Starship/CoreID
1
0
Fork 0
Code Issues 8 Pull Requests Releases 34 Wiki Activity

Show iam filter for machines
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone Build is passing
Details

Browse Source
This commit is contained in:
Garrett Mills 2021-03-15 17:13:09 -05:00
parent 64ad8931f3
commit 0844da594e
Signed by: garrettmills
GPG Key ID: D2BF5FBA8298F246
4 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/assets/app/resource/App.resource.js
View File

@ -89,6 +89,7 @@ class AppResource extends CRUDBase {
field: 'id', field: 'id',
type: 'text', type: 'text',
readonly: true, readonly: true,
hidden: ['insert'],
help: `(LDAP use) Allows restricting users to only those that can access this application. (filter: iamTarget)`, help: `(LDAP use) Allows restricting users to only those that can access this application. (filter: iamTarget)`,
}, },
{ {

9
app/assets/app/resource/ldap/Machine.resource.js
View File

@ -88,8 +88,17 @@ class MachineResource extends CRUDBase {
field: 'id', field: 'id',
type: 'text', type: 'text',
readonly: true, readonly: true,
hidden: ['insert'],
help: `(LDAP use) Allows restricting users to only those that can access this computer. (filter: iamTarget)`, help: `(LDAP use) Allows restricting users to only those that can access this computer. (filter: iamTarget)`,
}, },
{
name: 'IAM Filter',
field: 'iam_filter',
type: 'text',
readonly: true,
hidden: ['insert'],
help: `(LDAP use) Use this filter to restrict access to only users granted IAM access to this computer.`,
},
], ],
} }
} }

1
app/assets/app/resource/ldap/MachineGroup.resource.js
View File

@ -76,6 +76,7 @@ class MachineGroupResource extends CRUDBase {
field: 'id', field: 'id',
type: 'text', type: 'text',
readonly: true, readonly: true,
hidden: ['insert'],
help: `(LDAP use) Allows restricting users to only those that can access this computer group. (filter: iamTarget)`, help: `(LDAP use) Allows restricting users to only those that can access this computer group. (filter: iamTarget)`,
}, },
{ {

15
app/models/ldap/Machine.model.js
View File

@ -20,6 +20,12 @@ class MachineModel extends Model {
} }
async to_api() { async to_api() {
let iam_filter = `(|(iamTarget=${this.id})`
for ( const group of (await this.groups()) ) {
iam_filter += `(iamTarget=${group.id})`
}
iam_filter += ')'
return { return {
id: this.id, id: this.id,
name: this.name, name: this.name,
@ -27,9 +33,18 @@ class MachineModel extends Model {
host_name: this.host_name, host_name: this.host_name,
location: this.location, location: this.location,
ldap_visible: this.ldap_visible, ldap_visible: this.ldap_visible,
iam_filter,
} }
} }
async groups() {
const MachineGroup = this.models.get('ldap:MachineGroup')
return MachineGroup.find({
machine_ids: this.id,
active: true
})
}
async set_bind_password(password) { async set_bind_password(password) {
this.bind_password = await bcrypt.hash(password, 10) this.bind_password = await bcrypt.hash(password, 10)
return this return this