Show iam filter for machines

2021-03-15 17:13:09 -05:00 · 2021-03-15 17:13:09 -05:00 · 0844da594e
commit 0844da594e
parent 64ad8931f3
4 changed files with 26 additions and 0 deletions
--- a/app/assets/app/resource/App.resource.js
+++ b/app/assets/app/resource/App.resource.js
@ -89,6 +89,7 @@ class AppResource extends CRUDBase {
                    field: 'id',
                    type: 'text',
                    readonly: true,
+                    hidden: ['insert'],
                    help: `(LDAP use) Allows restricting users to only those that can access this application. (filter: iamTarget)`,
                },
                {
--- a/app/assets/app/resource/ldap/Machine.resource.js
+++ b/app/assets/app/resource/ldap/Machine.resource.js
@ -88,8 +88,17 @@ class MachineResource extends CRUDBase {
                    field: 'id',
                    type: 'text',
                    readonly: true,
+                    hidden: ['insert'],
                    help: `(LDAP use) Allows restricting users to only those that can access this computer. (filter: iamTarget)`,
                },
+                {
+                    name: 'IAM Filter',
+                    field: 'iam_filter',
+                    type: 'text',
+                    readonly: true,
+                    hidden: ['insert'],
+                    help: `(LDAP use) Use this filter to restrict access to only users granted IAM access to this computer.`,
+                },
            ],
        }
    }
--- a/app/assets/app/resource/ldap/MachineGroup.resource.js
+++ b/app/assets/app/resource/ldap/MachineGroup.resource.js
@ -76,6 +76,7 @@ class MachineGroupResource extends CRUDBase {
                    field: 'id',
                    type: 'text',
                    readonly: true,
+                    hidden: ['insert'],
                    help: `(LDAP use) Allows restricting users to only those that can access this computer group. (filter: iamTarget)`,
                },
                {
--- a/app/models/ldap/Machine.model.js
+++ b/app/models/ldap/Machine.model.js
@ -20,6 +20,12 @@ class MachineModel extends Model {
    }

    async to_api() {
+        let iam_filter = `(|(iamTarget=${this.id})`
+        for ( const group of (await this.groups()) ) {
+            iam_filter += `(iamTarget=${group.id})`
+        }
+        iam_filter += ')'
+
        return {
            id: this.id,
            name: this.name,
@ -27,9 +33,18 @@ class MachineModel extends Model {
            host_name: this.host_name,
            location: this.location,
            ldap_visible: this.ldap_visible,
+            iam_filter,
        }
    }

+    async groups() {
+        const MachineGroup = this.models.get('ldap:MachineGroup')
+        return MachineGroup.find({
+            machine_ids: this.id,
+            active: true
+        })
+    }
+
    async set_bind_password(password) {
        this.bind_password = await bcrypt.hash(password, 10)
        return this