Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

remove * on default grp, add admins to admin net groups by default

abhishek9686 10 months ago
parent
56d5c85da7
commit
167d29a96b
8 changed files with 43 additions and 4 deletions
Unified View Show Diff Stats
  1. 0 1
      controllers/acls.go
  2. 5 0
      logic/acls.go
  3. 2 0
      logic/user_mgmt.go
  4. 1 0
      logic/users.go
  5. 2 0
      migrate/migrate.go
  6. 4 0
      pro/controllers/users.go
  7. 1 0
      pro/initialize.go
  8. 28 3
      pro/logic/user_mgmt.go

+ 0 - 1
controllers/acls.go
View File 

@@ -28,7 +28,6 @@ func aclHandlers(r *mux.Router) {
 
 		Methods(http.MethodDelete)
 
 		Methods(http.MethodDelete)
 
 	r.HandleFunc("/api/v1/acls/debug", logic.SecurityCheck(true, http.HandlerFunc(aclDebug))).
 
 	r.HandleFunc("/api/v1/acls/debug", logic.SecurityCheck(true, http.HandlerFunc(aclDebug))).
 
 		Methods(http.MethodGet)
 
 		Methods(http.MethodGet)
 
-
 
 }
 
 }
 
 
 
 // @Summary     List Acl Policy types
 
 // @Summary     List Acl Policy types

+ 5 - 0
logic/acls.go
View File 

@@ -183,6 +183,11 @@ func IsAclPolicyValid(acl models.Acl) bool {
 
 				if err != nil {
 
 				if err != nil {
 
 					return false
 
 					return false
 
 				}
 
 				}
 
+				// check if group belongs to this network
 
+				netGrps := GetUserGroupsInNetwork(acl.NetworkID)
 
+				if _, ok := netGrps[models.UserGroupID(srcI.Value)]; !ok {
 
+					return false
 
+				}
 
 			}
 
 			}
 
 
 
 		}
 
 		}

+ 2 - 0
logic/user_mgmt.go
View File 

@@ -59,6 +59,8 @@ var IntialiseGroups = func() {}
 
 var DeleteNetworkRoles = func(netID string) {}
 
 var DeleteNetworkRoles = func(netID string) {}
 
 var CreateDefaultNetworkRolesAndGroups = func(netID models.NetworkID) {}
 
 var CreateDefaultNetworkRolesAndGroups = func(netID models.NetworkID) {}
 
 var CreateDefaultUserPolicies = func(netID models.NetworkID) {}
 
 var CreateDefaultUserPolicies = func(netID models.NetworkID) {}
 
+var GetUserGroupsInNetwork = func(netID models.NetworkID) (networkGrps map[models.UserGroupID]models.UserGroup) { return }
 
+var AddGlobalNetRolesToAdmins = func(u *models.User) {}
 
 
 
 // GetRole - fetches role template by id
 
 // GetRole - fetches role template by id
 
 func GetRole(roleID models.UserRoleID) (models.UserRolePermissionTemplate, error) {
 
 func GetRole(roleID models.UserRoleID) (models.UserRolePermissionTemplate, error) {

+ 1 - 0
logic/users.go
View File 

@@ -62,6 +62,7 @@ func SetUserDefaults(user *models.User) {
 
 	if len(user.UserGroups) == 0 {
 
 	if len(user.UserGroups) == 0 {
 
 		user.UserGroups = make(map[models.UserGroupID]struct{})
 
 		user.UserGroups = make(map[models.UserGroupID]struct{})
 
 	}
 
 	}
 
+	AddGlobalNetRolesToAdmins(user)
 
 }
 
 }
 
 
 
 // SortUsers - Sorts slice of Users by username
 
 // SortUsers - Sorts slice of Users by username

+ 2 - 0
migrate/migrate.go
View File 

@@ -398,6 +398,8 @@ func syncUsers() {
 
 	if err == nil {
 
 	if err == nil {
 
 		for _, user := range users {
 
 		for _, user := range users {
 
 			user := user
 
 			user := user
 
+			logic.AddGlobalNetRolesToAdmins(&user)
 
+			logic.UpsertUser(user)
 
 			if user.PlatformRoleID == models.AdminRole && !user.IsAdmin {
 
 			if user.PlatformRoleID == models.AdminRole && !user.IsAdmin {
 
 				user.IsAdmin = true
 
 				user.IsAdmin = true
 
 				logic.UpsertUser(user)
 
 				logic.UpsertUser(user)

+ 4 - 0
pro/controllers/users.go
View File 

@@ -496,6 +496,10 @@ func deleteUserGroup(w http.ResponseWriter, r *http.Request) {
 
 		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("failed to fetch group details"), "badrequest"))
 
 		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("failed to fetch group details"), "badrequest"))
 
 		return
 
 		return
 
 	}
 
 	}
 
+	if userG.Default {
 
+		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("cannot delete default user group"), "badrequest"))
 
+		return
 
+	}
 
 	err = proLogic.DeleteUserGroup(models.UserGroupID(gid))
 
 	err = proLogic.DeleteUserGroup(models.UserGroupID(gid))
 
 	if err != nil {
 
 	if err != nil {
 
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
 
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))

+ 1 - 0
pro/initialize.go
View File 

@@ -138,6 +138,7 @@ func InitPro() {
 
 	logic.CreateDefaultUserPolicies = proLogic.CreateDefaultUserPolicies
 
 	logic.CreateDefaultUserPolicies = proLogic.CreateDefaultUserPolicies
 
 	logic.MigrateUserRoleAndGroups = proLogic.MigrateUserRoleAndGroups
 
 	logic.MigrateUserRoleAndGroups = proLogic.MigrateUserRoleAndGroups
 
 	logic.IntialiseGroups = proLogic.UserGroupsInit
 
 	logic.IntialiseGroups = proLogic.UserGroupsInit
 
+	logic.AddGlobalNetRolesToAdmins = proLogic.AddGlobalNetRolesToAdmins
 
 }
 
 }
 
 
 
 func retrieveProLogo() string {
 
 func retrieveProLogo() string {

+ 28 - 3
pro/logic/user_mgmt.go
View File 

@@ -97,7 +97,7 @@ func UserGroupsInit() {
 
 		Name:    "All Networks User Group",
 
 		Name:    "All Networks User Group",
 
 		Default: true,
 
 		Default: true,
 
 		NetworkRoles: map[models.NetworkID]map[models.UserRoleID]struct{}{
 
 		NetworkRoles: map[models.NetworkID]map[models.UserRoleID]struct{}{
 
-			models.NetworkID("*"): {
 
+			models.NetworkID(models.AllNetworks): {
 
 				models.UserRoleID(fmt.Sprintf("global-%s", models.NetworkUser)): {},
 
 				models.UserRoleID(fmt.Sprintf("global-%s", models.NetworkUser)): {},
 
 			},
 
 			},
 
 		},
 
 		},
 
@@ -1156,7 +1156,7 @@ func CreateDefaultUserPolicies(netID models.NetworkID) {
 
 				},
 
 				},
 
 				{
 
 				{
 
 					ID:    models.UserGroupAclID,
 
 					ID:    models.UserGroupAclID,
 
-					Value: "global-network-admin-grp",
 
+					Value: fmt.Sprintf("global-%s-grp", models.NetworkAdmin),
 
 				},
 
 				},
 
 			},
 
 			},
 
 			Dst: []models.AclPolicyTag{
 
 			Dst: []models.AclPolicyTag{
 
@@ -1187,7 +1187,7 @@ func CreateDefaultUserPolicies(netID models.NetworkID) {
 
 				},
 
 				},
 
 				{
 
 				{
 
 					ID:    models.UserGroupAclID,
 
 					ID:    models.UserGroupAclID,
 
-					Value: "global-network-user-grp",
 
+					Value: fmt.Sprintf("global-%s-grp", models.NetworkUser),
 
 				},
 
 				},
 
 			},
 
 			},
 
 
 
@@ -1205,3 +1205,28 @@ func CreateDefaultUserPolicies(netID models.NetworkID) {
 
 	}
 
 	}
 
 
 
 }
 
 }
 
+
 
+func GetUserGroupsInNetwork(netID models.NetworkID) (networkGrps map[models.UserGroupID]models.UserGroup) {
 
+	groups, _ := ListUserGroups()
 
+	networkGrps = make(map[models.UserGroupID]models.UserGroup)
 
+	for _, grp := range groups {
 
+		if _, ok := grp.NetworkRoles[models.AllNetworks]; ok {
 
+			networkGrps[grp.ID] = grp
 
+			continue
 
+		}
 
+		if _, ok := grp.NetworkRoles[netID]; ok {
 
+			networkGrps[grp.ID] = grp
 
+		}
 
+	}
 
+	return
 
+}
 
+
 
+func AddGlobalNetRolesToAdmins(u *models.User) {
 
+	if u.PlatformRoleID != models.SuperAdminRole && u.PlatformRoleID != models.AdminRole {
 
+		return
 
+	}
 
+	if u.UserGroups == nil {
 
+		u.UserGroups = make(map[models.UserGroupID]struct{})
 
+	}
 
+	u.UserGroups[models.UserGroupID(fmt.Sprintf("global-%s-grp", models.NetworkAdmin))] = struct{}{}
 
+}