From 378bac74527b12e3f079b59ea48e6c7fc46e928c Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Sun, 10 Nov 2024 17:38:04 +0400 Subject: [PATCH] add view only permissions for network users --- models/user_mgmt.go | 3 ++- pro/logic/user_mgmt.go | 60 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+), 1 deletion(-) diff --git a/models/user_mgmt.go b/models/user_mgmt.go index 7debd6e2..188d7eba 100644 --- a/models/user_mgmt.go +++ b/models/user_mgmt.go @@ -80,7 +80,8 @@ const ( AllUserRsrcID RsrcID = "all_user" AllDnsRsrcID RsrcID = "all_dns" AllFailOverRsrcID RsrcID = "all_fail_over" - AllAclsRsrcID RsrcID = "all_acls" + AllAclsRsrcID RsrcID = "all_acl" + AllTagsRsrcID RsrcID = "all_tag" ) // Pre-Defined User Roles diff --git a/pro/logic/user_mgmt.go b/pro/logic/user_mgmt.go index c3a6534f..2a21a8bd 100644 --- a/pro/logic/user_mgmt.go +++ b/pro/logic/user_mgmt.go @@ -60,6 +60,36 @@ var NetworkUserAllPermissionTemplate = models.UserRolePermissionTemplate{ SelfOnly: true, }, }, + models.DnsRsrc: { + models.AllDnsRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, + models.AclRsrc: { + models.AllAclsRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, + models.EgressGwRsrc: { + models.AllEgressGwRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, + models.InetGwRsrc: { + models.AllInetGwRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, + models.RelayRsrc: { + models.AllRelayRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, + models.TagRsrc: { + models.AllTagsRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, }, } @@ -147,6 +177,36 @@ func CreateDefaultNetworkRolesAndGroups(netID models.NetworkID) { SelfOnly: true, }, }, + models.DnsRsrc: { + models.AllDnsRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, + models.AclRsrc: { + models.AllAclsRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, + models.EgressGwRsrc: { + models.AllEgressGwRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, + models.InetGwRsrc: { + models.AllInetGwRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, + models.RelayRsrc: { + models.AllRelayRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, + models.TagRsrc: { + models.AllTagsRsrcID: models.RsrcPermissionScope{ + Read: true, + }, + }, }, } d, _ := json.Marshal(NetworkAdminPermissionTemplate)