Remove Vault support; fix OpenID Connect client delete issue
This commit is contained in:
@@ -105,7 +105,7 @@ class OpenIDController extends Controller {
|
||||
const Client = this.models.get('openid:Client')
|
||||
const client = await Client.findById(req.params.id)
|
||||
|
||||
if ( !client || !client.active )
|
||||
if ( !client )
|
||||
return res.status(404)
|
||||
.message(req.T('api.client_not_found'))
|
||||
.api()
|
||||
|
||||
@@ -155,9 +155,9 @@ class IAMController extends Controller {
|
||||
.message(`${req.T('common.invalid')} access_type. ${req.T('api.must_one')} allow, deny.`)
|
||||
.api()
|
||||
|
||||
if ( !['application', 'api_scope', 'machine', 'machine_group', 'vault'].includes(req.body.target_type) )
|
||||
if ( !['application', 'api_scope', 'machine', 'machine_group'].includes(req.body.target_type) )
|
||||
return res.status(400)
|
||||
.message(`${req.T('common.invalid')} target_type. ${req.T('api.must_one')} application, api_scope, machine, machine_group, vault.`)
|
||||
.message(`${req.T('common.invalid')} target_type. ${req.T('api.must_one')} application, api_scope, machine, machine_group.`)
|
||||
.api()
|
||||
|
||||
// Make sure the target_id is valid
|
||||
@@ -188,13 +188,6 @@ class IAMController extends Controller {
|
||||
return res.status(400)
|
||||
.message(`${req.T('common.invalid')} target_id.`)
|
||||
.api()
|
||||
} else if ( req.body.target_type === 'vault' ) {
|
||||
const Vault = this.models.get('vault:Vault')
|
||||
const vault = await Vault.findById(req.body.target_id)
|
||||
if ( !vault?.active || !(await Policy.check_user_access(req.user, vault.id, 'update')) )
|
||||
return res.status(400)
|
||||
.message(`${req.T('common.invalid')} target_id.`)
|
||||
.api()
|
||||
}
|
||||
|
||||
const policy = new Policy({
|
||||
@@ -237,7 +230,7 @@ class IAMController extends Controller {
|
||||
.api()
|
||||
}
|
||||
|
||||
const valid_target_types = ['application', 'api_scope', 'machine', 'machine_group', 'vault']
|
||||
const valid_target_types = ['application', 'api_scope', 'machine', 'machine_group']
|
||||
if ( !valid_target_types.includes(req.body.target_type) ) {
|
||||
return res.status(400)
|
||||
.message(`${req.T('api.invalid_target_type')}`)
|
||||
@@ -319,9 +312,9 @@ class IAMController extends Controller {
|
||||
.message(`${req.T('common.invalid')} access_type. ${req.T('api.must_one')} allow, deny.`)
|
||||
.api()
|
||||
|
||||
if ( !['application', 'api_scope', 'machine', 'machine_group', 'vault'].includes(req.body.target_type) )
|
||||
if ( !['application', 'api_scope', 'machine', 'machine_group'].includes(req.body.target_type) )
|
||||
return res.status(400)
|
||||
.message(`${req.T('common.invalid')} target_type. ${req.T('api.must_one')} application, api_scope, machine, machine_group, vault.`)
|
||||
.message(`${req.T('common.invalid')} target_type. ${req.T('api.must_one')} application, api_scope, machine, machine_group.`)
|
||||
.api()
|
||||
|
||||
// Make sure the target_id is valid
|
||||
@@ -352,13 +345,6 @@ class IAMController extends Controller {
|
||||
return res.status(400)
|
||||
.message(`${req.T('common.invalid')} target_id.`)
|
||||
.api()
|
||||
} else if ( req.body.target_type === 'vault' ) {
|
||||
const Vault = this.models.get('vault:Vault')
|
||||
const vault = await Vault.findById(req.body.target_id)
|
||||
if ( !vault?.active || !(await Policy.check_user_access(req.user, vault.id, 'update')) )
|
||||
return res.status(400)
|
||||
.message(`${req.T('common.invalid')} target_id.`)
|
||||
.api()
|
||||
}
|
||||
|
||||
policy.entity_type = req.body.entity_type
|
||||
@@ -403,7 +389,7 @@ class IAMController extends Controller {
|
||||
.api()
|
||||
}
|
||||
|
||||
const valid_target_types = ['application', 'api_scope', 'machine', 'machine_group', 'vault']
|
||||
const valid_target_types = ['application', 'api_scope', 'machine', 'machine_group']
|
||||
if ( !valid_target_types.includes(req.body.target_type) ) {
|
||||
return res.status(400)
|
||||
.message(`${req.T('api.invalid_target_type')}`)
|
||||
|
||||
@@ -1,130 +0,0 @@
|
||||
const { Controller } = require('libflitter')
|
||||
|
||||
class VaultController extends Controller {
|
||||
static get services() {
|
||||
return [...super.services, 'models']
|
||||
}
|
||||
|
||||
async get_vaults(req, res, next) {
|
||||
const Policy = this.models.get('iam:Policy')
|
||||
const Vault = this.models.get('vault:Vault')
|
||||
|
||||
await Vault.for_user(req.user)
|
||||
|
||||
const vaults = await Vault.find({ active: true })
|
||||
console.log('found vaults', vaults)
|
||||
|
||||
const accessible = []
|
||||
for ( const vault of vaults ) {
|
||||
if ( await Policy.check_user_access(req.user, vault.id, 'view') ) {
|
||||
accessible.push(await vault.to_api())
|
||||
}
|
||||
}
|
||||
|
||||
return res.api(accessible)
|
||||
}
|
||||
|
||||
async get_vault(req, res, next) {
|
||||
const Policy = this.models.get('iam:Policy')
|
||||
const Vault = this.models.get('vault:Vault')
|
||||
|
||||
const vault = await Vault.findById(req.params.id)
|
||||
if ( !vault?.active ) {
|
||||
return res.status(404)
|
||||
.message(req.T('api.vault_not_found'))
|
||||
.api()
|
||||
}
|
||||
|
||||
if ( !(await Policy.check_user_access(req.user, vault.id, 'view')) ) {
|
||||
return res.status(401)
|
||||
.message(req.T('api.insufficient_permissions'))
|
||||
.api()
|
||||
}
|
||||
|
||||
return res.api(await vault.to_api())
|
||||
}
|
||||
|
||||
async create_vault(req, res, next) {
|
||||
const Policy = this.models.get('iam:Policy')
|
||||
const Vault = this.models.get('vault:Vault')
|
||||
|
||||
if ( !req.body.name ) {
|
||||
return res.status(400)
|
||||
.message(`${req.T('api.missing_field')} name`)
|
||||
.api()
|
||||
}
|
||||
|
||||
const vault = new Vault({
|
||||
name: req.body.name
|
||||
})
|
||||
|
||||
await vault.save()
|
||||
await vault.grant_default(req.user)
|
||||
|
||||
return res.api(await vault.to_api())
|
||||
}
|
||||
|
||||
async update_vault(req, res, next) {
|
||||
const Policy = this.models.get('iam:Policy')
|
||||
const Vault = this.models.get('vault:Vault')
|
||||
|
||||
if ( !req.body.name ) {
|
||||
return res.status(400)
|
||||
.message(`${req.T('api.missing_field')} name`)
|
||||
.api()
|
||||
}
|
||||
|
||||
const vault = await Vault.findById(req.params.id)
|
||||
if ( !vault?.active ) {
|
||||
return res.status(404)
|
||||
.message(req.T('api.vault_not_found'))
|
||||
.api()
|
||||
}
|
||||
|
||||
if ( !(await Policy.check_user_access(req.user, vault.id, 'update')) ) {
|
||||
return res.status(401)
|
||||
.message(req.T('api.insufficient_permissions'))
|
||||
.api()
|
||||
}
|
||||
|
||||
vault.name = req.body.name
|
||||
await vault.save()
|
||||
return res.api(await vault.to_api())
|
||||
}
|
||||
|
||||
async delete_vault(req, res, next) {
|
||||
const Policy = this.models.get('iam:Policy')
|
||||
const Vault = this.models.get('vault:Vault')
|
||||
|
||||
const vault = await Vault.findById(req.params.id)
|
||||
if ( !vault?.active ) {
|
||||
return res.status(404)
|
||||
.message(req.T('api.vault_not_found'))
|
||||
.api()
|
||||
}
|
||||
|
||||
if ( !(await Policy.check_user_access(req.user, vault.id, 'delete')) ) {
|
||||
return res.status(401)
|
||||
.message(req.T('api.insufficient_permissions'))
|
||||
.api()
|
||||
}
|
||||
|
||||
vault.active = false
|
||||
await vault.save()
|
||||
|
||||
const policies = await Policy.find({
|
||||
active: true,
|
||||
target_type: 'vault',
|
||||
target_id: vault.id,
|
||||
})
|
||||
|
||||
for ( const policy of policies ) {
|
||||
policy.active = false
|
||||
await policy.save()
|
||||
}
|
||||
|
||||
return res.api()
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = exports = VaultController
|
||||
Reference in New Issue
Block a user