|
|
|
@ -111,9 +111,9 @@ class IAMController extends Controller {
|
|
|
|
|
.message(`${req.T('common.invalid')} access_type. ${req.T('api:must_one')} allow, deny.`)
|
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
if ( !['application', 'api_scope'].includes(req.body.target_type) )
|
|
|
|
|
if ( !['application', 'api_scope', 'machine', 'machine_group'].includes(req.body.target_type) )
|
|
|
|
|
return res.status(400)
|
|
|
|
|
.message(`${req.T('common.invalid')} target_type. ${req.T('api:must_one')} application, api_scope.`)
|
|
|
|
|
.message(`${req.T('common.invalid')} target_type. ${req.T('api:must_one')} application, api_scope, machine, machine_group.`)
|
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
// Make sure the target_id is valid
|
|
|
|
@ -130,6 +130,20 @@ class IAMController extends Controller {
|
|
|
|
|
return res.status(400)
|
|
|
|
|
.message(`${req.T('common.invalid')} target_id.`)
|
|
|
|
|
.api()
|
|
|
|
|
} else if ( req.body.target_type === 'machine' ) {
|
|
|
|
|
const Machine = this.models.get('ldap:Machine')
|
|
|
|
|
const machine = await Machine.findById(req.body.target_id)
|
|
|
|
|
if ( !machine || !machine.active || !req.user.can(`ldap:machine:${machine.id}:view`) )
|
|
|
|
|
return res.status(400)
|
|
|
|
|
.message(`${req.T('common.invalid')} target_id.`)
|
|
|
|
|
.api()
|
|
|
|
|
} else if ( req.body.target_type === 'machine_group' ) {
|
|
|
|
|
const MachineGroup = this.models.get('ldap:MachineGroup')
|
|
|
|
|
const group = await MachineGroup.findById(req.body.target_id)
|
|
|
|
|
if ( !group || !group.active || !req.user.can(`ldap:machine_group:${group.id}:view`) )
|
|
|
|
|
return res.status(400)
|
|
|
|
|
.message(`${req.T('common.invalid')} target_id.`)
|
|
|
|
|
.api()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const policy = new Policy({
|
|
|
|
@ -195,9 +209,9 @@ class IAMController extends Controller {
|
|
|
|
|
.message(`${req.T('common.invalid')} access_type. ${req.T('api.must_one')} allow, deny.`)
|
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
if ( !['application', 'api_scope'].includes(req.body.target_type) )
|
|
|
|
|
if ( !['application', 'api_scope', 'machine', 'machine_group'].includes(req.body.target_type) )
|
|
|
|
|
return res.status(400)
|
|
|
|
|
.message(`${req.T('common.invalid')} target_type. ${req.T('api.must_one')} application, api_scope.`)
|
|
|
|
|
.message(`${req.T('common.invalid')} target_type. ${req.T('api.must_one')} application, api_scope, machine, machine_group.`)
|
|
|
|
|
.api()
|
|
|
|
|
|
|
|
|
|
// Make sure the target_id is valid
|
|
|
|
@ -214,6 +228,20 @@ class IAMController extends Controller {
|
|
|
|
|
return res.status(400)
|
|
|
|
|
.message(`${req.T('common.invalid')} target_id.`)
|
|
|
|
|
.api()
|
|
|
|
|
} else if ( req.body.target_type === 'machine' ) {
|
|
|
|
|
const Machine = this.models.get('ldap:Machine')
|
|
|
|
|
const machine = await Machine.findById(req.body.target_id)
|
|
|
|
|
if ( !machine || !machine.active || !req.user.can(`ldap:machine:${machine.id}:view`) )
|
|
|
|
|
return res.status(400)
|
|
|
|
|
.message(`${req.T('common.invalid')} target_id.`)
|
|
|
|
|
.api()
|
|
|
|
|
} else if ( req.body.target_type === 'machine_group' ) {
|
|
|
|
|
const MachineGroup = this.models.get('ldap:MachineGroup')
|
|
|
|
|
const group = await MachineGroup.findById(req.body.target_id)
|
|
|
|
|
if ( !group || !group.active || !req.user.can(`ldap:machine_group:${group.id}:view`) )
|
|
|
|
|
return res.status(400)
|
|
|
|
|
.message(`${req.T('common.invalid')} target_id.`)
|
|
|
|
|
.api()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
policy.entity_type = req.body.entity_type
|
|
|
|
|