return clone of map

logic/acls/common.go

@@ -2,6 +2,7 @@ package acls
 
 import (
 	"encoding/json"
+	"maps"
 	"sync"
 
 	"github.com/gravitl/netmaker/database"
@@ -133,7 +134,7 @@ func fetchACLContainer(containerID ContainerID) (ACLContainer, error) {
 	defer AclMutex.RUnlock()
 	if servercfg.CacheEnabled() {
 		if aclContainer, ok := fetchAclContainerFromCache(containerID); ok {
-			return aclContainer, nil
+			return maps.Clone(aclContainer), nil
 		}
 	}
 	aclJson, err := fetchACLContainerJson(ContainerID(containerID))
@@ -147,7 +148,7 @@ func fetchACLContainer(containerID ContainerID) (ACLContainer, error) {
 	if servercfg.CacheEnabled() {
 		storeAclContainerInCache(containerID, currentNetworkACL)
 	}
-	return currentNetworkACL, nil
+	return maps.Clone(currentNetworkACL), nil
 }
 
 // fetchACLContainerJson - fetch the current ACL of given container except in json string

logic/acls/nodeacls/retrieve.go

@@ -21,9 +21,8 @@ func AreNodesAllowed(networkID NetworkID, node1, node2 NodeID) bool {
 	}
 	var allowed bool
 	acls.AclMutex.Lock()
-	currNetAclCopy := maps.Clone(currentNetworkACL)
-	currNetworkACLNode1 := currNetAclCopy[acls.AclID(node1)]
-	currNetworkACLNode2 := currNetAclCopy[acls.AclID(node2)]
+	currNetworkACLNode1 := currentNetworkACL[acls.AclID(node1)]
+	currNetworkACLNode2 := currentNetworkACL[acls.AclID(node2)]
 	acls.AclMutex.Unlock()
 	allowed = currNetworkACLNode1.IsAllowed(acls.AclID(node2)) && currNetworkACLNode2.IsAllowed(acls.AclID(node1))
 	return allowed
@@ -69,5 +68,5 @@ func FetchAllACLs(networkID NetworkID) (acls.ACLContainer, error) {
 	if err != nil {
 		return nil, err
 	}
-	return currentNetworkACL, nil
+	return maps.Clone(currentNetworkACL), nil
 }