From fdfbde118e95743fb8d4b76fa754d95d3c97cefb Mon Sep 17 00:00:00 2001
From: afeiszli <alex.feiszli@gmail.com>
Date: Sun, 13 Mar 2022 21:35:22 -0400
Subject: [PATCH] putting acl check before server pull

---
 main.go                | 11 +++++------
 serverctl/serverctl.go | 24 +++++++-----------------
 2 files changed, 12 insertions(+), 23 deletions(-)

diff --git a/main.go b/main.go
index 9253290f..a28474be 100644
--- a/main.go
+++ b/main.go
@@ -66,6 +66,11 @@ func initialize() { // Client Mode Prereq Check
 		logger.Log(0, "no OAuth provider found or not configured, continuing without OAuth")
 	}
 
+	err = serverctl.SetDefaultACLS()
+	if err != nil {
+		logger.FatalLog("error setting default acls: ", err.Error())
+	}
+
 	if servercfg.IsClientMode() != "off" {
 		output, err := ncutils.RunCmd("id -u", true)
 		if err != nil {
@@ -85,12 +90,6 @@ func initialize() { // Client Mode Prereq Check
 			logger.FatalLog("could not inintialize comms network")
 		}
 	}
-
-	err = serverctl.SetDefaultACLS()
-	if err != nil {
-		logger.FatalLog("error setting default acls: ", err.Error())
-	}
-
 	// initialize iptables to ensure gateways work correctly and mq is forwarded if containerized
 	if servercfg.ManageIPTables() != "off" {
 		if err = serverctl.InitIPTables(); err != nil {
diff --git a/serverctl/serverctl.go b/serverctl/serverctl.go
index 46ec7a45..f7a81667 100644
--- a/serverctl/serverctl.go
+++ b/serverctl/serverctl.go
@@ -150,27 +150,17 @@ func SyncServerNetwork(network string) error {
 // SetDefaultACLS - runs through each network to see if ACL's are set. If not, goes through each node in network and adds the default ACL
 func SetDefaultACLS() error {
 	// upgraded systems will not have ACL's set, which is why we need this function
-	var err error
-	networks, err := logic.GetNetworks()
+	nodes, err := logic.GetAllNodes()
 	if err != nil {
 		return err
 	}
-	for i, _ := range networks {
-		_, err := nodeacls.FetchAllACLs(nodeacls.NetworkID(networks[i].NetID))
-		if err != nil {
-			if database.IsEmptyRecord(err) {
-				nodes, err := logic.GetNetworkNodes(networks[i].NetID)
-				if err != nil {
-					return err
-				}
-				for j, _ := range nodes {
-					_, err = nodeacls.CreateNodeACL(nodeacls.NetworkID(networks[i].NetID), nodeacls.NodeID(nodes[j].ID), acls.Allowed)
-					if err != nil {
-						return err
-					}
-				}
+	for i := range nodes {
+		currentNodeACL, err := nodeacls.FetchNodeACL(nodeacls.NetworkID(nodes[i].Network), nodeacls.NodeID(nodes[i].ID))
+		if (err != nil && (database.IsEmptyRecord(err) || strings.Contains(err.Error(), "no node ACL present"))) || currentNodeACL == nil {
+			if _, err = nodeacls.CreateNodeACL(nodeacls.NetworkID(nodes[i].Network), nodeacls.NodeID(nodes[i].ID), acls.Allowed); err != nil {
+				logger.Log(1, "could not create a default ACL for node", nodes[i].ID)
 			}
 		}
 	}
-	return err
+	return nil
 }