Remove Vault support; fix OpenID Connect client delete issue
This commit is contained in:
@@ -12,7 +12,7 @@ class PolicyModel extends Model {
|
||||
entity_type: String, // user | group
|
||||
entity_id: String,
|
||||
access_type: String, // allow | deny
|
||||
target_type: { type: String, default: 'application' }, // application | api_scope | machine | machine_group | vault
|
||||
target_type: { type: String, default: 'application' }, // application | api_scope | machine | machine_group
|
||||
target_id: String,
|
||||
active: { type: Boolean, default: true },
|
||||
for_permission: { type: Boolean, default: false },
|
||||
@@ -209,10 +209,6 @@ class PolicyModel extends Model {
|
||||
const MachineGroup = this.models.get('ldap:MachineGroup')
|
||||
const group = await MachineGroup.findById(this.target_id)
|
||||
target_display = `Computer Group: ${group.name} (${group.machine_ids.length} computers)`
|
||||
} else if ( this.target_type === 'vault' ) {
|
||||
const Vault = this.models.get('vault:Vault')
|
||||
const vault = await Vault.findById(this.target_id)
|
||||
target_display = `Vault: ${vault.name}`
|
||||
}
|
||||
|
||||
return {
|
||||
|
||||
@@ -1,29 +0,0 @@
|
||||
const { Model } = require('flitter-orm')
|
||||
|
||||
class EntryModel extends Model {
|
||||
static get services() {
|
||||
return [...super.services, 'models']
|
||||
}
|
||||
|
||||
static get schema() {
|
||||
return {
|
||||
active: { type: Boolean, default: true },
|
||||
vault_id: String,
|
||||
key: String,
|
||||
locked_value: String,
|
||||
}
|
||||
}
|
||||
|
||||
async to_api() {
|
||||
return {
|
||||
id: this.id,
|
||||
_id: this.id,
|
||||
vault_id: this.vault_id,
|
||||
key: this.key,
|
||||
locked_value: this.locked_value,
|
||||
active: this.active,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = exports = EntryModel
|
||||
@@ -1,66 +0,0 @@
|
||||
const { Model } = require('flitter-orm')
|
||||
|
||||
class VaultModel extends Model {
|
||||
static get services() {
|
||||
return [...super.services, 'models']
|
||||
}
|
||||
|
||||
static get schema() {
|
||||
return {
|
||||
active: { type: Boolean, default: true },
|
||||
name: String,
|
||||
user_id: String,
|
||||
}
|
||||
}
|
||||
|
||||
static async for_user(user) {
|
||||
const existing = await this.findOne({
|
||||
user_id: user.id,
|
||||
})
|
||||
|
||||
if ( existing ) return existing
|
||||
|
||||
const vault = new this({
|
||||
name: `${user.first_name} ${user.last_name}'s Vault`,
|
||||
user_id: user.id,
|
||||
})
|
||||
|
||||
await vault.save()
|
||||
await vault.grant_default(user)
|
||||
|
||||
return vault
|
||||
}
|
||||
|
||||
async grant_default(user) {
|
||||
const Policy = this.models.get('iam:Policy')
|
||||
|
||||
const grants = ['view', 'read', 'update', 'delete', undefined]
|
||||
for ( const grant of grants ) {
|
||||
const policy = new Policy({
|
||||
entity_type: 'user',
|
||||
entity_id: user.id,
|
||||
access_type: 'allow',
|
||||
target_type: 'vault',
|
||||
target_id: this.id,
|
||||
...(grant ? {
|
||||
for_permission: true,
|
||||
permission: grant
|
||||
} : {})
|
||||
})
|
||||
|
||||
await policy.save()
|
||||
}
|
||||
}
|
||||
|
||||
async to_api() {
|
||||
return {
|
||||
id: this.id,
|
||||
_id: this.id,
|
||||
name: this.name,
|
||||
active: this.active,
|
||||
user_id: this.user_id,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = exports = VaultModel
|
||||
Reference in New Issue
Block a user