@ -2,15 +2,18 @@ import CRUDBase from '../CRUDBase.js'
import { session } from '../../service/Session.service.js'
class PolicyResource extends CRUDBase {
endpoint = '/api/v1/iam/policy'
required _fields = [ 'entity_id' , 'entity_type' , 'target_id' , 'target_type' , 'access_type' ]
permission _base = 'v1:iam:policy'
constructor ( ) {
super ( )
item = 'IAM Policy'
plural = 'IAM Policies'
this . endpoint = '/api/v1/iam/policy'
this . required _fields = [ 'entity_id' , 'entity_type' , 'target_id' , 'target_type' , 'access_type' ]
this . permission _base = 'v1:iam:policy'
listing _definition = {
display : `
this . item = 'IAM Policy'
this . plural = 'IAM Policies'
this . listing _definition = {
display : `
Identity & Access Management ( IAM ) policies give you fine grained control over which $ { session . get ( 'app.name' ) } users and groups are allowed to access which applications .
< br > < br >
An IAM policy has three parts . First , is the subject . The subject is who the policy applies to and is either a user or a group . The second part is the access type . This is either an allowance or a denial . That is , the policy either grants a subject access to a resource , or explicitly denies them access . The final part of the policy is the target . This is the application that the subject is being granted or denied access to .
@ -24,136 +27,137 @@ class PolicyResource extends CRUDBase {
< / o l >
This means , for example , that if a user ' s group is allowed access , but a user is denied access , the user will be denied access . Likewise , if there are two policies for a subject , one granting them access and one denying them access , the denial will take precedence .
` ,
columns : [
{
name : 'Subject' ,
field : 'entity_display' ,
} ,
{
name : 'Access Type' ,
field : 'access_type' ,
renderer : access _type => access _type === 'deny' ? '...is denied access to...' : '...is granted access to...' ,
} ,
{
name : 'Target' ,
field : 'target_display' ,
} ,
] ,
actions : [
{
type : 'resource' ,
position : 'main' ,
action : 'insert' ,
text : 'Create New' ,
color : 'success' ,
} ,
{
type : 'resource' ,
position : 'row' ,
action : 'update' ,
icon : 'fa fa-edit' ,
color : 'primary' ,
} ,
{
type : 'resource' ,
position : 'row' ,
action : 'delete' ,
icon : 'fa fa-times' ,
color : 'danger' ,
confirm : true ,
} ,
] ,
}
columns : [
{
name : 'Subject' ,
field : 'entity_display' ,
} ,
{
name : 'Access Type' ,
field : 'access_type' ,
renderer : access _type => access _type === 'deny' ? '...is denied access to...' : '...is granted access to...' ,
} ,
{
name : 'Target' ,
field : 'target_display' ,
} ,
] ,
actions : [
{
type : 'resource' ,
position : 'main' ,
action : 'insert' ,
text : 'Create New' ,
color : 'success' ,
} ,
{
type : 'resource' ,
position : 'row' ,
action : 'update' ,
icon : 'fa fa-edit' ,
color : 'primary' ,
} ,
{
type : 'resource' ,
position : 'row' ,
action : 'delete' ,
icon : 'fa fa-times' ,
color : 'danger' ,
confirm : true ,
} ,
] ,
}
form _definition = {
fields : [
{
name : 'Subject Type' ,
field : 'entity_type' ,
required : true ,
type : 'select' ,
options : [
{ display : 'User' , value : 'user' } ,
{ display : 'Group' , value : 'group' } ,
] ,
} ,
{
name : 'Subject' ,
field : 'entity_id' ,
required : true ,
type : 'select.dynamic' ,
options : {
resource : 'auth/User' ,
display : user => ` User: ${ user . last _name } , ${ user . first _name } ( ${ user . uid } ) ` ,
value : 'id' ,
this . form _definition = {
fields : [
{
name : 'Subject Type' ,
field : 'entity_type' ,
required : true ,
type : 'select' ,
options : [
{ display : 'User' , value : 'user' } ,
{ display : 'Group' , value : 'group' } ,
] ,
} ,
{
name : 'Subject' ,
field : 'entity_id' ,
required : true ,
type : 'select.dynamic' ,
options : {
resource : 'auth/User' ,
display : user => ` User: ${ user . last _name } , ${ user . first _name } ( ${ user . uid } ) ` ,
value : 'id' ,
} ,
if : ( form _data ) => form _data . entity _type === 'user' ,
} ,
{
name : 'Subject' ,
field : 'entity_id' ,
required : true ,
type : 'select.dynamic' ,
options : {
resource : 'auth/Group' ,
display : group => ` Group: ${ group . name } ( ${ group . user _ids . length } users) ` ,
value : 'id' ,
} ,
if : ( form _data ) => form _data . entity _type === 'group' ,
} ,
{
name : 'Access Type' ,
field : 'access_type' ,
required : true ,
type : 'select' ,
options : [
{ display : '...is granted access to...' , value : 'allow' } ,
{ display : '...is denied access to...' , value : 'deny' } ,
] ,
} ,
{
name : 'Target Type' ,
field : 'target_type' ,
required : true ,
type : 'select' ,
options : [
{ display : 'Application' , value : 'application' } ,
{ display : 'API Scope' , value : 'api_scope' } ,
] ,
} ,
{
name : 'Target' ,
field : 'target_id' ,
required : true ,
type : 'select.dynamic' ,
options : {
resource : 'App' ,
display : 'name' ,
value : 'id' ,
} ,
if : ( form _data ) => form _data . target _type === 'application'
} ,
if : ( form _data ) => form _data . entity _type === 'user' ,
} ,
{
name : 'Subject' ,
field : 'entity_id' ,
required : true ,
type : 'select.dynamic' ,
options : {
resource : 'auth/Group' ,
display : group => ` Group: ${ group . name } ( ${ group . user _ids . length } users) ` ,
value : 'id' ,
{
name : 'Target' ,
field : 'target_id' ,
required : true ,
type : 'select.dynamic ',
options : {
resource : 'reflect/Scope ',
display : 'scope' ,
value : 'scope ',
},
if : ( form _data ) => form _data . target _type === 'api_scope'
} ,
if : ( form _data ) => form _data . entity _type === 'group' ,
} ,
{
name : 'Access Type' ,
field : 'access_type' ,
required : true ,
type : 'select' ,
options : [
{ display : '...is granted access to...' , value : 'allow' } ,
{ display : '...is denied access to...' , value : 'deny' } ,
] ,
} ,
{
name : 'Target Type' ,
field : 'target_type' ,
required : true ,
type : 'select' ,
options : [
{ display : 'Application' , value : 'application' } ,
{ display : 'API Scope' , value : 'api_scope' } ,
] ,
} ,
{
name : 'Target' ,
field : 'target_id' ,
required : true ,
type : 'select.dynamic' ,
options : {
resource : 'App' ,
display : 'name' ,
value : 'id' ,
] ,
/ * h a n d l e r s : {
insert : {
action : 'back' ,
} ,
if : ( form _data ) => form _data . target _type === 'application'
} ,
{
name : 'Target' ,
field : 'target_id' ,
required : true ,
type : 'select.dynamic' ,
options : {
resource : 'reflect/Scope' ,
display : 'scope' ,
value : 'scope' ,
update : {
action : 'back' ,
} ,
if : ( form _data ) => form _data . target _type === 'api_scope'
} ,
] ,
/ * h a n d l e r s : {
insert : {
action : 'back' ,
} ,
update : {
action : 'back' ,
} ,
} , * /
} , * /
}
}
}