mirror of
https://github.com/gravitl/netmaker.git
synced 2025-09-13 16:44:52 +08:00
0c70c4daba
* enforce unique names for ext client names * only check for unique id on creation * check for unique id if changed
87 lines
2.5 KiB
Go
87 lines
2.5 KiB
Go
package logic
|
|
|
|
import (
|
|
"errors"
|
|
"sort"
|
|
|
|
"github.com/gravitl/netmaker/models"
|
|
)
|
|
|
|
// functions defined here, handle client ACLs, should be set on ee
|
|
|
|
var (
|
|
// DenyClientNodeAccess - function to handle adding a node to an ext client's denied node set
|
|
DenyClientNodeAccess = func(ec *models.ExtClient, clientOrNodeID string) bool {
|
|
return true
|
|
}
|
|
// IsClientNodeAllowed - function to check if an ext client's denied node set contains a node ID
|
|
IsClientNodeAllowed = func(ec *models.ExtClient, clientOrNodeID string) bool {
|
|
return true
|
|
}
|
|
// AllowClientNodeAccess - function to handle removing a node ID from ext client's denied nodes, thus allowing it
|
|
AllowClientNodeAccess = func(ec *models.ExtClient, clientOrNodeID string) bool {
|
|
return true
|
|
}
|
|
)
|
|
|
|
// SetClientDefaultACLs - set's a client's default ACLs based on network and nodes in network
|
|
func SetClientDefaultACLs(ec *models.ExtClient) error {
|
|
if !isEE {
|
|
return nil
|
|
}
|
|
networkNodes, err := GetNetworkNodes(ec.Network)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
network, err := GetNetwork(ec.Network)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
for i := range networkNodes {
|
|
currNode := networkNodes[i]
|
|
if network.DefaultACL == "no" || currNode.DefaultACL == "no" {
|
|
DenyClientNodeAccess(ec, currNode.ID.String())
|
|
} else {
|
|
AllowClientNodeAccess(ec, currNode.ID.String())
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SetClientACLs - overwrites an ext client's ACL
|
|
func SetClientACLs(ec *models.ExtClient, newACLs map[string]struct{}) {
|
|
if ec == nil || newACLs == nil || !isEE {
|
|
return
|
|
}
|
|
ec.DeniedACLs = newACLs
|
|
}
|
|
|
|
// IsClientNodeAllowedByID - checks if a given ext client ID + nodeID are allowed
|
|
func IsClientNodeAllowedByID(clientID, networkName, clientOrNodeID string) bool {
|
|
client, err := GetExtClient(clientID, networkName)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
return IsClientNodeAllowed(&client, clientOrNodeID)
|
|
}
|
|
|
|
// SortExtClient - Sorts slice of ExtClients by their ClientID alphabetically with numbers first
|
|
func SortExtClient(unsortedExtClient []models.ExtClient) {
|
|
sort.Slice(unsortedExtClient, func(i, j int) bool {
|
|
return unsortedExtClient[i].ClientID < unsortedExtClient[j].ClientID
|
|
})
|
|
}
|
|
|
|
// GetExtClientByName - gets an ext client by name
|
|
func GetExtClientByName(ID string) (models.ExtClient, error) {
|
|
clients, err := GetAllExtClients()
|
|
if err != nil {
|
|
return models.ExtClient{}, err
|
|
}
|
|
for i := range clients {
|
|
if clients[i].ClientID == ID {
|
|
return clients[i], nil
|
|
}
|
|
}
|
|
return models.ExtClient{}, errors.New("client not found")
|
|
}
|