mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-24 04:57:00 +01:00
Code Issues Actions 10 Packages Projects Releases Wiki Activity

Add acp allowing service accounts to clear their own sessions (#1731)

Browse source
This commit is contained in:
Firstyear 2023-06-13 14:10:28 +10:00 committed by GitHub
parent 8cd45eaa35
commit c5c483be98
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 28 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
server/lib/src/constants/acp.rs
View file

@ -138,6 +138,32 @@ lazy_static! {
); );
} }
lazy_static! {
pub static ref E_IDM_ACCOUNT_SELF_ACP_WRITE_V1: EntryInitNew = entry_init!(
("class", CLASS_OBJECT.clone()),
("class", CLASS_ACCESS_CONTROL_PROFILE.clone()),
("class", CLASS_ACCESS_CONTROL_MODIFY.clone()),
("name", Value::new_iname("idm_self_account_acp_write")),
("uuid", Value::Uuid(UUID_IDM_ACCOUNT_SELF_ACP_WRITE_V1)),
(
"description",
Value::new_utf8s("Builtin IDM Control for self write - required for accounts to update their own session state.")
),
(
"acp_receiver_group",
Value::Refer(UUID_IDM_ALL_ACCOUNTS)
),
(
"acp_targetscope",
Value::new_json_filter_s(
"{\"and\": [{\"eq\": [\"class\",\"account\"]}, \"self\"]}"
)
.expect("Invalid JSON filter")
),
("acp_modify_removedattr", Value::new_iutf8("user_auth_token_session"))
);
}
lazy_static! { lazy_static! {
pub static ref E_IDM_PEOPLE_SELF_ACP_WRITE_MAIL_PRIV_V1: EntryInitNew = entry_init!( pub static ref E_IDM_PEOPLE_SELF_ACP_WRITE_MAIL_PRIV_V1: EntryInitNew = entry_init!(
("class", CLASS_OBJECT.clone()), ("class", CLASS_OBJECT.clone()),

1
server/lib/src/constants/uuids.rs
View file

@ -305,6 +305,7 @@ pub const UUID_IDM_HP_ACP_SYNC_ACCOUNT_MANAGE_PRIV_V1: Uuid =
uuid!("00000000-0000-0000-0000-ffffff000044"); uuid!("00000000-0000-0000-0000-ffffff000044");
pub const UUID_IDM_ACP_ACCOUNT_MAIL_READ_PRIV_V1: Uuid = pub const UUID_IDM_ACP_ACCOUNT_MAIL_READ_PRIV_V1: Uuid =
uuid!("00000000-0000-0000-0000-ffffff000045"); uuid!("00000000-0000-0000-0000-ffffff000045");
pub const UUID_IDM_ACCOUNT_SELF_ACP_WRITE_V1: Uuid = uuid!("00000000-0000-0000-0000-ffffff000046");
// End of system ranges // End of system ranges
pub const UUID_DOES_NOT_EXIST: Uuid = uuid!("00000000-0000-0000-0000-fffffffffffe"); pub const UUID_DOES_NOT_EXIST: Uuid = uuid!("00000000-0000-0000-0000-fffffffffffe");

1
server/lib/src/server/migrations.rs
View file

@ -635,6 +635,7 @@ impl<'a> QueryServerWriteTransaction<'a> {
E_IDM_UI_ENABLE_EXPERIMENTAL_FEATURES.clone(), E_IDM_UI_ENABLE_EXPERIMENTAL_FEATURES.clone(),
E_IDM_ACCOUNT_MAIL_READ_PRIV.clone(), E_IDM_ACCOUNT_MAIL_READ_PRIV.clone(),
E_IDM_ACP_ACCOUNT_MAIL_READ_PRIV_V1.clone(), E_IDM_ACP_ACCOUNT_MAIL_READ_PRIV_V1.clone(),
E_IDM_ACCOUNT_SELF_ACP_WRITE_V1.clone(),
]; ];
let res: Result<(), _> = idm_entries let res: Result<(), _> = idm_entries