mirror of
https://github.com/gravitl/netmaker.git
synced 2024-09-20 15:26:04 +08:00
add migration func
This commit is contained in:
parent
49c2e60744
commit
b385b50a16
|
@ -369,8 +369,13 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) {
|
||||||
logic.ReturnErrorResponse(response, request, logic.FormatError(err, "unauthorized"))
|
logic.ReturnErrorResponse(response, request, logic.FormatError(err, "unauthorized"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if !(user.IsAdmin || user.IsSuperAdmin) {
|
role, err := logic.GetRole(user.PlatformRoleID)
|
||||||
logic.ReturnErrorResponse(response, request, logic.FormatError(errors.New("only admins can access dashboard"), "unauthorized"))
|
if err != nil {
|
||||||
|
logic.ReturnErrorResponse(response, request, logic.FormatError(errors.New("access denied to dashboard"), "unauthorized"))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if role.DenyDashboardAccess {
|
||||||
|
logic.ReturnErrorResponse(response, request, logic.FormatError(errors.New("access denied to dashboard"), "unauthorized"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -314,6 +314,35 @@ func MigrateEmqx() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func syncUsers() {
|
func syncUsers() {
|
||||||
|
// create default network user roles for existing networks
|
||||||
|
networks, _ := logic.GetNetworks()
|
||||||
|
nodes, err := logic.GetAllNodes()
|
||||||
|
if err == nil {
|
||||||
|
for _, netI := range networks {
|
||||||
|
networkNodes := logic.GetNetworkNodesMemory(nodes, netI.NetID)
|
||||||
|
for _, networkNodeI := range networkNodes {
|
||||||
|
if networkNodeI.IsIngressGateway {
|
||||||
|
h, err := logic.GetHost(networkNodeI.HostID.String())
|
||||||
|
if err == nil {
|
||||||
|
logic.CreateRole(models.UserRolePermissionTemplate{
|
||||||
|
ID: models.UserRole(fmt.Sprintf("net-%s-user-gw-%s", netI.NetID, h.Name)),
|
||||||
|
DenyDashboardAccess: true,
|
||||||
|
NetworkID: netI.NetID,
|
||||||
|
NetworkLevelAccess: map[models.RsrcType]map[models.RsrcID]models.RsrcPermissionScope{
|
||||||
|
models.RemoteAccessGwRsrc: {
|
||||||
|
models.RsrcID(networkNodeI.ID.String()): models.RsrcPermissionScope{
|
||||||
|
VPNaccess: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
users, err := logic.GetUsersDB()
|
users, err := logic.GetUsersDB()
|
||||||
if err == nil {
|
if err == nil {
|
||||||
for _, user := range users {
|
for _, user := range users {
|
||||||
|
@ -329,7 +358,29 @@ func syncUsers() {
|
||||||
}
|
}
|
||||||
if len(user.RemoteGwIDs) > 0 {
|
if len(user.RemoteGwIDs) > 0 {
|
||||||
// define user roles for network
|
// define user roles for network
|
||||||
|
// assign relevant network role to user
|
||||||
|
for remoteGwID := range user.RemoteGwIDs {
|
||||||
|
gwNode, err := logic.GetNodeByID(remoteGwID)
|
||||||
|
if err != nil {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
h, err := logic.GetHost(gwNode.HostID.String())
|
||||||
|
if err != nil {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
r, err := logic.GetRole(models.UserRole(fmt.Sprintf("net-%s-user-gw-%s", gwNode.Network, h.Name)))
|
||||||
|
if err != nil {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if netRoles, ok := user.NetworkRoles[models.NetworkID(gwNode.Network)]; ok {
|
||||||
|
netRoles[r.ID] = struct{}{}
|
||||||
|
} else {
|
||||||
|
user.NetworkRoles[models.NetworkID(gwNode.Network)] = map[models.UserRole]struct{}{
|
||||||
|
r.ID: {},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
logic.UpsertUser(user)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue