
||||||
return
|
return
|
||||||
} else if len(safeList) == 1 {
|
}
|
||||||
s.SafeId = safeList[0].SafeId
|
|
||||||
results, err = models.SecretsGetMultipleSafes(&s, []int{s.SafeId})
|
// Extract the normal secret fields from the allowed list
|
||||||
} else {
|
for _, secret := range secretList {
|
||||||
// Create a list of all the safes this user can access
|
output = append(output, ListSecret(secret.Secret))
|
||||||
var safeIds []int
|
}
|
||||||
for _, safe := range safeList {
|
|
||||||
safeIds = append(safeIds, safe.SafeId)
|
/*
|
||||||
|
// Work out which safe to query for this user if the safe was not specified
|
||||||
|
safeList, err := models.UserGetSafesAllowed(int(UserId))
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user safes"})
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
results, err = models.SecretsGetMultipleSafes(&s, safeIds)
|
// If there was only one result then just use that
|
||||||
}
|
if len(safeList) == 0 {
|
||||||
|
errString := "no matching secret or user has no access to specified secret"
|
||||||
|
log.Printf("ListSecrets %s\n", errString)
|
||||||
|
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
||||||
|
return
|
||||||
|
} else if len(safeList) == 1 {
|
||||||
|
s.SafeId = safeList[0].SafeId
|
||||||
|
results, err = models.SecretsGetMultipleSafes(&s, []int{s.SafeId})
|
||||||
|
} else {
|
||||||
|
// Create a list of all the safes this user can access
|
||||||
|
var safeIds []int
|
||||||
|
for _, safe := range safeList {
|
||||||
|
safeIds = append(safeIds, safe.SafeId)
|
||||||
|
}
|
||||||
|
|
||||||
if err != nil {
|
results, err = models.SecretsGetMultipleSafes(&s, safeIds)
|
||||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
}
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, v := range results {
|
if err != nil {
|
||||||
output = append(output, ListSecret(v))
|
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||||
}
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, v := range results {
|
||||||
|
output = append(output, ListSecret(v))
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
|
||||||
// output results as json
|
// output results as json
|
||||||
c.JSON(http.StatusOK, gin.H{"message": "success", "data": output})
|
c.JSON(http.StatusOK, gin.H{"message": "success", "data": output})
|
||||||
|
|||||||
@@ -336,7 +336,7 @@ func UpdateSecret(c *gin.Context) {
|
|||||||
func DeleteSecret(c *gin.Context) {
|
func DeleteSecret(c *gin.Context) {
|
||||||
var err error
|
var err error
|
||||||
var input SecretInput
|
var input SecretInput
|
||||||
var user_id int
|
var UserId int
|
||||||
|
|
||||||
if err := c.ShouldBindJSON(&input); err != nil {
|
if err := c.ShouldBindJSON(&input); err != nil {
|
||||||
c.JSON(http.StatusBadRequest, gin.H{"error": "DeleteSecret error binding to input JSON : " + err.Error()})
|
c.JSON(http.StatusBadRequest, gin.H{"error": "DeleteSecret error binding to input JSON : " + err.Error()})
|
||||||
@@ -350,7 +350,7 @@ func DeleteSecret(c *gin.Context) {
|
|||||||
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
|
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
|
||||||
return
|
return
|
||||||
} else {
|
} else {
|
||||||
user_id = val.(int)
|
UserId = val.(int)
|
||||||
//log.Printf("user_id: %v\n", user_id)
|
//log.Printf("user_id: %v\n", user_id)
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -361,7 +361,7 @@ func DeleteSecret(c *gin.Context) {
|
|||||||
s.DeviceName = input.DeviceName
|
s.DeviceName = input.DeviceName
|
||||||
s.DeviceCategory = input.DeviceCategory
|
s.DeviceCategory = input.DeviceCategory
|
||||||
|
|
||||||
secretList, err := models.SecretsGetAllowed(&s, user_id)
|
secretList, err := models.SecretsGetAllowed(&s, UserId)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
errString := fmt.Sprintf("error getting allowed secrets : '%s'", err)
|
errString := fmt.Sprintf("error getting allowed secrets : '%s'", err)
|
||||||
log.Printf("DeleteSecret %s\n", errString)
|
log.Printf("DeleteSecret %s\n", errString)
|
||||||
|
|||||||
Reference in New Issue
Block a user