remove user role from acl policy types

controllers/acls.go

@@ -44,7 +44,7 @@ func aclPolicyTypes(w http.ResponseWriter, r *http.Request) {
 		},
 		SrcGroupTypes: []models.AclGroupType{
 			models.UserAclID,
-			models.UserRoleAclID,
+			//models.UserRoleAclID,
 			models.UserGroupAclID,
 			models.DeviceAclID,
 		},

logic/acls.go

@@ -56,10 +56,10 @@ func CreateDefaultAclNetworkPolicies(netID models.NetworkID) {
 					ID:    models.UserGroupAclID,
 					Value: "*",
 				},
-				{
-					ID:    models.UserRoleAclID,
-					Value: "*",
-				},
+				// {
+				// 	ID:    models.UserRoleAclID,
+				// 	Value: "*",
+				// },
 			},
 			Dst: []models.AclPolicyTag{{
 				ID:    models.DeviceAclID,
@@ -175,8 +175,9 @@ func IsAclPolicyValid(acl models.Acl) bool {
 			if srcI.Value == "*" {
 				continue
 			}
-			if srcI.ID != models.UserAclID &&
-				srcI.ID != models.UserGroupAclID && srcI.ID != models.UserRoleAclID {
+			if srcI.ID != models.UserAclID {
+				// &&	srcI.ID != models.UserGroupAclID && srcI.ID != models.UserRoleAclID
+
 				return false
 			}
 			// check if user group is valid
@@ -185,12 +186,12 @@ func IsAclPolicyValid(acl models.Acl) bool {
 				if err != nil {
 					return false
 				}
-			} else if srcI.ID == models.UserRoleAclID {
+				// } else if srcI.ID == models.UserRoleAclID {
 
-				_, err := GetRole(models.UserRoleID(srcI.Value))
-				if err != nil {
-					return false
-				}
+				// 	_, err := GetRole(models.UserRoleID(srcI.Value))
+				// 	if err != nil {
+				// 		return false
+				// 	}
 
 			} else if srcI.ID == models.UserGroupAclID {
 				err := IsGroupValid(models.UserGroupID(srcI.Value))

models/acl.go

@@ -44,9 +44,9 @@ type AclPolicyTag struct {
 type AclGroupType string
 
 const (
-	UserAclID                AclGroupType = "user"
-	UserGroupAclID           AclGroupType = "user-group"
-	UserRoleAclID            AclGroupType = "user-role"
+	UserAclID      AclGroupType = "user"
+	UserGroupAclID AclGroupType = "user-group"
+	//UserRoleAclID            AclGroupType = "user-role"
 	DeviceAclID              AclGroupType = "tag"
 	NetmakerIPAclID          AclGroupType = "ip"
 	NetmakerSubNetRangeAClID AclGroupType = "ipset"

pro/logic/user_mgmt.go

@@ -1100,55 +1100,55 @@ func CreateDefaultUserPolicies(netID models.NetworkID) {
 	if netID.String() == "" {
 		return
 	}
-	if !logic.IsAclExists(models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkAdmin))) {
-		defaultUserAcl := models.Acl{
-			ID:        models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkAdmin)),
-			Name:      models.NetworkAdmin.String(),
-			Default:   true,
-			NetworkID: netID,
-			RuleType:  models.UserPolicy,
-			Src: []models.AclPolicyTag{
-				{
-					ID:    models.UserRoleAclID,
-					Value: fmt.Sprintf("%s-%s", netID, models.NetworkAdmin),
-				}},
-			Dst: []models.AclPolicyTag{
-				{
-					ID:    models.DeviceAclID,
-					Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName),
-				},
-			},
-			AllowedDirection: models.TrafficDirectionUni,
-			Enabled:          true,
-			CreatedBy:        "auto",
-			CreatedAt:        time.Now().UTC(),
-		}
-		logic.InsertAcl(defaultUserAcl)
-	}
-	if !logic.IsAclExists(models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkUser))) {
-		defaultUserAcl := models.Acl{
-			ID:        models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkUser)),
-			Name:      models.NetworkUser.String(),
-			Default:   true,
-			NetworkID: netID,
-			RuleType:  models.UserPolicy,
-			Src: []models.AclPolicyTag{
-				{
-					ID:    models.UserRoleAclID,
-					Value: fmt.Sprintf("%s-%s", netID, models.NetworkUser),
-				}},
-			Dst: []models.AclPolicyTag{
-				{
-					ID:    models.DeviceAclID,
-					Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName),
-				}},
-			AllowedDirection: models.TrafficDirectionUni,
-			Enabled:          true,
-			CreatedBy:        "auto",
-			CreatedAt:        time.Now().UTC(),
-		}
-		logic.InsertAcl(defaultUserAcl)
-	}
+	// if !logic.IsAclExists(models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkAdmin))) {
+	// 	defaultUserAcl := models.Acl{
+	// 		ID:        models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkAdmin)),
+	// 		Name:      models.NetworkAdmin.String(),
+	// 		Default:   true,
+	// 		NetworkID: netID,
+	// 		RuleType:  models.UserPolicy,
+	// 		Src: []models.AclPolicyTag{
+	// 			{
+	// 				ID:    models.UserRoleAclID,
+	// 				Value: fmt.Sprintf("%s-%s", netID, models.NetworkAdmin),
+	// 			}},
+	// 		Dst: []models.AclPolicyTag{
+	// 			{
+	// 				ID:    models.DeviceAclID,
+	// 				Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName),
+	// 			},
+	// 		},
+	// 		AllowedDirection: models.TrafficDirectionUni,
+	// 		Enabled:          true,
+	// 		CreatedBy:        "auto",
+	// 		CreatedAt:        time.Now().UTC(),
+	// 	}
+	// 	logic.InsertAcl(defaultUserAcl)
+	// }
+	// if !logic.IsAclExists(models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkUser))) {
+	// 	defaultUserAcl := models.Acl{
+	// 		ID:        models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkUser)),
+	// 		Name:      models.NetworkUser.String(),
+	// 		Default:   true,
+	// 		NetworkID: netID,
+	// 		RuleType:  models.UserPolicy,
+	// 		Src: []models.AclPolicyTag{
+	// 			{
+	// 				ID:    models.UserRoleAclID,
+	// 				Value: fmt.Sprintf("%s-%s", netID, models.NetworkUser),
+	// 			}},
+	// 		Dst: []models.AclPolicyTag{
+	// 			{
+	// 				ID:    models.DeviceAclID,
+	// 				Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName),
+	// 			}},
+	// 		AllowedDirection: models.TrafficDirectionUni,
+	// 		Enabled:          true,
+	// 		CreatedBy:        "auto",
+	// 		CreatedAt:        time.Now().UTC(),
+	// 	}
+	// 	logic.InsertAcl(defaultUserAcl)
+	// }
 
 	if !logic.IsAclExists(models.AclID(fmt.Sprintf("%s.%s-grp", netID, models.NetworkAdmin))) {
 		defaultUserAcl := models.Acl{