define models for new user mgmt and groups

controllers/user.go

@@ -37,6 +37,32 @@ func userHandlers(r *mux.Router) {
 	r.HandleFunc("/api/users_pending/user/{username}", logic.SecurityCheck(true, http.HandlerFunc(deletePendingUser))).Methods(http.MethodDelete)
 	r.HandleFunc("/api/users_pending/user/{username}", logic.SecurityCheck(true, http.HandlerFunc(approvePendingUser))).Methods(http.MethodPost)
 
+	// User Mgmt handlers
+	r.HandleFunc("/api/v1/users/roles", logic.SecurityCheck(true, http.HandlerFunc(getUserRoles))).Methods(http.MethodGet)
+
+}
+
+// swagger:route GET /api/v1/users/roles user getUserRoles
+//
+// Get user role permission templates.
+//
+//			Schemes: https
+//
+//			Security:
+//	  		oauth
+//
+//			Responses:
+//				200: userBodyResponse
+func getUserRoles(w http.ResponseWriter, r *http.Request) {
+	roles, err := logic.ListRoles()
+	if err != nil {
+		logic.ReturnErrorResponse(w, r, models.ErrorResponse{
+			Code:    http.StatusInternalServerError,
+			Message: err.Error(),
+		})
+		return
+	}
+	logic.ReturnSuccessResponseWithJson(w, r, roles, "successfully fetched user roles permission templates")
 }
 
 // swagger:route POST /api/users/adm/authenticate authenticate authenticateUser

logic/user_mgmt.go

@@ -8,14 +8,14 @@ import (
 )
 
 // Pre-Define Permission Templates for default Roles
-var SuperAdminPermissionTemplate = models.UserPermissionTemplate{
+var SuperAdminPermissionTemplate = models.UserRolePermissionTemplate{
 	ID:      models.SuperAdminRole,
 	Default: true,
 	DashBoardAcls: models.DashboardAccessControls{
 		FullAccess: true,
 	},
 }
-var AdminPermissionTemplate = models.UserPermissionTemplate{
+var AdminPermissionTemplate = models.UserRolePermissionTemplate{
 	ID:      models.AdminRole,
 	Default: true,
 	DashBoardAcls: models.DashboardAccessControls{
@@ -23,7 +23,7 @@ var AdminPermissionTemplate = models.UserPermissionTemplate{
 	},
 }
 
-var NetworkAdminPermissionTemplate = models.UserPermissionTemplate{
+var NetworkAdminPermissionTemplate = models.UserRolePermissionTemplate{
 	ID:      models.NetworkAdmin,
 	Default: true,
 	DashBoardAcls: models.DashboardAccessControls{
@@ -31,7 +31,7 @@ var NetworkAdminPermissionTemplate = models.UserPermissionTemplate{
 	},
 }
 
-var NetworkUserPermissionTemplate = models.UserPermissionTemplate{
+var NetworkUserPermissionTemplate = models.UserRolePermissionTemplate{
 	ID:      models.NetworkUser,
 	Default: true,
 	DashBoardAcls: models.DashboardAccessControls{
@@ -50,3 +50,21 @@ func init() {
 	d, _ = json.Marshal(NetworkUserPermissionTemplate)
 	database.Insert(NetworkUserPermissionTemplate.ID.String(), string(d), database.USER_PERMISSIONS_TABLE_NAME)
 }
+
+// ListRoles - lists user roles permission templates
+func ListRoles() ([]models.UserRolePermissionTemplate, error) {
+	data, err := database.FetchRecords(database.USER_PERMISSIONS_TABLE_NAME)
+	if err != nil {
+		return []models.UserRolePermissionTemplate{}, err
+	}
+	userRoles := []models.UserRolePermissionTemplate{}
+	for _, dataI := range data {
+		userRole := models.UserRolePermissionTemplate{}
+		err := json.Unmarshal([]byte(dataI), &userRole)
+		if err != nil {
+			continue
+		}
+		userRoles = append(userRoles, userRole)
+	}
+	return userRoles, nil
+}

models/structs.go

@@ -23,39 +23,6 @@ type AuthParams struct {
 	Password   string `json:"password"`
 }
 
-// User struct - struct for Users
-type User struct {
-	UserName      string              `json:"username" bson:"username" validate:"min=3,max=40,in_charset|email"`
-	Password      string              `json:"password" bson:"password" validate:"required,min=5"`
-	IsAdmin       bool                `json:"isadmin" bson:"isadmin"`
-	IsSuperAdmin  bool                `json:"issuperadmin"`
-	RemoteGwIDs   map[string]struct{} `json:"remote_gw_ids"`
-	LastLoginTime time.Time           `json:"last_login_time"`
-}
-
-// ReturnUser - return user struct
-type ReturnUser struct {
-	UserName      string              `json:"username"`
-	IsAdmin       bool                `json:"isadmin"`
-	IsSuperAdmin  bool                `json:"issuperadmin"`
-	RemoteGwIDs   map[string]struct{} `json:"remote_gw_ids"`
-	LastLoginTime time.Time           `json:"last_login_time"`
-}
-
-// UserAuthParams - user auth params struct
-type UserAuthParams struct {
-	UserName string `json:"username"`
-	Password string `json:"password"`
-}
-
-// UserClaims - user claims struct
-type UserClaims struct {
-	IsAdmin      bool
-	IsSuperAdmin bool
-	UserName     string
-	jwt.RegisteredClaims
-}
-
 // IngressGwUsers - struct to hold users on a ingress gw
 type IngressGwUsers struct {
 	NodeID  string       `json:"node_id"`

models/user_groups.go

@@ -0,0 +1,7 @@
+package models
+
+type UserGroup struct {
+	ID                 string                     `json:"id"`
+	PermissionTemplate UserRolePermissionTemplate `json:"role_permission_template"`
+	MetaData           string                     `json:"meta_data"`
+}

models/user_mgmt.go

@@ -1,15 +1,23 @@
 package models
 
+import (
+	"time"
+
+	jwt "github.com/golang-jwt/jwt/v4"
+)
+
 type NetworkID string
 type RsrcID string
 type UserRole string
 
 const (
-	HostRsrc           RsrcID = "host"
-	RelayRsrc          RsrcID = "relay"
-	RemoteAccessGwRsrc RsrcID = "remote_access_gw"
-	InetGwRsrc         RsrcID = "inet_gw"
-	EgressGwRsrc       RsrcID = "egress"
+	HostRsrcID           RsrcID = "all_host"
+	RelayRsrcID          RsrcID = "all_relay"
+	RemoteAccessGwRsrcID RsrcID = "all_remote_access_gw"
+	InetGwRsrcID         RsrcID = "all_inet_gw"
+	EgressGwRsrcID       RsrcID = "all_egress"
+	NetworkRsrcID        RsrcID = "all_network"
+	EnrollmentKeysRsrcID RsrcID = "all_enrollment_key"
 )
 
 // Pre-Defined User Roles
@@ -25,7 +33,7 @@ func (r UserRole) String() string {
 	return string(r)
 }
 
-type NetworkRsrcPermissions struct {
+type RsrcPermissions struct {
 	Create bool `json:"create"`
 	Read   bool `json:"read"`
 	Update bool `json:"update"`
@@ -33,19 +41,55 @@ type NetworkRsrcPermissions struct {
 }
 
 type NetworkAccessControls struct {
-	NetworkID                  string                            `json:"network_id"`
-	FullAccess                 bool                              `json:"full_access"`
-	NetworkRsrcPermissionsList map[RsrcID]NetworkRsrcPermissions `json:"network_permissions_list"`
+	NetworkID                  string                     `json:"network_id"`
+	FullAccess                 bool                       `json:"full_access"`
+	NetworkRsrcPermissionsList map[RsrcID]RsrcPermissions `json:"network_permissions_list"`
 }
 
 type DashboardAccessControls struct {
 	FullAccess          bool                                `json:"full_access"`
 	DenyDashboardAccess bool                                `json:"deny_dashboard_access"`
 	NetworkLevelAccess  map[NetworkID]NetworkAccessControls `json:"network_access_controls"`
+	GlobalLevelAccess   map[RsrcID]RsrcPermissions          `json:"global_level_access"`
 }
 
-type UserPermissionTemplate struct {
+type UserRolePermissionTemplate struct {
 	ID            UserRole                `json:"id"`
 	Default       bool                    `json:"default"`
 	DashBoardAcls DashboardAccessControls `json:"dashboard_access_controls"`
 }
+
+// User struct - struct for Users
+type User struct {
+	UserName           string                     `json:"username" bson:"username" validate:"min=3,max=40,in_charset|email"`
+	Password           string                     `json:"password" bson:"password" validate:"required,min=5"`
+	IsAdmin            bool                       `json:"isadmin" bson:"isadmin"`
+	IsSuperAdmin       bool                       `json:"issuperadmin"`
+	RemoteGwIDs        map[string]struct{}        `json:"remote_gw_ids"`
+	GroupID            string                     `json:"group_id"`
+	PermissionTemplate UserRolePermissionTemplate `json:"role_permission_template"`
+	LastLoginTime      time.Time                  `json:"last_login_time"`
+}
+
+// ReturnUser - return user struct
+type ReturnUser struct {
+	UserName      string              `json:"username"`
+	IsAdmin       bool                `json:"isadmin"`
+	IsSuperAdmin  bool                `json:"issuperadmin"`
+	RemoteGwIDs   map[string]struct{} `json:"remote_gw_ids"`
+	LastLoginTime time.Time           `json:"last_login_time"`
+}
+
+// UserAuthParams - user auth params struct
+type UserAuthParams struct {
+	UserName string `json:"username"`
+	Password string `json:"password"`
+}
+
+// UserClaims - user claims struct
+type UserClaims struct {
+	IsAdmin      bool
+	IsSuperAdmin bool
+	UserName     string
+	jwt.RegisteredClaims
+}