This commit is contained in:
@@ -111,7 +111,7 @@ func SecretsSearchAllSafes(s *Secret) ([]Secret, error) {
|
||||
}
|
||||
|
||||
// SecretsGetMultipleSafes queries the specified safes for matching secrets
|
||||
func SecretsGetMultipleSafes(s *Secret, adminRole bool, safeIds []int) ([]Secret, error) {
|
||||
func SecretsGetMultipleSafes(s *Secret, safeIds []int) ([]Secret, error) {
|
||||
var err error
|
||||
var secretResults []Secret
|
||||
|
||||
@@ -130,25 +130,19 @@ func SecretsGetMultipleSafes(s *Secret, adminRole bool, safeIds []int) ([]Secret
|
||||
|
||||
args := []interface{}{}
|
||||
var query string
|
||||
if adminRole {
|
||||
log.Printf("SecretsGetMultipleSafes using admin role so not limiting to specific safes\n")
|
||||
// No need to limit query to any safe
|
||||
query = "SELECT * FROM secrets WHERE 1=1 "
|
||||
} else {
|
||||
// Generate placeholders for the IN clause to match multiple SafeId values
|
||||
placeholders := make([]string, len(safeIds))
|
||||
for i := range safeIds {
|
||||
placeholders[i] = "?"
|
||||
}
|
||||
placeholderStr := strings.Join(placeholders, ",")
|
||||
// Generate placeholders for the IN clause to match multiple SafeId values
|
||||
placeholders := make([]string, len(safeIds))
|
||||
for i := range safeIds {
|
||||
placeholders[i] = "?"
|
||||
}
|
||||
placeholderStr := strings.Join(placeholders, ",")
|
||||
|
||||
// Create query with the necessary placeholders
|
||||
query = fmt.Sprintf("SELECT * FROM secrets WHERE SafeId IN (%s) ", placeholderStr)
|
||||
// Create query with the necessary placeholders
|
||||
query = fmt.Sprintf("SELECT * FROM secrets WHERE SafeId IN (%s) ", placeholderStr)
|
||||
|
||||
// Add the Safe Ids to the arguments list
|
||||
for _, g := range safeIds {
|
||||
args = append(args, g)
|
||||
}
|
||||
// Add the Safe Ids to the arguments list
|
||||
for _, g := range safeIds {
|
||||
args = append(args, g)
|
||||
}
|
||||
|
||||
// Add any other arguments to the query if they were specified
|
||||
|
||||
129
models/setup.go
129
models/setup.go
@@ -20,8 +20,7 @@ const (
|
||||
sqlFile = "smt.db"
|
||||
)
|
||||
|
||||
// TODO drop LdapGroup column
|
||||
|
||||
/*
|
||||
const createRoles string = `
|
||||
CREATE TABLE IF NOT EXISTS roles (
|
||||
RoleId INTEGER PRIMARY KEY ASC,
|
||||
@@ -29,6 +28,7 @@ const createRoles string = `
|
||||
ReadOnly BOOLEAN
|
||||
);
|
||||
`
|
||||
*/
|
||||
|
||||
const createUsers string = `
|
||||
CREATE TABLE IF NOT EXISTS users (
|
||||
@@ -62,11 +62,11 @@ const createGroups string = `
|
||||
const createPermissions = `
|
||||
CREATE TABLE IF NOT EXISTS permissions (
|
||||
PermissionId INTEGER PRIMARY KEY ASC,
|
||||
RoleId INTEGER,
|
||||
Description VARCHAR DEFAULT '',
|
||||
ReadOnly BOOLEAN DEFAULT 0,
|
||||
SafeId INTEGER,
|
||||
UserId INTEGER,
|
||||
GroupId INTEGER,
|
||||
FOREIGN KEY (RoleId) REFERENCES roles(RoleId),
|
||||
FOREIGN KEY (SafeId) REFERENCES safes(SafeId),
|
||||
FOREIGN KEY (UserId) REFERENCES users(UserId),
|
||||
FOREIGN KEY (GroupId) REFERENCES groups(GroupId)
|
||||
@@ -131,23 +131,44 @@ func CreateTables() {
|
||||
var err error
|
||||
var rowCount int
|
||||
// Create database tables if it doesn't exist
|
||||
// Roles table should go first since other tables refer to it
|
||||
if _, err = db.Exec(createRoles); err != nil {
|
||||
log.Printf("Error checking roles table : '%s'", err)
|
||||
/*
|
||||
// Roles table should go first since other tables refer to it
|
||||
if _, err = db.Exec(createRoles); err != nil {
|
||||
log.Printf("Error checking roles table : '%s'", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
rowCount, _ = CheckCount("roles")
|
||||
if rowCount == 0 {
|
||||
if _, err = db.Exec("INSERT INTO roles VALUES(1, 'Admin', false);"); err != nil {
|
||||
log.Printf("Error adding initial admin role : '%s'", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
if _, err = db.Exec("INSERT INTO roles VALUES(2, 'UserRole', false);"); err != nil {
|
||||
log.Printf("Error adding initial user role : '%s'", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
if _, err = db.Exec("INSERT INTO roles VALUES(3, 'GuestRole', true);"); err != nil {
|
||||
log.Printf("Error adding initial guest role : '%s'", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
}
|
||||
*/
|
||||
|
||||
// groups table
|
||||
if _, err = db.Exec(createGroups); err != nil {
|
||||
log.Printf("Error checking groups table : '%s'", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
rowCount, _ = CheckCount("roles")
|
||||
|
||||
// Add initial groups
|
||||
rowCount, _ = CheckCount("groups")
|
||||
if rowCount == 0 {
|
||||
if _, err = db.Exec("INSERT INTO roles VALUES(1, 'Admin', false);"); err != nil {
|
||||
log.Printf("Error adding initial admin role : '%s'", err)
|
||||
if _, err = db.Exec("INSERT INTO groups (GroupId, GroupName, Admin) VALUES(1, 'Administrators', 1);"); err != nil {
|
||||
log.Printf("Error adding initial group entry id 1 : '%s'", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
if _, err = db.Exec("INSERT INTO roles VALUES(2, 'UserRole', false);"); err != nil {
|
||||
log.Printf("Error adding initial user role : '%s'", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
if _, err = db.Exec("INSERT INTO roles VALUES(3, 'GuestRole', true);"); err != nil {
|
||||
log.Printf("Error adding initial guest role : '%s'", err)
|
||||
if _, err = db.Exec("INSERT INTO groups (GroupId, GroupName, Admin) VALUES(2, 'Users', 0);"); err != nil {
|
||||
log.Printf("Error adding initial group entry id 2 : '%s'", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
}
|
||||
@@ -169,7 +190,11 @@ func CreateTables() {
|
||||
cryptText, _ := bcrypt.GenerateFromPassword([]byte(initialPassword), bcrypt.DefaultCost)
|
||||
initialPassword = string(cryptText)
|
||||
}
|
||||
if _, err = db.Exec("INSERT INTO users (RoleId, UserName, Password, LdapUser) VALUES(1, 1, 'Administrator', ?, 0);", initialPassword); err != nil {
|
||||
if _, err = db.Exec("INSERT INTO users (UserId, GroupId, UserName, Password, LdapUser, Admin) VALUES(1, 1, 'Administrator', ?, false, true);", initialPassword); err != nil {
|
||||
log.Printf("Error adding initial admin role : '%s'", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
if _, err = db.Exec("INSERT INTO users (UserId, GroupId, UserName, Password, LdapUser, Admin) VALUES(2, 2, 'User', ?, false, false);", initialPassword); err != nil {
|
||||
log.Printf("Error adding initial admin role : '%s'", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
@@ -201,46 +226,23 @@ func CreateTables() {
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
// groups table
|
||||
if _, err = db.Exec(createGroups); err != nil {
|
||||
log.Printf("Error checking groups table : '%s'", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
// permissions table
|
||||
if _, err = db.Exec(createPermissions); err != nil {
|
||||
log.Printf("Error checking permissions table : '%s'", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
// Add initial groups
|
||||
rowCount, _ = CheckCount("groups")
|
||||
if rowCount == 0 {
|
||||
if _, err = db.Exec("INSERT INTO groups (GroupId, GroupName, Admin) VALUES(1, 'Administrators', 1);"); err != nil {
|
||||
log.Printf("Error adding initial group entry id 1 : '%s'", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
if _, err = db.Exec("INSERT INTO groups (GroupId, GroupName, Admin) VALUES(2, 'Users', 0);"); err != nil {
|
||||
log.Printf("Error adding initial group entry id 2 : '%s'", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
}
|
||||
|
||||
// Add initial permissions
|
||||
rowCount, _ = CheckCount("permissions")
|
||||
if rowCount == 0 {
|
||||
if _, err = db.Exec("INSERT INTO permissions (RoleId, SafeId, UserId) VALUES(1, 1, 1);"); err != nil {
|
||||
if _, err = db.Exec("INSERT INTO permissions (Description, ReadOnly, GroupId, SafeId) VALUES('Default Admin Group Permission', false, 1, 1);"); err != nil {
|
||||
log.Printf("Error adding initial permissions entry userid 1 : '%s'", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
if _, err = db.Exec("INSERT INTO permissions (RoleId, SafeId, UserId) VALUES(1, 1, 2);"); err != nil {
|
||||
if _, err = db.Exec("INSERT INTO permissions (Description, ReadOnly, SafeId, GroupId) VALUES('Default User Group Permission', false, 1, 2);"); err != nil {
|
||||
log.Printf("Error adding initial permissions entry userid 2 : '%s'", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
if _, err = db.Exec("INSERT INTO permissions (RoleId, SafeId, UserId) VALUES(1, 1, 3);"); err != nil {
|
||||
log.Printf("Error adding initial permissions entry userid 3 : '%s'", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
}
|
||||
|
||||
// Schema table should go last so we know if the database has a value in the schema table then everything was created properly
|
||||
@@ -326,7 +328,7 @@ func CreateTables() {
|
||||
DROP TABLE _secrets_old;
|
||||
`)
|
||||
if err != nil {
|
||||
log.Printf("Error altering secrets table to renmove RoleId column : '%s'\n", err)
|
||||
log.Printf("Error altering secrets table to remove RoleId column : '%s'\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
}
|
||||
@@ -342,6 +344,47 @@ func CreateTables() {
|
||||
}
|
||||
}
|
||||
|
||||
// Remove the Admin column from roles table
|
||||
rolesAdminCheck, _ := CheckColumnExists("roles", "Admin")
|
||||
if rolesAdminCheck {
|
||||
_, err := db.Exec("ALTER TABLE roles DROP COLUMN Admin;")
|
||||
if err != nil {
|
||||
log.Printf("Error altering roles table to remove Admin column : '%s'\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
}
|
||||
|
||||
// Remove the RoleId from permissiosn table
|
||||
permissionsRoleIdCheck, _ := CheckColumnExists("permissions", "RoleId")
|
||||
if permissionsRoleIdCheck {
|
||||
_, err := db.Exec(`
|
||||
PRAGMA foreign_keys=off;
|
||||
BEGIN TRANSACTION;
|
||||
ALTER TABLE permissions RENAME TO _permissions_old;
|
||||
CREATE TABLE permissions
|
||||
(
|
||||
PermissionId INTEGER PRIMARY KEY ASC,
|
||||
Description VARCHAR DEFAULT '',
|
||||
ReadOnly BOOLEAN DEFAULT 0,
|
||||
SafeId INTEGER,
|
||||
UserId INTEGER,
|
||||
GroupId INTEGER,
|
||||
FOREIGN KEY (SafeId) REFERENCES safes(SafeId),
|
||||
FOREIGN KEY (UserId) REFERENCES users(UserId),
|
||||
FOREIGN KEY (GroupId) REFERENCES groups(GroupId)
|
||||
);
|
||||
INSERT INTO permissions SELECT * FROM _permissions_old;
|
||||
ALTER TABLE permissions DROP COLUMN RoleId;
|
||||
COMMIT;
|
||||
PRAGMA foreign_keys=on;
|
||||
DROP TABLE _permissions_old;
|
||||
`)
|
||||
if err != nil {
|
||||
log.Printf("Error altering permissions table to remove RoleId column : '%s'\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
// Database updates added after initial version released
|
||||
ldapCheck, _ := CheckColumnExists("roles", "LdapGroup")
|
||||
|
||||
@@ -37,11 +37,9 @@ type UserGroup struct {
|
||||
|
||||
type UserSafe struct {
|
||||
User
|
||||
AdminUser bool `db:"AdminUser"`
|
||||
AdminGroup bool `db:"AdminGroup"`
|
||||
SafeId int `db:"SafeId"`
|
||||
SafeName string `db:"SafeName"`
|
||||
GroupId int `db:"GroupId"`
|
||||
SafeId int `db:"SafeId"`
|
||||
SafeName string `db:"SafeName"`
|
||||
GroupId int `db:"GroupId"`
|
||||
}
|
||||
|
||||
func (u *User) SaveUser() (*User, error) {
|
||||
@@ -360,7 +358,6 @@ func UserGetSafesAllowed(userId int) ([]UserSafe, error) {
|
||||
// join users, groups and permissions
|
||||
rows, err := db.Queryx(`
|
||||
SELECT users.UserId, users.GroupId,
|
||||
groups.Admin as AdminGroup,
|
||||
permissions.SafeId, safes.SafeName FROM users
|
||||
INNER JOIN groups ON users.GroupId = groups.GroupId
|
||||
INNER JOIN permissions ON groups.GroupId = permissions.GroupId
|
||||
|
||||
Reference in New Issue
Block a user