Implement OAuth2 server, link oauth:Client and auth::Oauth2Client, implement permission checks

2020-05-16 23:55:08 -05:00
parent 6f621f5891
commit d558f21375
51 changed files with 2808 additions and 159 deletions
--- a/app/assets/app/dash/NavBar.component.js
+++ b/app/assets/app/dash/NavBar.component.js
@@ -37,6 +37,7 @@ const template = `
                >
                    <h6 class="dropdown-header">Hello, {{ first_name }}.</h6>
                    <a href="/dash/profile" class="dropdown-item">My Profile</a>
+                    <a href="/dash/c/listing/reflect/Token" v-if="can.api_tokens" class="dropdown-item">API Tokens</a>
                    <div class="dropdown-divider"></div>
                    <a href="/auth/logout" class="dropdown-item">Sign-Out of {{ app_name }}</a>
                </div>
@@ -51,6 +52,8 @@ export default class NavBarComponent extends Component {
    static get template() { return template }
    static get props() { return [] }

+    can = {}
+
    constructor() {
        super()
        this.toggle_event = event_bus.event('sidebar.toggle')
@@ -59,6 +62,10 @@ export default class NavBarComponent extends Component {
        this.app_name = session.get('app.name')
    }

+    async vue_on_create() {
+        this.can.api_tokens = await session.check_permissions('v1:reflect:tokens:list')
+    }
+
    toggle_sidebar() {
        this.toggle_event.fire()
    }
--- a/app/assets/app/dash/SideBar.component.js
+++ b/app/assets/app/dash/SideBar.component.js
@@ -1,6 +1,8 @@
 import { Component } from '../../lib/vues6/vues6.js'
 import { event_bus } from '../service/EventBus.service.js'
 import { action_service } from '../service/Action.service.js'
+import { resource_service } from '../service/Resource.service.js'
+import { session } from '../service/Session.service.js'

 const template = `
 <div class="bg-light border-right coreid-sidebar-wrapper" id="sidebar-wrapper" v-bind:class="{ collapsed: isCollapsed }">
@@ -23,7 +25,9 @@ export default class SideBarComponent extends Component {
    static get props() { return ['app_name'] }
    static get template() { return template }

-    actions = [
+    actions = []
+
+    possible_actions = [
        {
            text: 'Profile',
            action: 'redirect',
@@ -31,23 +35,45 @@ export default class SideBarComponent extends Component {
        },
        {
            text: 'Users',
-            action: 'redirect',
-            next: '/dash/users',
+            action: 'list',
+            type: 'resource',
+            resource: 'auth/User',
        },
        {
            text: 'Groups',
-            action: 'redirect',
-            next: '/dash/c/listing/ldap/Group',
+            action: 'list',
+            type: 'resource',
+            resource: 'auth/Group',
+        },
+        {
+            text: 'Applications',
+            action: 'list',
+            type: 'resource',
+            resource: 'App',
+        },
+        {
+            text: 'IAM Policy',
+            action: 'list',
+            type: 'resource',
+            resource: 'iam/Policy',
        },
        {
            text: 'LDAP Clients',
-            action: 'redirect',
-            next: '/dash/c/listing/ldap/Client',
+            action: 'list',
+            type: 'resource',
+            resource: 'ldap/Client',
+        },
+        {
+            text: 'OAuth2 Clients',
+            action: 'list',
+            type: 'resource',
+            resource: 'oauth/Client',
        },
        {
            text: 'SAML Service Providers',
-            action: 'redirect',
-            next: '/dash/c/listing/saml/Provider',
+            action: 'list',
+            type: 'resource',
+            resource: 'saml/Provider',
        },
        {
            text: 'Settings',
@@ -63,6 +89,32 @@ export default class SideBarComponent extends Component {
        })
    }

+    async vue_on_create() {
+        const new_actions = []
+
+        const perm_lookups = []
+        for ( const action of this.possible_actions ) {
+            if ( action.resource ) {
+                action.rsc = await resource_service.get(action.resource)
+                perm_lookups.push(`${action.rsc.permission_base}:list`)
+            }
+        }
+
+        const perms = await session.check_permissions(...perm_lookups)
+
+        for ( const action of this.possible_actions ) {
+            if ( action.resource ) {
+                if ( perms[`${action.rsc.permission_base}:list`] ) {
+                    new_actions.push(action)
+                }
+            } else {
+                new_actions.push(action)
+            }
+        }
+
+        this.actions = new_actions
+    }
+
    isCollapsed = false

    toggle() {
--- a/app/assets/app/dash/profile/EditProfile.component.js
+++ b/app/assets/app/dash/profile/EditProfile.component.js
@@ -175,8 +175,6 @@ export default class EditProfileComponent extends Component {
            this.form_message = 'Saving...'
            save()
        }
-
-        console.log('profile form', this)
    }

    get_submit_data() {
--- a/app/assets/app/dash/profile/form/AppPassword.component.js
+++ b/app/assets/app/dash/profile/form/AppPassword.component.js
@@ -80,7 +80,6 @@ export default class AppPasswordFormComponent extends Component {

    vue_on_create() {
        this.uuid = utility.uuid()
-        console.log({auth_api})
    }

    async on_name_change(event) {