test

controllers/retrieve_secrets.go

@@ -4,7 +4,6 @@ import (
 	"log"
 	"net/http"
 	"smt/models"
-	"smt/utils/token"
 
 	"github.com/gin-gonic/gin"
 )
@@ -165,12 +164,14 @@ func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
 	*/
 
 	var results []models.Secret
-	var userIsAdmin = false
-	user_id, err := token.ExtractTokenID(c)
-	if err != nil {
-		c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
-		return
-	}
+	/*
+		user_id, err := token.ExtractTokenID(c)
+		if err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
+			return
+		}
+	*/
+	user_id := c.GetInt("user-id")
 
 	// Work out which safe to query for this user if the safe was not specified
 	safeList, err := models.UserGetSafesAllowed(int(user_id))
@@ -182,21 +183,13 @@ func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
 
 	// If there was only one result then just use that
 	if len(safeList) == 0 {
-		// check if the user is an admin, if not then they seem to have access to zero safes
-		if !models.UserCheckIfAdmin(int(user_id)) {
-			c.JSON(http.StatusBadRequest, gin.H{"error": "user has no access to any secrets"})
-			return
-		} else {
-			// Don't apply a role filter if user has admin role
-			results, err = models.SecretsGetMultipleSafes(s, true, []int{})
-		}
-
+		errString := "no matching secret or user has no access to specified secret"
+		log.Printf("retrieveSpecifiedSecret %s\n", errString)
+		c.JSON(http.StatusBadRequest, gin.H{"error": errString})
+		return
 	} else if len(safeList) == 1 {
 		s.SafeId = safeList[0].SafeId
-		userIsAdmin = safeList[0].AdminUser || safeList[0].AdminGroup
-		// Don't apply a role filter if user has admin role
-		//results, err = models.GetSecrets(&s, userIsAdmin)
-		results, err = models.SecretsGetMultipleSafes(s, userIsAdmin, []int{s.SafeId})
+		results, err = models.SecretsGetMultipleSafes(s, []int{s.SafeId})
 	} else {
 		// Create a list of all the safes this user can access
 		var safeIds []int
@@ -204,7 +197,7 @@ func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
 			safeIds = append(safeIds, safe.SafeId)
 		}
 
-		results, err = models.SecretsGetMultipleSafes(s, false, safeIds)
+		results, err = models.SecretsGetMultipleSafes(s, safeIds)
 	}
 
 	if err != nil {
@@ -250,12 +243,8 @@ func ListSecrets(c *gin.Context) {
 	*/
 
 	var results []models.Secret
-	var userIsAdmin = false
-	user_id, err := token.ExtractTokenID(c)
-	if err != nil {
-		c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
-		return
-	}
+	s := models.Secret{}
+	user_id := c.GetInt("user-id")
 
 	// Work out which safe to query for this user if the safe was not specified
 	safeList, err := models.UserGetSafesAllowed(int(user_id))
@@ -267,18 +256,13 @@ func ListSecrets(c *gin.Context) {
 
 	// If there was only one result then just use that
 	if len(safeList) == 0 {
-		// check if the user is an admin, if not then they seem to have access to zero safes
-		if !models.UserCheckIfAdmin(int(user_id)) {
-			c.JSON(http.StatusBadRequest, gin.H{"error": "user has no access to any secrets"})
-			return
-		} else {
-			// Don't apply a role filter if user has admin role
-			results, err = models.SecretsGetMultipleSafes(&models.Secret{}, true, []int{})
-		}
-
+		errString := "no matching secret or user has no access to specified secret"
+		log.Printf("ListSecrets %s\n", errString)
+		c.JSON(http.StatusBadRequest, gin.H{"error": errString})
+		return
 	} else if len(safeList) == 1 {
-		userIsAdmin = safeList[0].AdminUser || safeList[0].AdminGroup
-		results, err = models.SecretsGetMultipleSafes(&models.Secret{}, userIsAdmin, []int{safeList[0].SafeId})
+		s.SafeId = safeList[0].SafeId
+		results, err = models.SecretsGetMultipleSafes(&s, []int{s.SafeId})
 	} else {
 		// Create a list of all the safes this user can access
 		var safeIds []int
@@ -286,7 +270,7 @@ func ListSecrets(c *gin.Context) {
 			safeIds = append(safeIds, safe.SafeId)
 		}
 
-		results, err = models.SecretsGetMultipleSafes(&models.Secret{}, false, safeIds)
+		results, err = models.SecretsGetMultipleSafes(&s, safeIds)
 	}
 
 	if err != nil {