fix global network role access

2025-09-06 05:04:27 +08:00 · 2024-10-29 20:24:31 +04:00 · 2024-10-29 20:24:31 +04:00 · 2852314762
commit 2852314762
parent 0246a7e32d
2 changed files with 10 additions and 1 deletions
--- a/pro/logic/security.go
+++ b/pro/logic/security.go
@ -82,8 +82,17 @@ func NetworkPermissionsCheck(username string, r *http.Request) error {
 		}
 	}
 	for groupID := range user.UserGroups {
+
 		userG, err := GetUserGroup(groupID)
 		if err == nil {
+			if netRoles, ok := userG.NetworkRoles[models.AllNetworks]; ok {
+				for netRoleID := range netRoles {
+					err = checkNetworkAccessPermissions(netRoleID, username, r.Method, targetRsrc, targetRsrcID, netID)
+					if err == nil {
+						return nil
+					}
+				}
+			}
 			netRoles := userG.NetworkRoles[models.NetworkID(netID)]
 			for netRoleID := range netRoles {
 				err = checkNetworkAccessPermissions(netRoleID, username, r.Method, targetRsrc, targetRsrcID, netID)
--- a/pro/logic/user_mgmt.go
+++ b/pro/logic/user_mgmt.go
@ -87,7 +87,7 @@ func UserGroupsInit() {
 		Name:     "Network Admin Group",
 		MetaData: "Users in this group can manage all your networks configuration.",
 		NetworkRoles: map[models.NetworkID]map[models.UserRoleID]struct{}{
-			models.NetworkID("*"): {
+			models.AllNetworks: {
 				models.UserRoleID(fmt.Sprintf("global-%s", models.NetworkAdmin)): {},
 			},
 		},