Starship/CoreID
1
0
Fork 0
Code Issues 8 Pull Requests Releases 34 Wiki Activity

Allow IAM policy to manage user access to machines & machine groups
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Garrett Mills
2021-03-15 16:28:42 -05:00
parent d6e4ea2e56
commit a9d7b1c047
3 changed files with 71 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
app/models/iam/Policy.model.js
View File

@@ -12,7 +12,7 @@ class PolicyModel extends Model {
entity_type: String, // user | group
entity_id: String,
access_type: String, // allow | deny
target_type: { type: String, default: 'application' }, // application | api_scope
target_type: { type: String, default: 'application' }, // application | api_scope | machine | machine_group
target_id: String,
active: { type: Boolean, default: true },
}
@@ -132,6 +132,18 @@ class PolicyModel extends Model {
target_display = `Application: ${app.name}`
} else if ( this.target_type === 'api_scope' ) {
target_display = `API Scope: ${this.target_id}`
} else if ( this.target_type === 'machine' ) {
const Machine = this.models.get('ldap:Machine')
const machine = await Machine.findById(this.target_id)
target_display = `Computer: ${machine.name}`
if ( machine.host_name ) {
target_display += ` (${machine.host_name})`
}
} else if ( this.target_type === 'machine_group' ) {
const MachineGroup = this.models.get('ldap:MachineGroup')
const group = await MachineGroup.findById(this.target_id)
target_display = `Computer Group: ${group.name} (${group.machine_ids.length} computers)`
}
return {