Add access control filtering of secret objects

Ensure that all APIs which list secret objects filter
them against the access control system.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

src/secret/secret_driver.c

@@ -566,8 +566,11 @@ secretConnectNumOfSecrets(virConnectPtr conn)
     secretDriverLock(driver);
 
     i = 0;
-    for (secret = driver->secrets; secret != NULL; secret = secret->next)
+    for (secret = driver->secrets; secret != NULL; secret = secret->next) {
-        i++;
+        if (virConnectNumOfSecretsCheckACL(conn,
+                                           secret->def))
+            i++;
+    }
 
     secretDriverUnlock(driver);
     return i;
@@ -590,6 +593,9 @@ secretConnectListSecrets(virConnectPtr conn, char **uuids, int maxuuids)
     i = 0;
     for (secret = driver->secrets; secret != NULL; secret = secret->next) {
         char *uuidstr;
+        if (!virConnectListSecretsCheckACL(conn,
+                                           secret->def))
+            continue;
         if (i == maxuuids)
             break;
         if (VIR_ALLOC_N(uuidstr, VIR_UUID_STRING_BUFLEN) < 0) {
@@ -666,6 +672,10 @@ secretConnectListAllSecrets(virConnectPtr conn,
     }
 
     for (entry = driver->secrets; entry != NULL; entry = entry->next) {
+        if (!virConnectListAllSecretsCheckACL(conn,
+                                              entry->def))
+            continue;
+
         /* filter by whether it's ephemeral */
         if (MATCH(VIR_CONNECT_LIST_SECRETS_FILTERS_EPHEMERAL) &&
             !((MATCH(VIR_CONNECT_LIST_SECRETS_EPHEMERAL) &&