allow single devices in the acl policies

2025-09-06 21:24:16 +08:00 · 2025-01-17 15:58:40 +05:30 · 2025-01-17 15:58:40 +05:30 · 021023d999
commit 021023d999
parent 1bc60df02c
3 changed files with 14 additions and 5 deletions
--- a/controllers/acls.go
+++ b/controllers/acls.go
@ -46,9 +46,11 @@ func aclPolicyTypes(w http.ResponseWriter, r *http.Request) {
 			models.UserAclID,
 			models.UserGroupAclID,
 			models.DeviceAclID,
+			models.DeviceID,
 		},
 		DstGroupTypes: []models.AclGroupType{
 			models.DeviceAclID,
+			models.DeviceID,
 			// models.NetmakerIPAclID,
 			// models.NetmakerSubNetRangeAClID,
 		},
@ -117,6 +119,13 @@ func aclPolicyTypes(w http.ResponseWriter, r *http.Request) {
 				},
 				PortRange: "",
 			},
+			{
+				Name: models.SSH,
+				AllowedProtocols: []models.Protocol{
+					models.TCP,
+				},
+				PortRange: "22",
+			},
 			{
 				Name: models.Custom,
 				AllowedProtocols: []models.Protocol{
--- a/logic/acls.go
+++ b/logic/acls.go
@ -267,7 +267,7 @@ func IsAclPolicyValid(acl models.Acl) bool {
 			if dstI.ID == "" || dstI.Value == "" {
 				return false
 			}
-			if dstI.ID != models.DeviceAclID {
+			if dstI.ID != models.DeviceAclID && dstI.ID != models.DeviceID {
 				return false
 			}
 			if dstI.Value == "*" {
@ -284,7 +284,7 @@ func IsAclPolicyValid(acl models.Acl) bool {
 			if srcI.ID == "" || srcI.Value == "" {
 				return false
 			}
-			if srcI.ID != models.DeviceAclID {
+			if srcI.ID != models.DeviceAclID && srcI.ID != models.DeviceID {
 				return false
 			}
 			if srcI.Value == "*" {
@ -301,7 +301,7 @@ func IsAclPolicyValid(acl models.Acl) bool {
 			if dstI.ID == "" || dstI.Value == "" {
 				return false
 			}
-			if dstI.ID != models.DeviceAclID {
+			if dstI.ID != models.DeviceAclID && dstI.ID != models.DeviceID {
 				return false
 			}
 			if dstI.Value == "*" {
--- a/models/acl.go
+++ b/models/acl.go
@ -25,14 +25,13 @@ const (
 	ICMP Protocol = "icmp"
 )

-type ServiceType string
-
 const (
 	Http        = "HTTP"
 	Https       = "HTTPS"
 	AllTCP      = "All TCP"
 	AllUDP      = "All UDP"
 	ICMPService = "ICMP"
+	SSH         = "SSH"
 	Custom      = "Custom"
 	Any         = "Any"
 )
@ -59,6 +58,7 @@ const (
 	UserAclID                AclGroupType = "user"
 	UserGroupAclID           AclGroupType = "user-group"
 	DeviceAclID              AclGroupType = "tag"
+	DeviceID                 AclGroupType = "device"
 	NetmakerIPAclID          AclGroupType = "ip"
 	NetmakerSubNetRangeAClID AclGroupType = "ipset"
 )