mirror of
https://github.com/gravitl/netmaker.git
synced 2024-09-21 15:56:07 +08:00
54 lines
1.7 KiB
Go
54 lines
1.7 KiB
Go
package logic
|
|
|
|
import "github.com/gravitl/netmaker/models"
|
|
|
|
// functions defined here, handle client ACLs, should be set on ee
|
|
|
|
var (
|
|
// DenyClientNodeAccess - function to handle adding a node to an ext client's denied node set
|
|
DenyClientNodeAccess = func(ec *models.ExtClient, clientOrNodeID string) bool { return true }
|
|
// IsClientNodeAllowed - function to check if an ext client's denied node set contains a node ID
|
|
IsClientNodeAllowed = func(ec *models.ExtClient, clientOrNodeID string) bool { return true }
|
|
// AllowClientNodeAccess - function to handle removing a node ID from ext client's denied nodes, thus allowing it
|
|
AllowClientNodeAccess = func(ec *models.ExtClient, clientOrNodeID string) bool { return true }
|
|
)
|
|
|
|
// SetClientDefaultACLs - set's a client's default ACLs based on network and nodes in network
|
|
func SetClientDefaultACLs(ec *models.ExtClient) error {
|
|
if !isEE {
|
|
return nil
|
|
}
|
|
networkNodes, err := GetNetworkNodes(ec.Network)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
network, err := GetNetwork(ec.Network)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
for i := range networkNodes {
|
|
currNode := networkNodes[i]
|
|
if network.DefaultACL == "no" || currNode.DefaultACL == "no" {
|
|
DenyClientNodeAccess(ec, currNode.ID.String())
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SetClientACLs - overwrites an ext client's ACL
|
|
func SetClientACLs(ec *models.ExtClient, newACLs map[string]struct{}) {
|
|
if ec == nil || newACLs == nil || !isEE {
|
|
return
|
|
}
|
|
ec.ACLs = newACLs
|
|
}
|
|
|
|
// IsClientNodeAllowedByID - checks if a given ext client ID + nodeID are allowed
|
|
func IsClientNodeAllowedByID(clientID, networkName, clientOrNodeID string) bool {
|
|
client, err := GetExtClient(clientID, networkName)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
return IsClientNodeAllowed(&client, clientOrNodeID)
|
|
}
|