diff --git a/logic/user_mgmt.go b/logic/user_mgmt.go index 4c79103d..ccb603af 100644 --- a/logic/user_mgmt.go +++ b/logic/user_mgmt.go @@ -1 +1,52 @@ package logic + +import ( + "encoding/json" + + "github.com/gravitl/netmaker/database" + "github.com/gravitl/netmaker/models" +) + +// Pre-Define Permission Templates for default Roles +var SuperAdminPermissionTemplate = models.UserPermissionTemplate{ + ID: models.SuperAdminRole, + Default: true, + DashBoardAcls: models.DashboardAccessControls{ + FullAccess: true, + }, +} +var AdminPermissionTemplate = models.UserPermissionTemplate{ + ID: models.AdminRole, + Default: true, + DashBoardAcls: models.DashboardAccessControls{ + FullAccess: true, + }, +} + +var NetworkAdminPermissionTemplate = models.UserPermissionTemplate{ + ID: models.NetworkAdmin, + Default: true, + DashBoardAcls: models.DashboardAccessControls{ + NetworkLevelAccess: make(map[models.NetworkID]models.NetworkAccessControls), + }, +} + +var NetworkUserPermissionTemplate = models.UserPermissionTemplate{ + ID: models.NetworkUser, + Default: true, + DashBoardAcls: models.DashboardAccessControls{ + DenyDashboardAccess: true, + NetworkLevelAccess: make(map[models.NetworkID]models.NetworkAccessControls), + }, +} + +func init() { + d, _ := json.Marshal(SuperAdminPermissionTemplate) + database.Insert(SuperAdminPermissionTemplate.ID.String(), string(d), database.USER_PERMISSIONS_TABLE_NAME) + d, _ = json.Marshal(AdminPermissionTemplate) + database.Insert(AdminPermissionTemplate.ID.String(), string(d), database.USER_PERMISSIONS_TABLE_NAME) + d, _ = json.Marshal(NetworkAdminPermissionTemplate) + database.Insert(NetworkAdminPermissionTemplate.ID.String(), string(d), database.USER_PERMISSIONS_TABLE_NAME) + d, _ = json.Marshal(NetworkUserPermissionTemplate) + database.Insert(NetworkUserPermissionTemplate.ID.String(), string(d), database.USER_PERMISSIONS_TABLE_NAME) +} diff --git a/models/user_mgmt.go b/models/user_mgmt.go index 779dba57..78a0ea55 100644 --- a/models/user_mgmt.go +++ b/models/user_mgmt.go @@ -2,6 +2,7 @@ package models type NetworkID string type RsrcID string +type UserRole string const ( HostRsrc RsrcID = "host" @@ -11,8 +12,20 @@ const ( EgressGwRsrc RsrcID = "egress" ) +// Pre-Defined User Roles + +const ( + SuperAdminRole UserRole = "super_admin" + AdminRole UserRole = "admin" + NetworkAdmin UserRole = "network_admin" + NetworkUser UserRole = "network_user" +) + +func (r UserRole) String() string { + return string(r) +} + type NetworkRsrcPermissions struct { - All bool `json:"all"` Create bool `json:"create"` Read bool `json:"read"` Update bool `json:"update"` @@ -26,11 +39,13 @@ type NetworkAccessControls struct { } type DashboardAccessControls struct { - FullAccess bool `json:"full_access"` - NetworkLevelAccess map[NetworkID]NetworkAccessControls `json:"network_access_controls"` + FullAccess bool `json:"full_access"` + DenyDashboardAccess bool `json:"deny_dashboard_access"` + NetworkLevelAccess map[NetworkID]NetworkAccessControls `json:"network_access_controls"` } type UserPermissionTemplate struct { - ID string `json:"id"` + ID UserRole `json:"id"` + Default bool `json:"default"` DashBoardAcls DashboardAccessControls `json:"dashboard_access_controls"` }