gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-09-07 13:44:17 +08:00
Code Issues Projects Releases Packages Wiki Activity

remove user role from acl policy types

Browse source
This commit is contained in:
abhishek9686 2024-10-28 11:39:16 +04:00
parent 5e62e7e749
commit f7b78ccad6
4 changed files with 65 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
controllers/acls.go
View file

@ -44,7 +44,7 @@ func aclPolicyTypes(w http.ResponseWriter, r *http.Request) {
},
SrcGroupTypes: []models.AclGroupType{
models.UserAclID,
models.UserRoleAclID,
//models.UserRoleAclID,
models.UserGroupAclID,
models.DeviceAclID,
},

23
logic/acls.go
View file

@ -56,10 +56,10 @@ func CreateDefaultAclNetworkPolicies(netID models.NetworkID) {
ID: models.UserGroupAclID,
Value: "*",
},
{
ID: models.UserRoleAclID,
Value: "*",
},
// {
// ID: models.UserRoleAclID,
// Value: "*",
// },
},
Dst: []models.AclPolicyTag{{
ID: models.DeviceAclID,
@ -175,8 +175,9 @@ func IsAclPolicyValid(acl models.Acl) bool {
if srcI.Value == "*" {
continue
}
if srcI.ID != models.UserAclID &&
srcI.ID != models.UserGroupAclID && srcI.ID != models.UserRoleAclID {
if srcI.ID != models.UserAclID {
// && srcI.ID != models.UserGroupAclID && srcI.ID != models.UserRoleAclID
return false
}
// check if user group is valid
@ -185,12 +186,12 @@ func IsAclPolicyValid(acl models.Acl) bool {
if err != nil {
return false
}
} else if srcI.ID == models.UserRoleAclID {
// } else if srcI.ID == models.UserRoleAclID {
_, err := GetRole(models.UserRoleID(srcI.Value))
if err != nil {
return false
}
// _, err := GetRole(models.UserRoleID(srcI.Value))
// if err != nil {
// return false
// }
} else if srcI.ID == models.UserGroupAclID {
err := IsGroupValid(models.UserGroupID(srcI.Value))

6
models/acl.go
View file

@ -44,9 +44,9 @@ type AclPolicyTag struct {
type AclGroupType string
const (
UserAclID AclGroupType = "user"
UserGroupAclID AclGroupType = "user-group"
UserRoleAclID AclGroupType = "user-role"
UserAclID AclGroupType = "user"
UserGroupAclID AclGroupType = "user-group"
//UserRoleAclID AclGroupType = "user-role"
DeviceAclID AclGroupType = "tag"
NetmakerIPAclID AclGroupType = "ip"
NetmakerSubNetRangeAClID AclGroupType = "ipset"

98
pro/logic/user_mgmt.go
View file

@ -1100,55 +1100,55 @@ func CreateDefaultUserPolicies(netID models.NetworkID) {
if netID.String() == "" {
return
}
if !logic.IsAclExists(models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkAdmin))) {
defaultUserAcl := models.Acl{
ID: models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkAdmin)),
Name: models.NetworkAdmin.String(),
Default: true,
NetworkID: netID,
RuleType: models.UserPolicy,
Src: []models.AclPolicyTag{
{
ID: models.UserRoleAclID,
Value: fmt.Sprintf("%s-%s", netID, models.NetworkAdmin),
}},
Dst: []models.AclPolicyTag{
{
ID: models.DeviceAclID,
Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName),
},
},
AllowedDirection: models.TrafficDirectionUni,
Enabled: true,
CreatedBy: "auto",
CreatedAt: time.Now().UTC(),
}
logic.InsertAcl(defaultUserAcl)
}
if !logic.IsAclExists(models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkUser))) {
defaultUserAcl := models.Acl{
ID: models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkUser)),
Name: models.NetworkUser.String(),
Default: true,
NetworkID: netID,
RuleType: models.UserPolicy,
Src: []models.AclPolicyTag{
{
ID: models.UserRoleAclID,
Value: fmt.Sprintf("%s-%s", netID, models.NetworkUser),
}},
Dst: []models.AclPolicyTag{
{
ID: models.DeviceAclID,
Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName),
}},
AllowedDirection: models.TrafficDirectionUni,
Enabled: true,
CreatedBy: "auto",
CreatedAt: time.Now().UTC(),
}
logic.InsertAcl(defaultUserAcl)
}
// if !logic.IsAclExists(models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkAdmin))) {
// defaultUserAcl := models.Acl{
// ID: models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkAdmin)),
// Name: models.NetworkAdmin.String(),
// Default: true,
// NetworkID: netID,
// RuleType: models.UserPolicy,
// Src: []models.AclPolicyTag{
// {
// ID: models.UserRoleAclID,
// Value: fmt.Sprintf("%s-%s", netID, models.NetworkAdmin),
// }},
// Dst: []models.AclPolicyTag{
// {
// ID: models.DeviceAclID,
// Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName),
// },
// },
// AllowedDirection: models.TrafficDirectionUni,
// Enabled: true,
// CreatedBy: "auto",
// CreatedAt: time.Now().UTC(),
// }
// logic.InsertAcl(defaultUserAcl)
// }
// if !logic.IsAclExists(models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkUser))) {
// defaultUserAcl := models.Acl{
// ID: models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkUser)),
// Name: models.NetworkUser.String(),
// Default: true,
// NetworkID: netID,
// RuleType: models.UserPolicy,
// Src: []models.AclPolicyTag{
// {
// ID: models.UserRoleAclID,
// Value: fmt.Sprintf("%s-%s", netID, models.NetworkUser),
// }},
// Dst: []models.AclPolicyTag{
// {
// ID: models.DeviceAclID,
// Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName),
// }},
// AllowedDirection: models.TrafficDirectionUni,
// Enabled: true,
// CreatedBy: "auto",
// CreatedAt: time.Now().UTC(),
// }
// logic.InsertAcl(defaultUserAcl)
// }
if !logic.IsAclExists(models.AclID(fmt.Sprintf("%s.%s-grp", netID, models.NetworkAdmin))) {
defaultUserAcl := models.Acl{