gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-09-09 14:46:36 +08:00
Code Issues Projects Releases Packages Wiki Activity

remove default net group from user when deleted

Browse source
This commit is contained in:
abhishek9686 2024-08-12 14:58:53 +05:30
parent 4003848447
commit ecf00dcd25
2 changed files with 32 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
controllers/user.go
View file

@ -529,20 +529,23 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
return
}
// user cannot update his own roles and groups
if len(user.NetworkRoles) != len(userchange.NetworkRoles) || !reflect.DeepEqual(user.NetworkRoles, userchange.NetworkRoles) {
err = errors.New("user cannot update self update their network roles")
slog.Error("failed to update user", "caller", caller.UserName, "attempted to update user", username, "error", err)
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
return
}
// user cannot update his own roles and groups
if len(user.UserGroups) != len(userchange.UserGroups) || !reflect.DeepEqual(user.UserGroups, userchange.UserGroups) {
err = errors.New("user cannot update self update their groups")
slog.Error("failed to update user", "caller", caller.UserName, "attempted to update user", username, "error", err)
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
return
if servercfg.IsPro {
// user cannot update his own roles and groups
if len(user.NetworkRoles) != len(userchange.NetworkRoles) || !reflect.DeepEqual(user.NetworkRoles, userchange.NetworkRoles) {
err = errors.New("user cannot update self update their network roles")
slog.Error("failed to update user", "caller", caller.UserName, "attempted to update user", username, "error", err)
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
return
}
// user cannot update his own roles and groups
if len(user.UserGroups) != len(userchange.UserGroups) || !reflect.DeepEqual(user.UserGroups, userchange.UserGroups) {
err = errors.New("user cannot update self update their groups")
slog.Error("failed to update user", "caller", caller.UserName, "attempted to update user", username, "error", err)
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
return
}
}
}
if ismaster {
if user.PlatformRoleID != models.SuperAdminRole && userchange.PlatformRoleID == models.SuperAdminRole {

19
pro/logic/user_mgmt.go
View file

@ -139,15 +139,28 @@ func DeleteNetworkRoles(netID string) {
if err != nil {
return
}
defaultUserGrp := fmt.Sprintf("%s-%s-grp", netID, models.NetworkUser)
defaultAdminGrp := fmt.Sprintf("%s-%s-grp", netID, models.NetworkAdmin)
for _, user := range users {
var upsert bool
if _, ok := user.NetworkRoles[models.NetworkID(netID)]; ok {
delete(user.NetworkRoles, models.NetworkID(netID))
upsert = true
}
if _, ok := user.UserGroups[models.UserGroupID(defaultUserGrp)]; ok {
delete(user.UserGroups, models.UserGroupID(defaultUserGrp))
upsert = true
}
if _, ok := user.UserGroups[models.UserGroupID(defaultAdminGrp)]; ok {
delete(user.UserGroups, models.UserGroupID(defaultAdminGrp))
upsert = true
}
if upsert {
logic.UpsertUser(user)
}
}
database.DeleteRecord(database.USER_GROUPS_TABLE_NAME, fmt.Sprintf("%s-%s-grp", netID, models.NetworkUser))
database.DeleteRecord(database.USER_GROUPS_TABLE_NAME, fmt.Sprintf("%s-%s-grp", netID, models.NetworkAdmin))
database.DeleteRecord(database.USER_GROUPS_TABLE_NAME, defaultUserGrp)
database.DeleteRecord(database.USER_GROUPS_TABLE_NAME, defaultAdminGrp)
userGs, _ := ListUserGroups()
for _, userGI := range userGs {
if _, ok := userGI.NetworkRoles[models.NetworkID(netID)]; ok {