From f7b78ccad66fa9c40b14dca577a7d006c41b2cf8 Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Mon, 28 Oct 2024 11:39:16 +0400 Subject: [PATCH] remove user role from acl policy types --- controllers/acls.go | 2 +- logic/acls.go | 23 +++++----- models/acl.go | 6 +-- pro/logic/user_mgmt.go | 98 +++++++++++++++++++++--------------------- 4 files changed, 65 insertions(+), 64 deletions(-) diff --git a/controllers/acls.go b/controllers/acls.go index 4fdd0517..02bdbe5d 100644 --- a/controllers/acls.go +++ b/controllers/acls.go @@ -44,7 +44,7 @@ func aclPolicyTypes(w http.ResponseWriter, r *http.Request) { }, SrcGroupTypes: []models.AclGroupType{ models.UserAclID, - models.UserRoleAclID, + //models.UserRoleAclID, models.UserGroupAclID, models.DeviceAclID, }, diff --git a/logic/acls.go b/logic/acls.go index cb558771..d2d65784 100644 --- a/logic/acls.go +++ b/logic/acls.go @@ -56,10 +56,10 @@ func CreateDefaultAclNetworkPolicies(netID models.NetworkID) { ID: models.UserGroupAclID, Value: "*", }, - { - ID: models.UserRoleAclID, - Value: "*", - }, + // { + // ID: models.UserRoleAclID, + // Value: "*", + // }, }, Dst: []models.AclPolicyTag{{ ID: models.DeviceAclID, @@ -175,8 +175,9 @@ func IsAclPolicyValid(acl models.Acl) bool { if srcI.Value == "*" { continue } - if srcI.ID != models.UserAclID && - srcI.ID != models.UserGroupAclID && srcI.ID != models.UserRoleAclID { + if srcI.ID != models.UserAclID { + // && srcI.ID != models.UserGroupAclID && srcI.ID != models.UserRoleAclID + return false } // check if user group is valid @@ -185,12 +186,12 @@ func IsAclPolicyValid(acl models.Acl) bool { if err != nil { return false } - } else if srcI.ID == models.UserRoleAclID { + // } else if srcI.ID == models.UserRoleAclID { - _, err := GetRole(models.UserRoleID(srcI.Value)) - if err != nil { - return false - } + // _, err := GetRole(models.UserRoleID(srcI.Value)) + // if err != nil { + // return false + // } } else if srcI.ID == models.UserGroupAclID { err := IsGroupValid(models.UserGroupID(srcI.Value)) diff --git a/models/acl.go b/models/acl.go index 1200536b..83007d5e 100644 --- a/models/acl.go +++ b/models/acl.go @@ -44,9 +44,9 @@ type AclPolicyTag struct { type AclGroupType string const ( - UserAclID AclGroupType = "user" - UserGroupAclID AclGroupType = "user-group" - UserRoleAclID AclGroupType = "user-role" + UserAclID AclGroupType = "user" + UserGroupAclID AclGroupType = "user-group" + //UserRoleAclID AclGroupType = "user-role" DeviceAclID AclGroupType = "tag" NetmakerIPAclID AclGroupType = "ip" NetmakerSubNetRangeAClID AclGroupType = "ipset" diff --git a/pro/logic/user_mgmt.go b/pro/logic/user_mgmt.go index f5e07c01..7673673b 100644 --- a/pro/logic/user_mgmt.go +++ b/pro/logic/user_mgmt.go @@ -1100,55 +1100,55 @@ func CreateDefaultUserPolicies(netID models.NetworkID) { if netID.String() == "" { return } - if !logic.IsAclExists(models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkAdmin))) { - defaultUserAcl := models.Acl{ - ID: models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkAdmin)), - Name: models.NetworkAdmin.String(), - Default: true, - NetworkID: netID, - RuleType: models.UserPolicy, - Src: []models.AclPolicyTag{ - { - ID: models.UserRoleAclID, - Value: fmt.Sprintf("%s-%s", netID, models.NetworkAdmin), - }}, - Dst: []models.AclPolicyTag{ - { - ID: models.DeviceAclID, - Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName), - }, - }, - AllowedDirection: models.TrafficDirectionUni, - Enabled: true, - CreatedBy: "auto", - CreatedAt: time.Now().UTC(), - } - logic.InsertAcl(defaultUserAcl) - } - if !logic.IsAclExists(models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkUser))) { - defaultUserAcl := models.Acl{ - ID: models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkUser)), - Name: models.NetworkUser.String(), - Default: true, - NetworkID: netID, - RuleType: models.UserPolicy, - Src: []models.AclPolicyTag{ - { - ID: models.UserRoleAclID, - Value: fmt.Sprintf("%s-%s", netID, models.NetworkUser), - }}, - Dst: []models.AclPolicyTag{ - { - ID: models.DeviceAclID, - Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName), - }}, - AllowedDirection: models.TrafficDirectionUni, - Enabled: true, - CreatedBy: "auto", - CreatedAt: time.Now().UTC(), - } - logic.InsertAcl(defaultUserAcl) - } + // if !logic.IsAclExists(models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkAdmin))) { + // defaultUserAcl := models.Acl{ + // ID: models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkAdmin)), + // Name: models.NetworkAdmin.String(), + // Default: true, + // NetworkID: netID, + // RuleType: models.UserPolicy, + // Src: []models.AclPolicyTag{ + // { + // ID: models.UserRoleAclID, + // Value: fmt.Sprintf("%s-%s", netID, models.NetworkAdmin), + // }}, + // Dst: []models.AclPolicyTag{ + // { + // ID: models.DeviceAclID, + // Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName), + // }, + // }, + // AllowedDirection: models.TrafficDirectionUni, + // Enabled: true, + // CreatedBy: "auto", + // CreatedAt: time.Now().UTC(), + // } + // logic.InsertAcl(defaultUserAcl) + // } + // if !logic.IsAclExists(models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkUser))) { + // defaultUserAcl := models.Acl{ + // ID: models.AclID(fmt.Sprintf("%s.%s", netID, models.NetworkUser)), + // Name: models.NetworkUser.String(), + // Default: true, + // NetworkID: netID, + // RuleType: models.UserPolicy, + // Src: []models.AclPolicyTag{ + // { + // ID: models.UserRoleAclID, + // Value: fmt.Sprintf("%s-%s", netID, models.NetworkUser), + // }}, + // Dst: []models.AclPolicyTag{ + // { + // ID: models.DeviceAclID, + // Value: fmt.Sprintf("%s.%s", netID, models.RemoteAccessTagName), + // }}, + // AllowedDirection: models.TrafficDirectionUni, + // Enabled: true, + // CreatedBy: "auto", + // CreatedAt: time.Now().UTC(), + // } + // logic.InsertAcl(defaultUserAcl) + // } if !logic.IsAclExists(models.AclID(fmt.Sprintf("%s.%s-grp", netID, models.NetworkAdmin))) { defaultUserAcl := models.Acl{