move user mgmt func to pro

controllers/network.go

@@ -60,41 +60,7 @@ func getNetworks(w http.ResponseWriter, r *http.Request) {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
 		return
 	}
-	platformRole, err := logic.GetRole(user.PlatformRoleID)
-	if err != nil {
-		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
-		return
-	}
-	if !platformRole.FullAccess {
-		allNetworkRoles := make(map[models.NetworkID]struct{})
-		if len(user.NetworkRoles) > 0 {
-			for netID := range user.NetworkRoles {
-				allNetworkRoles[netID] = struct{}{}
-
-			}
-		}
-		if len(user.UserGroups) > 0 {
-			for userGID := range user.UserGroups {
-				userG, err := logic.GetUserGroup(userGID)
-				if err == nil {
-					if len(userG.NetworkRoles) > 0 {
-						for netID := range userG.NetworkRoles {
-							allNetworkRoles[netID] = struct{}{}
-
-						}
-					}
-				}
-			}
-		}
-		filteredNetworks := []models.Network{}
-		for _, networkI := range allnetworks {
-			if _, ok := allNetworkRoles[models.NetworkID(networkI.NetID)]; ok {
-				filteredNetworks = append(filteredNetworks, networkI)
-			}
-		}
-		allnetworks = filteredNetworks
-	}
-
+	allnetworks = logic.FilterNetworksByRole(allnetworks, *user)
 	logger.Log(2, r.Header.Get("user"), "fetched networks.")
 	logic.SortNetworks(allnetworks[:])
 	w.WriteHeader(http.StatusOK)

controllers/node.go

@@ -650,27 +650,8 @@ func deleteIngressGateway(w http.ResponseWriter, r *http.Request) {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
 		return
 	}
-	if servercfg.IsPro {
-		go func() {
-			users, err := logic.GetUsersDB()
-			if err == nil {
-				for _, user := range users {
-					// delete role from user
-					if netRoles, ok := user.NetworkRoles[models.NetworkID(node.Network)]; ok {
-						delete(netRoles, models.GetRAGRoleName(node.Network, host.Name))
-						user.NetworkRoles[models.NetworkID(node.Network)] = netRoles
-						err = logic.UpsertUser(user)
-						if err != nil {
-							slog.Error("failed to get user", "user", user.UserName, "error", err)
-						}
-					}
-				}
-			} else {
-				slog.Error("failed to get users", "error", err)
-			}
-			logic.DeleteRole(models.GetRAGRoleName(node.Network, host.Name))
-		}()
-	}
+
+	go logic.RemoveNetworkRoleFromUsers(*host, node)
 
 	apiNode := node.ConvertToAPINode()
 	logger.Log(1, r.Header.Get("user"), "deleted ingress gateway", nodeid)

logic/user_mgmt.go

@@ -2,12 +2,24 @@ package logic
 
 import (
 	"encoding/json"
-	"errors"
 
 	"github.com/gravitl/netmaker/database"
 	"github.com/gravitl/netmaker/models"
 )
 
+// Pre-Define Permission Templates for default Roles
+var SuperAdminPermissionTemplate = models.UserRolePermissionTemplate{
+	ID:         models.SuperAdminRole,
+	Default:    true,
+	FullAccess: true,
+}
+
+var AdminPermissionTemplate = models.UserRolePermissionTemplate{
+	ID:         models.AdminRole,
+	Default:    true,
+	FullAccess: true,
+}
+
 var GetFilteredNodesByUserAccess = func(user models.User, nodes []models.Node) (filteredNodes []models.Node) {
 	return
 }
@@ -15,7 +27,19 @@ var GetFilteredNodesByUserAccess = func(user models.User, nodes []models.Node) (
 var CreateRole = func(r models.UserRolePermissionTemplate) error {
 	return nil
 }
+
+var FilterNetworksByRole = func(allnetworks []models.Network, user models.User) []models.Network {
+	return allnetworks
+}
+
+var IsGroupsValid = func(groups map[models.UserGroupID]struct{}) error {
+	return nil
+}
+var RemoveNetworkRoleFromUsers = func(host models.Host, node models.Node) {}
+
+var InitialiseRoles = func() {}
 var DeleteNetworkRoles = func(netID string) {}
+var CreateDefaultNetworkRoles = func(netID string) {}
 
 // GetRole - fetches role template by id
 func GetRole(roleID models.UserRole) (models.UserRolePermissionTemplate, error) {
@@ -32,18 +56,10 @@ func GetRole(roleID models.UserRole) (models.UserRolePermissionTemplate, error)
 	return ur, nil
 }
 
-func IsGroupsValid(groups map[models.UserGroupID]struct{}) error {
-	uniqueGroupsPlatformRole := make(map[models.UserRole]struct{})
-	for groupID := range groups {
-		userG, err := logic.GetUserGroup(groupID)
-		if err != nil {
-			return err
-		}
-		uniqueGroupsPlatformRole[userG.PlatformRole] = struct{}{}
-	}
-	if len(uniqueGroupsPlatformRole) > 1 {
+func UserRolesInit() {
+	d, _ := json.Marshal(SuperAdminPermissionTemplate)
+	database.Insert(SuperAdminPermissionTemplate.ID.String(), string(d), database.USER_PERMISSIONS_TABLE_NAME)
+	d, _ = json.Marshal(AdminPermissionTemplate)
+	database.Insert(AdminPermissionTemplate.ID.String(), string(d), database.USER_PERMISSIONS_TABLE_NAME)
 
-		return errors.New("only groups with same platform role can be assigned to an user")
-	}
-	return nil
 }

pro/initialize.go

@@ -22,6 +22,7 @@ import (
 func InitPro() {
 	servercfg.IsPro = true
 	models.SetLogo(retrieveProLogo())
+	proLogic.UserRolesInit()
 	controller.HttpMiddlewares = append(
 		controller.HttpMiddlewares,
 		proControllers.OnlyServerAPIWhenUnlicensedMiddleware,
@@ -124,6 +125,10 @@ func InitPro() {
 	logic.NetworkPermissionsCheck = proLogic.NetworkPermissionsCheck
 	logic.GlobalPermissionsCheck = proLogic.GlobalPermissionsCheck
 	logic.DeleteNetworkRoles = proLogic.DeleteNetworkRoles
+	logic.CreateDefaultNetworkRoles = proLogic.CreateDefaultNetworkRoles
+	logic.FilterNetworksByRole = proLogic.FilterNetworksByRole
+	logic.IsGroupsValid = proLogic.IsGroupsValid
+	logic.RemoveNetworkRoleFromUsers = proLogic.RemoveNetworkRoleFromUsers
 }
 
 func retrieveProLogo() string {

pro/logic/user_mgmt.go

@@ -9,21 +9,9 @@ import (
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic"
 	"github.com/gravitl/netmaker/models"
+	"golang.org/x/exp/slog"
 )
 
-// Pre-Define Permission Templates for default Roles
-var SuperAdminPermissionTemplate = models.UserRolePermissionTemplate{
-	ID:         models.SuperAdminRole,
-	Default:    true,
-	FullAccess: true,
-}
-
-var AdminPermissionTemplate = models.UserRolePermissionTemplate{
-	ID:         models.AdminRole,
-	Default:    true,
-	FullAccess: true,
-}
-
 var ServiceUserPermissionTemplate = models.UserRolePermissionTemplate{
 	ID:                  models.ServiceUser,
 	Default:             true,
@@ -38,11 +26,7 @@ var PlatformUserUserPermissionTemplate = models.UserRolePermissionTemplate{
 }
 
 func UserRolesInit() {
-	d, _ := json.Marshal(SuperAdminPermissionTemplate)
-	database.Insert(SuperAdminPermissionTemplate.ID.String(), string(d), database.USER_PERMISSIONS_TABLE_NAME)
-	d, _ = json.Marshal(AdminPermissionTemplate)
-	database.Insert(AdminPermissionTemplate.ID.String(), string(d), database.USER_PERMISSIONS_TABLE_NAME)
-	d, _ = json.Marshal(ServiceUserPermissionTemplate)
+	d, _ := json.Marshal(ServiceUserPermissionTemplate)
 	database.Insert(ServiceUserPermissionTemplate.ID.String(), string(d), database.USER_PERMISSIONS_TABLE_NAME)
 	d, _ = json.Marshal(PlatformUserUserPermissionTemplate)
 	database.Insert(PlatformUserUserPermissionTemplate.ID.String(), string(d), database.USER_PERMISSIONS_TABLE_NAME)
@@ -558,3 +542,79 @@ func GetFilteredNodesByUserAccess(user models.User, nodes []models.Node) (filter
 	}
 	return
 }
+
+func FilterNetworksByRole(allnetworks []models.Network, user models.User) []models.Network {
+	platformRole, err := logic.GetRole(user.PlatformRoleID)
+	if err != nil {
+		return []models.Network{}
+	}
+	if !platformRole.FullAccess {
+		allNetworkRoles := make(map[models.NetworkID]struct{})
+		if len(user.NetworkRoles) > 0 {
+			for netID := range user.NetworkRoles {
+				allNetworkRoles[netID] = struct{}{}
+
+			}
+		}
+		if len(user.UserGroups) > 0 {
+			for userGID := range user.UserGroups {
+				userG, err := GetUserGroup(userGID)
+				if err == nil {
+					if len(userG.NetworkRoles) > 0 {
+						for netID := range userG.NetworkRoles {
+							allNetworkRoles[netID] = struct{}{}
+
+						}
+					}
+				}
+			}
+		}
+		filteredNetworks := []models.Network{}
+		for _, networkI := range allnetworks {
+			if _, ok := allNetworkRoles[models.NetworkID(networkI.NetID)]; ok {
+				filteredNetworks = append(filteredNetworks, networkI)
+			}
+		}
+		allnetworks = filteredNetworks
+	}
+	return allnetworks
+}
+
+func IsGroupsValid(groups map[models.UserGroupID]struct{}) error {
+	uniqueGroupsPlatformRole := make(map[models.UserRole]struct{})
+	for groupID := range groups {
+		userG, err := GetUserGroup(groupID)
+		if err != nil {
+			return err
+		}
+		uniqueGroupsPlatformRole[userG.PlatformRole] = struct{}{}
+	}
+	if len(uniqueGroupsPlatformRole) > 1 {
+
+		return errors.New("only groups with same platform role can be assigned to an user")
+	}
+	return nil
+}
+
+func RemoveNetworkRoleFromUsers(host models.Host, node models.Node) {
+	users, err := logic.GetUsersDB()
+	if err == nil {
+		for _, user := range users {
+			// delete role from user
+			if netRoles, ok := user.NetworkRoles[models.NetworkID(node.Network)]; ok {
+				delete(netRoles, models.GetRAGRoleName(node.Network, host.Name))
+				user.NetworkRoles[models.NetworkID(node.Network)] = netRoles
+				err = logic.UpsertUser(user)
+				if err != nil {
+					slog.Error("failed to get user", "user", user.UserName, "error", err)
+				}
+			}
+		}
+	} else {
+		slog.Error("failed to get users", "error", err)
+	}
+	err = DeleteRole(models.GetRAGRoleName(node.Network, host.Name))
+	if err != nil {
+		slog.Error("failed to delete role: ", models.GetRAGRoleName(node.Network, host.Name), err)
+	}
+}