add egress ranges by access to users

logic/acls.go

@@ -1510,6 +1510,18 @@ func ListDevicePolicies(netID models.NetworkID) []models.Acl {
 	return deviceAcls
 }
 
+// ListUserPolicies - lists all user policies in a network
+func ListUserPolicies(netID models.NetworkID) []models.Acl {
+	allAcls := ListAcls()
+	userAcls := []models.Acl{}
+	for _, acl := range allAcls {
+		if acl.NetworkID == netID && acl.RuleType == models.UserPolicy {
+			userAcls = append(userAcls, acl)
+		}
+	}
+	return userAcls
+}
+
 func ConvAclTagToValueMap(acltags []models.AclPolicyTag) map[string]struct{} {
 	aclValueMap := make(map[string]struct{})
 	for _, aclTagI := range acltags {

logic/egress.go

@@ -181,7 +181,7 @@ func AddEgressInfoToPeerByAccess(node, targetNode *models.Node, eli []schema.Egr
 }
 
 func GetEgressDomainsByAccess(user *models.User, network models.NetworkID) (domains []string) {
-	acls, _ := ListAclsByNetwork(network)
+	acls := ListUserPolicies(network)
 	eli, _ := (&schema.Egress{Network: network.String()}).ListByNetwork(db.WithContext(context.TODO()))
 	defaultDevicePolicy, _ := GetDefaultPolicy(network, models.DevicePolicy)
 	isDefaultPolicyActive := defaultDevicePolicy.Enabled

logic/extpeers.go

@@ -71,11 +71,36 @@ func GetEgressRangesOnNetwork(client *models.ExtClient) ([]string, error) {
 
 	var result []string
 	eli, _ := (&schema.Egress{Network: client.Network}).ListByNetwork(db.WithContext(context.TODO()))
+	staticNode := client.ConvertToStaticNode()
+	devicePolicies := ListDevicePolicies(models.NetworkID(client.Network))
+	userPolicies := ListUserPolicies(models.NetworkID(client.Network))
 	for _, eI := range eli {
-		if !eI.Status || eI.Range == "" {
+		if !eI.Status {
 			continue
 		}
-		result = append(result, eI.Range)
+		if eI.Domain == "" && eI.Range == "" {
+			continue
+		}
+		if eI.Domain != "" && len(eI.DomainAns) == 0 {
+			continue
+		}
+		rangesToBeAdded := []string{}
+		if eI.Domain != "" {
+			rangesToBeAdded = append(rangesToBeAdded, eI.DomainAns...)
+		} else {
+			rangesToBeAdded = append(rangesToBeAdded, eI.Range)
+		}
+		if staticNode.IsUserNode && staticNode.StaticNode.OwnerID != "" {
+			user, err := GetUser(staticNode.StaticNode.OwnerID)
+			if err != nil {
+				return []string{}, errors.New("user not found")
+			}
+			if DoesUserHaveAccessToEgress(user, &eI, userPolicies) {
+				result = append(result, rangesToBeAdded...)
+			}
+		} else {
+			result = append(result, rangesToBeAdded...)
+		}
 	}
 	extclients, _ := GetNetworkExtClients(client.Network)
 	for _, extclient := range extclients {

models/extclient.go

@@ -66,7 +66,7 @@ func (ext *ExtClient) ConvertToStaticNode() Node {
 		Tags:       ext.Tags,
 		IsStatic:   true,
 		StaticNode: *ext,
-		IsUserNode: ext.RemoteAccessClientID != "",
+		IsUserNode: ext.RemoteAccessClientID != "" || ext.DeviceID != "",
 		Mutex:      ext.Mutex,
 	}
 }