|
@@ -7,7 +7,6 @@ import (
|
|
|
"time"
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/gravitl/netmaker/database"
|
|
"github.com/gravitl/netmaker/database"
|
|
|
- "github.com/gravitl/netmaker/logger"
|
|
|
|
|
"github.com/gravitl/netmaker/logic"
|
|
"github.com/gravitl/netmaker/logic"
|
|
|
"github.com/gravitl/netmaker/models"
|
|
"github.com/gravitl/netmaker/models"
|
|
|
"github.com/gravitl/netmaker/mq"
|
|
"github.com/gravitl/netmaker/mq"
|
|
@@ -544,176 +543,6 @@ func GetUserRAGNodesV1(user models.User) (gws map[string]models.Node) {
|
|
|
}
|
|
}
|
|
|
return
|
|
return
|
|
|
}
|
|
}
|
|
|
-func DoesUserHaveAccessToRAGNode(user models.User, node models.Node) bool {
|
|
|
|
|
- userGwAccessScope := GetUserNetworkRolesWithRemoteVPNAccess(user)
|
|
|
|
|
- logger.Log(3, fmt.Sprintf("User Gw Access Scope: %+v", userGwAccessScope))
|
|
|
|
|
- _, allNetAccess := userGwAccessScope["*"]
|
|
|
|
|
- if node.IsIngressGateway && !node.PendingDelete {
|
|
|
|
|
- if allNetAccess {
|
|
|
|
|
- return true
|
|
|
|
|
- } else {
|
|
|
|
|
- gwRsrcMap := userGwAccessScope[models.NetworkID(node.Network)]
|
|
|
|
|
- scope, ok := gwRsrcMap[models.AllRemoteAccessGwRsrcID]
|
|
|
|
|
- if !ok {
|
|
|
|
|
- if scope, ok = gwRsrcMap[models.RsrcID(node.ID.String())]; !ok {
|
|
|
|
|
- return false
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
- if scope.VPNaccess {
|
|
|
|
|
- return true
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
- return false
|
|
|
|
|
-}
|
|
|
|
|
-
|
|
|
|
|
-func GetUserRAGNodes(user models.User) (gws map[string]models.Node) {
|
|
|
|
|
- gws = make(map[string]models.Node)
|
|
|
|
|
- userGwAccessScope := GetUserNetworkRolesWithRemoteVPNAccess(user)
|
|
|
|
|
- logger.Log(3, fmt.Sprintf("User Gw Access Scope: %+v", userGwAccessScope))
|
|
|
|
|
- _, allNetAccess := userGwAccessScope["*"]
|
|
|
|
|
- nodes, err := logic.GetAllNodes()
|
|
|
|
|
- if err != nil {
|
|
|
|
|
- return
|
|
|
|
|
- }
|
|
|
|
|
- for _, node := range nodes {
|
|
|
|
|
- if node.IsIngressGateway && !node.PendingDelete {
|
|
|
|
|
- if allNetAccess {
|
|
|
|
|
- gws[node.ID.String()] = node
|
|
|
|
|
- } else {
|
|
|
|
|
- gwRsrcMap := userGwAccessScope[models.NetworkID(node.Network)]
|
|
|
|
|
- scope, ok := gwRsrcMap[models.AllRemoteAccessGwRsrcID]
|
|
|
|
|
- if !ok {
|
|
|
|
|
- if scope, ok = gwRsrcMap[models.RsrcID(node.ID.String())]; !ok {
|
|
|
|
|
- continue
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
- if scope.VPNaccess {
|
|
|
|
|
- gws[node.ID.String()] = node
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
- return
|
|
|
|
|
-}
|
|
|
|
|
-
|
|
|
|
|
-// GetUserNetworkRoles - get user network roles
|
|
|
|
|
-func GetUserNetworkRolesWithRemoteVPNAccess(user models.User) (gwAccess map[models.NetworkID]map[models.RsrcID]models.RsrcPermissionScope) {
|
|
|
|
|
- gwAccess = make(map[models.NetworkID]map[models.RsrcID]models.RsrcPermissionScope)
|
|
|
|
|
- platformRole, err := logic.GetRole(user.PlatformRoleID)
|
|
|
|
|
- if err != nil {
|
|
|
|
|
- return
|
|
|
|
|
- }
|
|
|
|
|
- if platformRole.FullAccess {
|
|
|
|
|
- gwAccess[models.NetworkID("*")] = make(map[models.RsrcID]models.RsrcPermissionScope)
|
|
|
|
|
- return
|
|
|
|
|
- }
|
|
|
|
|
- if _, ok := user.NetworkRoles[models.AllNetworks]; ok {
|
|
|
|
|
- gwAccess[models.NetworkID("*")] = make(map[models.RsrcID]models.RsrcPermissionScope)
|
|
|
|
|
- }
|
|
|
|
|
- if len(user.UserGroups) > 0 {
|
|
|
|
|
- for gID := range user.UserGroups {
|
|
|
|
|
- userG, err := GetUserGroup(gID)
|
|
|
|
|
- if err != nil {
|
|
|
|
|
- continue
|
|
|
|
|
- }
|
|
|
|
|
- for netID, roleMap := range userG.NetworkRoles {
|
|
|
|
|
- for roleID := range roleMap {
|
|
|
|
|
- role, err := logic.GetRole(roleID)
|
|
|
|
|
- if err == nil {
|
|
|
|
|
- if role.FullAccess {
|
|
|
|
|
- gwAccess[netID] = map[models.RsrcID]models.RsrcPermissionScope{
|
|
|
|
|
- models.AllRemoteAccessGwRsrcID: {
|
|
|
|
|
- Create: true,
|
|
|
|
|
- Read: true,
|
|
|
|
|
- Update: true,
|
|
|
|
|
- VPNaccess: true,
|
|
|
|
|
- Delete: true,
|
|
|
|
|
- },
|
|
|
|
|
- models.AllExtClientsRsrcID: {
|
|
|
|
|
- Create: true,
|
|
|
|
|
- Read: true,
|
|
|
|
|
- Update: true,
|
|
|
|
|
- Delete: true,
|
|
|
|
|
- },
|
|
|
|
|
- }
|
|
|
|
|
- break
|
|
|
|
|
- }
|
|
|
|
|
- if rsrcsMap, ok := role.NetworkLevelAccess[models.RemoteAccessGwRsrc]; ok {
|
|
|
|
|
- if permissions, ok := rsrcsMap[models.AllRemoteAccessGwRsrcID]; ok && permissions.VPNaccess {
|
|
|
|
|
- if len(gwAccess[netID]) == 0 {
|
|
|
|
|
- gwAccess[netID] = make(map[models.RsrcID]models.RsrcPermissionScope)
|
|
|
|
|
- }
|
|
|
|
|
- gwAccess[netID][models.AllRemoteAccessGwRsrcID] = permissions
|
|
|
|
|
- break
|
|
|
|
|
- } else {
|
|
|
|
|
- for gwID, scope := range rsrcsMap {
|
|
|
|
|
- if scope.VPNaccess {
|
|
|
|
|
- if len(gwAccess[netID]) == 0 {
|
|
|
|
|
- gwAccess[netID] = make(map[models.RsrcID]models.RsrcPermissionScope)
|
|
|
|
|
- }
|
|
|
|
|
- gwAccess[netID][gwID] = scope
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
- for netID, roleMap := range user.NetworkRoles {
|
|
|
|
|
- for roleID := range roleMap {
|
|
|
|
|
- role, err := logic.GetRole(roleID)
|
|
|
|
|
- if err == nil {
|
|
|
|
|
- if role.FullAccess {
|
|
|
|
|
- gwAccess[netID] = map[models.RsrcID]models.RsrcPermissionScope{
|
|
|
|
|
- models.AllRemoteAccessGwRsrcID: {
|
|
|
|
|
- Create: true,
|
|
|
|
|
- Read: true,
|
|
|
|
|
- Update: true,
|
|
|
|
|
- VPNaccess: true,
|
|
|
|
|
- Delete: true,
|
|
|
|
|
- },
|
|
|
|
|
- models.AllExtClientsRsrcID: {
|
|
|
|
|
- Create: true,
|
|
|
|
|
- Read: true,
|
|
|
|
|
- Update: true,
|
|
|
|
|
- Delete: true,
|
|
|
|
|
- },
|
|
|
|
|
- }
|
|
|
|
|
- break
|
|
|
|
|
- }
|
|
|
|
|
- if rsrcsMap, ok := role.NetworkLevelAccess[models.RemoteAccessGwRsrc]; ok {
|
|
|
|
|
- if permissions, ok := rsrcsMap[models.AllRemoteAccessGwRsrcID]; ok && permissions.VPNaccess {
|
|
|
|
|
- if len(gwAccess[netID]) == 0 {
|
|
|
|
|
- gwAccess[netID] = make(map[models.RsrcID]models.RsrcPermissionScope)
|
|
|
|
|
- }
|
|
|
|
|
- gwAccess[netID][models.AllRemoteAccessGwRsrcID] = permissions
|
|
|
|
|
- break
|
|
|
|
|
- } else {
|
|
|
|
|
- for gwID, scope := range rsrcsMap {
|
|
|
|
|
- if scope.VPNaccess {
|
|
|
|
|
- if len(gwAccess[netID]) == 0 {
|
|
|
|
|
- gwAccess[netID] = make(map[models.RsrcID]models.RsrcPermissionScope)
|
|
|
|
|
- }
|
|
|
|
|
- gwAccess[netID][gwID] = scope
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
- return
|
|
|
|
|
-}
|
|
|
|
|
|
|
|
|
|
func GetFilteredNodesByUserAccess(user models.User, nodes []models.Node) (filteredNodes []models.Node) {
|
|
func GetFilteredNodesByUserAccess(user models.User, nodes []models.Node) (filteredNodes []models.Node) {
|
|
|
|
|
|
abhishek9686