fix update acl policy

2025-09-27 07:24:23 +08:00 · 2024-09-26 21:00:04 +04:00 · 2024-09-26 21:00:04 +04:00 · 5b49872d5d
commit 5b49872d5d
parent 940ed8b2f0
4 changed files with 52 additions and 13 deletions
--- a/controllers/acls.go
+++ b/controllers/acls.go
@ -16,6 +16,8 @@ import (
 func aclHandlers(r *mux.Router) {
 	r.HandleFunc("/api/v1/acls", logic.SecurityCheck(true, http.HandlerFunc(getAcls))).
 		Methods(http.MethodGet)
+	r.HandleFunc("/api/v1/acls/policy_types", logic.SecurityCheck(true, http.HandlerFunc(getAclPolicyTypes))).
+		Methods(http.MethodGet)
 	r.HandleFunc("/api/v1/acls", logic.SecurityCheck(true, http.HandlerFunc(createAcl))).
 		Methods(http.MethodPost)
 	r.HandleFunc("/api/v1/acls", logic.SecurityCheck(true, http.HandlerFunc(updateAcl))).
@ -25,6 +27,16 @@ func aclHandlers(r *mux.Router) {

 }

+// @Summary     List Acl Policy types
+// @Router      /api/v1/acls/policy_types [get]
+// @Tags        ACL
+// @Accept      json
+// @Success     200 {array} models.SuccessResponse
+// @Failure     500 {object} models.ErrorResponse
+func getAclPolicyTypes(w http.ResponseWriter, r *http.Request) {
+	logic.ReturnSuccessResponseWithJson(w, r, nil, "fetched all acls in the network ")
+}
+
 // @Summary     List Acls in a network
 // @Router      /api/v1/acls [get]
 // @Tags        ACL
@ -78,12 +90,17 @@ func createAcl(w http.ResponseWriter, r *http.Request) {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
 		return
 	}
-	// check if acl exists
+
 	acl := req
 	acl.GetID(req.NetworkID, req.Name)
 	acl.CreatedBy = user.UserName
 	acl.CreatedAt = time.Now().UTC()
 	acl.Default = false
+	if acl.RuleType == models.DevicePolicy {
+		acl.AllowedDirection = models.TrafficDirectionBi
+	} else {
+		acl.AllowedDirection = models.TrafficDirectionUni
+	}
 	// validate create acl policy
 	if !logic.IsAclPolicyValid(acl) {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("invalid policy"), "badrequest"))
@ -91,11 +108,15 @@ func createAcl(w http.ResponseWriter, r *http.Request) {
 	}
 	err = logic.InsertAcl(acl)
 	if err != nil {
-		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
+		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
 		return
 	}
-
-	logic.ReturnSuccessResponseWithJson(w, r, req, "created acl successfully")
+	acl, err = logic.GetAcl(acl.ID)
+	if err != nil {
+		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
+		return
+	}
+	logic.ReturnSuccessResponseWithJson(w, r, acl, "created acl successfully")
 }

 // @Summary     Update Acl
@ -114,11 +135,15 @@ func updateAcl(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	acl, err := logic.GetAcl(updateAcl.Acl.ID)
+	acl, err := logic.GetAcl(updateAcl.ID)
 	if err != nil {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
 		return
 	}
+	if acl.Default {
+		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("cannot update default policy"), "badrequest"))
+		return
+	}
 	if !logic.IsAclPolicyValid(updateAcl.Acl) {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("invalid policy"), "badrequest"))
 		return
@ -129,14 +154,14 @@ func updateAcl(w http.ResponseWriter, r *http.Request) {
 	}
 	if updateAcl.NewName != "" {
 		//check if policy exists with same name
-		id := models.FormatAclID(updateAcl.Acl.NetworkID, updateAcl.NewName)
+		id := models.FormatAclID(updateAcl.NetworkID, updateAcl.NewName)
 		_, err := logic.GetAcl(id)
-		if err != nil {
+		if err == nil {
 			logic.ReturnErrorResponse(w, r,
 				logic.FormatError(errors.New("policy already exists with name "+updateAcl.NewName), "badrequest"))
 			return
 		}
-		updateAcl.Acl.ID = id
+		updateAcl.ID = id
 		updateAcl.Acl.Name = updateAcl.NewName
 	}
 	err = logic.UpdateAcl(updateAcl.Acl, acl)
@ -164,9 +189,14 @@ func deleteAcl(w http.ResponseWriter, r *http.Request) {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
 		return
 	}
+	if acl.Default {
+		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
+		return
+	}
 	err = logic.DeleteAcl(acl)
 	if err != nil {
-		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
+		logic.ReturnErrorResponse(w, r,
+			logic.FormatError(errors.New("cannot delete default policy"), "internal"))
 		return
 	}
 	logic.ReturnSuccessResponse(w, r, "deleted acl "+acl.Name)
--- a/database/database.go
+++ b/database/database.go
@ -157,6 +157,7 @@ func createTables() {
 	CreateTable(USER_PERMISSIONS_TABLE_NAME)
 	CreateTable(USER_INVITES_TABLE_NAME)
 	CreateTable(TAG_TABLE_NAME)
+	CreateTable(ACLS_TABLE_NAME)
 }

 func CreateTable(tableName string) error {
--- a/logic/acls.go
+++ b/logic/acls.go
@ -83,6 +83,11 @@ func ValidateCreateAclReq(req models.Acl) error {
 	if req.Name == "" {
 		return errors.New("name is required")
 	}
+	req.GetID(req.NetworkID, req.Name)
+	_, err = GetAcl(req.ID)
+	if err == nil {
+		return errors.New("acl exists already with name " + req.Name)
+	}
 	return nil
 }

@ -193,14 +198,12 @@ func IsAclPolicyValid(acl models.Acl) bool {

 // UpdateAcl - updates allowed fields on acls and commits to DB
 func UpdateAcl(newAcl, acl models.Acl) error {
-
 	acl.Name = newAcl.Name
 	acl.Src = newAcl.Src
 	acl.Dst = newAcl.Dst
-	acl.AllowedDirection = newAcl.AllowedDirection
 	acl.Enabled = newAcl.Enabled
 	if acl.ID != newAcl.ID {
-		database.DeleteRecord(acl.ID.String(), database.ACLS_TABLE_NAME)
+		database.DeleteRecord(database.ACLS_TABLE_NAME, acl.ID.String())
 		acl.ID = newAcl.ID
 	}
 	d, err := json.Marshal(acl)
--- a/models/acl.go
+++ b/models/acl.go
@ -56,10 +56,15 @@ func (g AclGroupType) String() string {
 }

 type UpdateAclRequest struct {
-	Acl     Acl
+	Acl
 	NewName string `json:"new_name"`
 }

+type AclPolicy struct {
+	TypeID        AclPolicyType
+	PrefixTagUser AclGroupType
+}
+
 type Acl struct {
 	ID               AclID                   `json:"id"`
 	Default          bool                    `json:"default"`