|
|
@@ -8,7 +8,9 @@ import (
|
|
|
"net/http"
|
|
|
"net/url"
|
|
|
"strings"
|
|
|
+ "time"
|
|
|
|
|
|
+ "github.com/google/uuid"
|
|
|
"github.com/gorilla/mux"
|
|
|
"github.com/gravitl/netmaker/database"
|
|
|
"github.com/gravitl/netmaker/logger"
|
|
|
@@ -411,6 +413,44 @@ func createUserGroup(w http.ResponseWriter, r *http.Request) {
|
|
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
|
return
|
|
|
}
|
|
|
+ networks, err := logic.GetNetworks()
|
|
|
+ if err != nil {
|
|
|
+ logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
|
+ return
|
|
|
+ }
|
|
|
+ for _, network := range networks {
|
|
|
+ acl := models.Acl{
|
|
|
+ ID: uuid.New().String(),
|
|
|
+ Name: fmt.Sprintf("%s group", userGroupReq.Group.Name),
|
|
|
+ MetaData: "This Policy allows user group to communicate with all gateways",
|
|
|
+ Default: true,
|
|
|
+ ServiceType: models.Any,
|
|
|
+ NetworkID: models.NetworkID(network.NetID),
|
|
|
+ Proto: models.ALL,
|
|
|
+ RuleType: models.UserPolicy,
|
|
|
+ Src: []models.AclPolicyTag{
|
|
|
+ {
|
|
|
+ ID: models.UserGroupAclID,
|
|
|
+ Value: userGroupReq.Group.ID.String(),
|
|
|
+ },
|
|
|
+ },
|
|
|
+ Dst: []models.AclPolicyTag{
|
|
|
+ {
|
|
|
+ ID: models.NodeTagID,
|
|
|
+ Value: fmt.Sprintf("%s.%s", models.NetworkID(network.NetID), models.GwTagName),
|
|
|
+ }},
|
|
|
+ AllowedDirection: models.TrafficDirectionUni,
|
|
|
+ Enabled: true,
|
|
|
+ CreatedBy: "auto",
|
|
|
+ CreatedAt: time.Now().UTC(),
|
|
|
+ }
|
|
|
+ err = logic.InsertAcl(acl)
|
|
|
+ if err != nil {
|
|
|
+ logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
|
|
|
+ return
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
for _, userID := range userGroupReq.Members {
|
|
|
user, err := logic.GetUser(userID)
|
|
|
if err != nil {
|
abhishek9686