Add IAM support to LDAP filters (iamTarget)

2020-05-20 22:28:30 -05:00
parent b526b8f24d
commit ca11e3afae
4 changed files with 35 additions and 12 deletions
--- a/app/models/auth/User.model.js
+++ b/app/models/auth/User.model.js
@@ -153,7 +153,9 @@ class User extends AuthUser {
        return Group.find({ active: true, user_ids: this.id })
    }

-    async to_ldap() {
+    async to_ldap(iam_targets = []) {
+        const Policy = this.models.get('iam:Policy')
+
        const ldap_data = {
            uid: this.uid,
            uuid: this.uuid,
@@ -179,6 +181,15 @@ class User extends AuthUser {
            ldap_data.memberof = group_data
        }

+        const iamtarget = []
+        for ( const target_id of iam_targets ) {
+            if ( await Policy.check_user_access(this, target_id) ) {
+                iamtarget.push(target_id)
+            }
+        }
+
+        ldap_data.iamtarget = iamtarget
+
        return ldap_data
    }

--- a/app/models/iam/Policy.model.js
+++ b/app/models/iam/Policy.model.js
@@ -4,7 +4,7 @@ const { Model } = require('flitter-orm')

 class PolicyModel extends Model {
    static get services() {
-        return [...super.services, 'models']
+        return [...super.services, 'models', 'canon']
    }

    static get schema() {