From df3662f0ccfaa9a8b3426d04b7e5ae4c8dfa5007 Mon Sep 17 00:00:00 2001
From: abhishek9686 <abhi281342@gmail.com>
Date: Thu, 31 Oct 2024 15:13:29 +0400
Subject: [PATCH] check for custom all policies

---
 logic/acls.go | 30 +++++++++++++++++++++---------
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/logic/acls.go b/logic/acls.go
index 54020556..0bbb2bdf 100644
--- a/logic/acls.go
+++ b/logic/acls.go
@@ -54,10 +54,6 @@ func CreateDefaultAclNetworkPolicies(netID models.NetworkID) {
 					ID:    models.UserAclID,
 					Value: "*",
 				},
-				{
-					ID:    models.UserGroupAclID,
-					Value: "*",
-				},
 			},
 			Dst: []models.AclPolicyTag{{
 				ID:    models.DeviceAclID,
@@ -285,6 +281,27 @@ func GetDefaultPolicy(netID models.NetworkID, ruleType models.AclPolicyType) (mo
 	if err != nil {
 		return models.Acl{}, errors.New("default rule not found")
 	}
+	if acl.Enabled {
+		return acl, nil
+	}
+	// check if there are any custom all policies
+	policies, _ := ListAcls(netID)
+	for _, policy := range policies {
+		if !policy.Enabled {
+			continue
+		}
+		if policy.RuleType == ruleType {
+			dstMap := convAclTagToValueMap(policy.Dst)
+			srcMap := convAclTagToValueMap(policy.Dst)
+			if _, ok := srcMap["*"]; ok {
+				if _, ok := dstMap["*"]; ok {
+					return policy, nil
+				}
+			}
+		}
+
+	}
+
 	return acl, nil
 }
 
@@ -467,11 +484,6 @@ func IsNodeAllowedToCommunicate(node, peer models.Node) bool {
 		// fmt.Printf("\n======> DSTMAP: %+v\n", dstMap)
 		// fmt.Printf("\n======> node Tags: %+v\n", node.Tags)
 		// fmt.Printf("\n======> peer Tags: %+v\n", peer.Tags)
-		if _, ok := srcMap["*"]; ok {
-			if _, ok := dstMap["*"]; ok {
-				return true
-			}
-		}
 		for tagID := range node.Tags {
 			if _, ok := dstMap[tagID.String()]; ok {
 				if _, ok := srcMap["*"]; ok {