From 28523147626a67db5737db1532c26d8a10221138 Mon Sep 17 00:00:00 2001
From: abhishek9686 <abhi281342@gmail.com>
Date: Tue, 29 Oct 2024 20:24:31 +0400
Subject: [PATCH] fix global network role access

---
 pro/logic/security.go  | 9 +++++++++
 pro/logic/user_mgmt.go | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/pro/logic/security.go b/pro/logic/security.go
index 0bda7e02..fbe0105d 100644
--- a/pro/logic/security.go
+++ b/pro/logic/security.go
@@ -82,8 +82,17 @@ func NetworkPermissionsCheck(username string, r *http.Request) error {
 		}
 	}
 	for groupID := range user.UserGroups {
+
 		userG, err := GetUserGroup(groupID)
 		if err == nil {
+			if netRoles, ok := userG.NetworkRoles[models.AllNetworks]; ok {
+				for netRoleID := range netRoles {
+					err = checkNetworkAccessPermissions(netRoleID, username, r.Method, targetRsrc, targetRsrcID, netID)
+					if err == nil {
+						return nil
+					}
+				}
+			}
 			netRoles := userG.NetworkRoles[models.NetworkID(netID)]
 			for netRoleID := range netRoles {
 				err = checkNetworkAccessPermissions(netRoleID, username, r.Method, targetRsrc, targetRsrcID, netID)
diff --git a/pro/logic/user_mgmt.go b/pro/logic/user_mgmt.go
index a08bcd92..f32bd63b 100644
--- a/pro/logic/user_mgmt.go
+++ b/pro/logic/user_mgmt.go
@@ -87,7 +87,7 @@ func UserGroupsInit() {
 		Name:     "Network Admin Group",
 		MetaData: "Users in this group can manage all your networks configuration.",
 		NetworkRoles: map[models.NetworkID]map[models.UserRoleID]struct{}{
-			models.NetworkID("*"): {
+			models.AllNetworks: {
 				models.UserRoleID(fmt.Sprintf("global-%s", models.NetworkAdmin)): {},
 			},
 		},