From 7d052e64e2521059d9fda9633b90297304ae2636 Mon Sep 17 00:00:00 2001
From: abhishek9686 <abhi281342@gmail.com>
Date: Thu, 20 Jun 2024 07:28:33 +0530
Subject: [PATCH] refer network controls form roles, add debug headers

---
 controllers/middleware.go |  8 +++++---
 logic/security.go         |  5 +----
 logic/user_mgmt.go        | 10 ++++++++--
 models/user_mgmt.go       |  9 ++++-----
 4 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/controllers/middleware.go b/controllers/middleware.go
index 4a547b35..38337305 100644
--- a/controllers/middleware.go
+++ b/controllers/middleware.go
@@ -12,7 +12,7 @@ func userMiddleWare(handler http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		var params = mux.Vars(r)
 		r.Header.Set("NET_ID", params["network"])
-		if strings.Contains(r.URL.Path, "host") || strings.Contains(r.URL.Path, "node") {
+		if strings.Contains(r.URL.Path, "hosts") || strings.Contains(r.URL.Path, "nodes") {
 			r.Header.Set("TARGET_RSRC", models.HostRsrc.String())
 			r.Header.Set("RSRC_TYPE", models.HostRsrc.String())
 		}
@@ -56,8 +56,10 @@ func userMiddleWare(handler http.Handler) http.Handler {
 		if r.Header.Get("TARGET_RSRC_ID") == "" {
 			r.Header.Set("IS_GLOBAL_ACCESS", "yes")
 		}
-		// pro
-
+		w.Header().Set("TARGET_RSRC", r.Header.Get("TARGET_RSRC"))
+		w.Header().Set("TARGET_RSRC_ID", r.Header.Get("TARGET_RSRC_ID"))
+		w.Header().Set("RSRC_TYPE", r.Header.Get("RSRC_TYPE"))
+		w.Header().Set("IS_GLOBAL_ACCESS", r.Header.Get("IS_GLOBAL_ACCESS"))
 		handler.ServeHTTP(w, r)
 	})
 }
diff --git a/logic/security.go b/logic/security.go
index 221232b7..8d2179e8 100644
--- a/logic/security.go
+++ b/logic/security.go
@@ -148,10 +148,7 @@ func SecurityCheck(reqAdmin bool, next http.Handler) http.HandlerFunc {
 				err = networkPermissionsCheck(username, r)
 			}
 		}
-		w.Header().Set("TARGET_RSRC", r.Header.Get("TARGET_RSRC"))
-		w.Header().Set("TARGET_RSRC_ID", r.Header.Get("TARGET_RSRC_ID"))
-		w.Header().Set("NET_ID", r.Header.Get("NET_ID"))
-		w.Header().Set("ACCESS_RESP", err.Error())
+		w.Header().Set("ACCESS_PERM", err.Error())
 		r.Header.Set("user", username)
 		next.ServeHTTP(w, r)
 	}
diff --git a/logic/user_mgmt.go b/logic/user_mgmt.go
index de0b7ef7..82044db0 100644
--- a/logic/user_mgmt.go
+++ b/logic/user_mgmt.go
@@ -32,8 +32,14 @@ var NetworkUserPermissionTemplate = models.UserRolePermissionTemplate{
 	ID:                  models.NetworkUser,
 	Default:             true,
 	FullAccess:          false,
-	DenyDashboardAccess: true,
-	NetworkLevelAccess:  make(map[models.RsrcType]map[models.RsrcID]models.RsrcPermissionScope),
+	DenyDashboardAccess: false,
+	NetworkLevelAccess: map[models.RsrcType]map[models.RsrcID]models.RsrcPermissionScope{
+		models.RemoteAccessGwRsrc: {
+			models.AllRemoteAccessGwRsrcID: models.RsrcPermissionScope{
+				Read: true,
+			},
+		},
+	},
 }
 
 func UserRolesInit() {
diff --git a/models/user_mgmt.go b/models/user_mgmt.go
index 6f20e9a6..76f7be54 100644
--- a/models/user_mgmt.go
+++ b/models/user_mgmt.go
@@ -63,11 +63,10 @@ func (g UserGroupID) String() string {
 }
 
 type RsrcPermissionScope struct {
-	Create    bool `json:"create"`
-	Read      bool `json:"read"`
-	Update    bool `json:"update"`
-	Delete    bool `json:"delete"`
-	VPNAccess bool `json:"vpn_access"`
+	Create bool `json:"create"`
+	Read   bool `json:"read"`
+	Update bool `json:"update"`
+	Delete bool `json:"delete"`
 }
 
 type UserRolePermissionTemplate struct {