mirror of
https://github.com/gravitl/netmaker.git
synced 2025-09-07 13:44:17 +08:00
remove user role from acl policy types
This commit is contained in:
parent
5e62e7e749
commit
f7b78ccad6
4 changed files with 65 additions and 64 deletions
|
@ -44,7 +44,7 @@ func aclPolicyTypes(w http.ResponseWriter, r *http.Request) {
|
|||
},
|
||||
SrcGroupTypes: []models.AclGroupType{
|
||||
models.UserAclID,
|
||||
models.UserRoleAclID,
|
||||
//models.UserRoleAclID,
|
||||
models.UserGroupAclID,
|
||||
models.DeviceAclID,
|
||||
},
|
||||
|
|
|
@ -56,10 +56,10 @@ func CreateDefaultAclNetworkPolicies(netID models.NetworkID) {
|
|||
ID: models.UserGroupAclID,
|
||||
Value: "*",
|
||||
},
|
||||
{
|
||||
ID: models.UserRoleAclID,
|
||||
Value: "*",
|
||||
},
|
||||
// {
|
||||
// ID: models.UserRoleAclID,
|
||||
// Value: "*",
|
||||
// },
|
||||
},
|
||||
Dst: []models.AclPolicyTag{{
|
||||
ID: models.DeviceAclID,
|
||||
|
@ -175,8 +175,9 @@ func IsAclPolicyValid(acl models.Acl) bool {
|
|||
if srcI.Value == "*" {
|
||||
continue
|
||||
}
|
||||
if srcI.ID != models.UserAclID &&
|
||||
srcI.ID != models.UserGroupAclID && srcI.ID != models.UserRoleAclID {
|
||||
if srcI.ID != models.UserAclID {
|
||||
// && srcI.ID != models.UserGroupAclID && srcI.ID != models.UserRoleAclID
|
||||
|
||||
return false
|
||||
}
|
||||
// check if user group is valid
|
||||
|
@ -185,12 +186,12 @@ func IsAclPolicyValid(acl models.Acl) bool {
|
|||
if err != nil {
|
||||
return false
|
||||
}
|
||||
} else if srcI.ID == models.UserRoleAclID {
|
||||
// } else if srcI.ID == models.UserRoleAclID {
|
||||
|
||||
_, err := GetRole(models.UserRoleID(srcI.Value))
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
// _, err := GetRole(models.UserRoleID(srcI.Value))
|
||||
// if err != nil {
|
||||
// return false
|
||||
// }
|
||||
|
||||
} else if srcI.ID == models.UserGroupAclID {
|
||||
err := IsGroupValid(models.UserGroupID(srcI.Value))
|
||||
|
|
|
@ -44,9 +44,9 @@ type AclPolicyTag struct {
|
|||
type AclGroupType string
|
||||
|
||||
const (
|
||||
UserAclID AclGroupType = "user"
|
||||
UserGroupAclID AclGroupType = "user-group"
|
||||
UserRoleAclID AclGroupType = "user-role"
|
||||
UserAclID AclGroupType = "user"
|
||||
UserGroupAclID AclGroupType = "user-group"
|
||||
//UserRoleAclID AclGroupType = "user-role"
|
||||
DeviceAclID AclGroupType = "tag"
|
||||
NetmakerIPAclID AclGroupType = "ip"
|
||||
NetmakerSubNetRangeAClID AclGroupType = "ipset"
|
||||
|
|
|
@ -1100,55 +1100,55 @@ func CreateDefaultUserPolicies(netID models.NetworkID) {
|
|||
if netID.String() == "" {
|
||||
return
|
||||
}
|
||||
if !logic.IsAclExists(models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkAdmin))) {
|
||||
defaultUserAcl := models.Acl{
|
||||
ID: models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkAdmin)),
|
||||
Name: models.NetworkAdmin.String(),
|
||||
Default: true,
|
||||
NetworkID: netID,
|
||||
RuleType: models.UserPolicy,
|
||||
Src: []models.AclPolicyTag{
|
||||
{
|
||||
ID: models.UserRoleAclID,
|
||||
Value: fmt.Sprintf("%s-%s", netID, models.NetworkAdmin),
|
||||
}},
|
||||
Dst: []models.AclPolicyTag{
|
||||
{
|
||||
ID: models.DeviceAclID,
|
||||
Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName),
|
||||
},
|
||||
},
|
||||
AllowedDirection: models.TrafficDirectionUni,
|
||||
Enabled: true,
|
||||
CreatedBy: "auto",
|
||||
CreatedAt: time.Now().UTC(),
|
||||
}
|
||||
logic.InsertAcl(defaultUserAcl)
|
||||
}
|
||||
if !logic.IsAclExists(models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkUser))) {
|
||||
defaultUserAcl := models.Acl{
|
||||
ID: models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkUser)),
|
||||
Name: models.NetworkUser.String(),
|
||||
Default: true,
|
||||
NetworkID: netID,
|
||||
RuleType: models.UserPolicy,
|
||||
Src: []models.AclPolicyTag{
|
||||
{
|
||||
ID: models.UserRoleAclID,
|
||||
Value: fmt.Sprintf("%s-%s", netID, models.NetworkUser),
|
||||
}},
|
||||
Dst: []models.AclPolicyTag{
|
||||
{
|
||||
ID: models.DeviceAclID,
|
||||
Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName),
|
||||
}},
|
||||
AllowedDirection: models.TrafficDirectionUni,
|
||||
Enabled: true,
|
||||
CreatedBy: "auto",
|
||||
CreatedAt: time.Now().UTC(),
|
||||
}
|
||||
logic.InsertAcl(defaultUserAcl)
|
||||
}
|
||||
// if !logic.IsAclExists(models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkAdmin))) {
|
||||
// defaultUserAcl := models.Acl{
|
||||
// ID: models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkAdmin)),
|
||||
// Name: models.NetworkAdmin.String(),
|
||||
// Default: true,
|
||||
// NetworkID: netID,
|
||||
// RuleType: models.UserPolicy,
|
||||
// Src: []models.AclPolicyTag{
|
||||
// {
|
||||
// ID: models.UserRoleAclID,
|
||||
// Value: fmt.Sprintf("%s-%s", netID, models.NetworkAdmin),
|
||||
// }},
|
||||
// Dst: []models.AclPolicyTag{
|
||||
// {
|
||||
// ID: models.DeviceAclID,
|
||||
// Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName),
|
||||
// },
|
||||
// },
|
||||
// AllowedDirection: models.TrafficDirectionUni,
|
||||
// Enabled: true,
|
||||
// CreatedBy: "auto",
|
||||
// CreatedAt: time.Now().UTC(),
|
||||
// }
|
||||
// logic.InsertAcl(defaultUserAcl)
|
||||
// }
|
||||
// if !logic.IsAclExists(models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkUser))) {
|
||||
// defaultUserAcl := models.Acl{
|
||||
// ID: models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkUser)),
|
||||
// Name: models.NetworkUser.String(),
|
||||
// Default: true,
|
||||
// NetworkID: netID,
|
||||
// RuleType: models.UserPolicy,
|
||||
// Src: []models.AclPolicyTag{
|
||||
// {
|
||||
// ID: models.UserRoleAclID,
|
||||
// Value: fmt.Sprintf("%s-%s", netID, models.NetworkUser),
|
||||
// }},
|
||||
// Dst: []models.AclPolicyTag{
|
||||
// {
|
||||
// ID: models.DeviceAclID,
|
||||
// Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName),
|
||||
// }},
|
||||
// AllowedDirection: models.TrafficDirectionUni,
|
||||
// Enabled: true,
|
||||
// CreatedBy: "auto",
|
||||
// CreatedAt: time.Now().UTC(),
|
||||
// }
|
||||
// logic.InsertAcl(defaultUserAcl)
|
||||
// }
|
||||
|
||||
if !logic.IsAclExists(models.AclID(fmt.Sprintf("%s.%s-grp", netID, models.NetworkAdmin))) {
|
||||
defaultUserAcl := models.Acl{
|
||||
|
|
Loading…
Add table
Reference in a new issue