From 0844da594e6e724b47f5f283c5f3004713f0ad42 Mon Sep 17 00:00:00 2001 From: garrettmills Date: Mon, 15 Mar 2021 17:13:09 -0500 Subject: [PATCH] Show iam filter for machines --- app/assets/app/resource/App.resource.js | 1 + app/assets/app/resource/ldap/Machine.resource.js | 9 +++++++++ .../app/resource/ldap/MachineGroup.resource.js | 1 + app/models/ldap/Machine.model.js | 15 +++++++++++++++ 4 files changed, 26 insertions(+) diff --git a/app/assets/app/resource/App.resource.js b/app/assets/app/resource/App.resource.js index ae92886..a505c08 100644 --- a/app/assets/app/resource/App.resource.js +++ b/app/assets/app/resource/App.resource.js @@ -89,6 +89,7 @@ class AppResource extends CRUDBase { field: 'id', type: 'text', readonly: true, + hidden: ['insert'], help: `(LDAP use) Allows restricting users to only those that can access this application. (filter: iamTarget)`, }, { diff --git a/app/assets/app/resource/ldap/Machine.resource.js b/app/assets/app/resource/ldap/Machine.resource.js index 722bf5c..55a6b53 100644 --- a/app/assets/app/resource/ldap/Machine.resource.js +++ b/app/assets/app/resource/ldap/Machine.resource.js @@ -88,8 +88,17 @@ class MachineResource extends CRUDBase { field: 'id', type: 'text', readonly: true, + hidden: ['insert'], help: `(LDAP use) Allows restricting users to only those that can access this computer. (filter: iamTarget)`, }, + { + name: 'IAM Filter', + field: 'iam_filter', + type: 'text', + readonly: true, + hidden: ['insert'], + help: `(LDAP use) Use this filter to restrict access to only users granted IAM access to this computer.`, + }, ], } } diff --git a/app/assets/app/resource/ldap/MachineGroup.resource.js b/app/assets/app/resource/ldap/MachineGroup.resource.js index 8f421dc..e2af7eb 100644 --- a/app/assets/app/resource/ldap/MachineGroup.resource.js +++ b/app/assets/app/resource/ldap/MachineGroup.resource.js @@ -76,6 +76,7 @@ class MachineGroupResource extends CRUDBase { field: 'id', type: 'text', readonly: true, + hidden: ['insert'], help: `(LDAP use) Allows restricting users to only those that can access this computer group. (filter: iamTarget)`, }, { diff --git a/app/models/ldap/Machine.model.js b/app/models/ldap/Machine.model.js index d3f9bea..99238b3 100644 --- a/app/models/ldap/Machine.model.js +++ b/app/models/ldap/Machine.model.js @@ -20,6 +20,12 @@ class MachineModel extends Model { } async to_api() { + let iam_filter = `(|(iamTarget=${this.id})` + for ( const group of (await this.groups()) ) { + iam_filter += `(iamTarget=${group.id})` + } + iam_filter += ')' + return { id: this.id, name: this.name, @@ -27,9 +33,18 @@ class MachineModel extends Model { host_name: this.host_name, location: this.location, ldap_visible: this.ldap_visible, + iam_filter, } } + async groups() { + const MachineGroup = this.models.get('ldap:MachineGroup') + return MachineGroup.find({ + machine_ids: this.id, + active: true + }) + } + async set_bind_password(password) { this.bind_password = await bcrypt.hash(password, 10) return this