refer network controls form roles, add debug headers

controllers/middleware.go

@@ -12,7 +12,7 @@ func userMiddleWare(handler http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		var params = mux.Vars(r)
 		r.Header.Set("NET_ID", params["network"])
-		if strings.Contains(r.URL.Path, "host") || strings.Contains(r.URL.Path, "node") {
+		if strings.Contains(r.URL.Path, "hosts") || strings.Contains(r.URL.Path, "nodes") {
 			r.Header.Set("TARGET_RSRC", models.HostRsrc.String())
 			r.Header.Set("RSRC_TYPE", models.HostRsrc.String())
 		}
@@ -56,8 +56,10 @@ func userMiddleWare(handler http.Handler) http.Handler {
 		if r.Header.Get("TARGET_RSRC_ID") == "" {
 			r.Header.Set("IS_GLOBAL_ACCESS", "yes")
 		}
-		// pro
-
+		w.Header().Set("TARGET_RSRC", r.Header.Get("TARGET_RSRC"))
+		w.Header().Set("TARGET_RSRC_ID", r.Header.Get("TARGET_RSRC_ID"))
+		w.Header().Set("RSRC_TYPE", r.Header.Get("RSRC_TYPE"))
+		w.Header().Set("IS_GLOBAL_ACCESS", r.Header.Get("IS_GLOBAL_ACCESS"))
 		handler.ServeHTTP(w, r)
 	})
 }

logic/security.go

@@ -148,10 +148,7 @@ func SecurityCheck(reqAdmin bool, next http.Handler) http.HandlerFunc {
 				err = networkPermissionsCheck(username, r)
 			}
 		}
-		w.Header().Set("TARGET_RSRC", r.Header.Get("TARGET_RSRC"))
-		w.Header().Set("TARGET_RSRC_ID", r.Header.Get("TARGET_RSRC_ID"))
-		w.Header().Set("NET_ID", r.Header.Get("NET_ID"))
-		w.Header().Set("ACCESS_RESP", err.Error())
+		w.Header().Set("ACCESS_PERM", err.Error())
 		r.Header.Set("user", username)
 		next.ServeHTTP(w, r)
 	}

logic/user_mgmt.go

@@ -32,8 +32,14 @@ var NetworkUserPermissionTemplate = models.UserRolePermissionTemplate{
 	ID:                  models.NetworkUser,
 	Default:             true,
 	FullAccess:          false,
-	DenyDashboardAccess: true,
-	NetworkLevelAccess:  make(map[models.RsrcType]map[models.RsrcID]models.RsrcPermissionScope),
+	DenyDashboardAccess: false,
+	NetworkLevelAccess: map[models.RsrcType]map[models.RsrcID]models.RsrcPermissionScope{
+		models.RemoteAccessGwRsrc: {
+			models.AllRemoteAccessGwRsrcID: models.RsrcPermissionScope{
+				Read: true,
+			},
+		},
+	},
 }
 
 func UserRolesInit() {

models/user_mgmt.go

@@ -63,11 +63,10 @@ func (g UserGroupID) String() string {
 }
 
 type RsrcPermissionScope struct {
-	Create    bool `json:"create"`
-	Read      bool `json:"read"`
-	Update    bool `json:"update"`
-	Delete    bool `json:"delete"`
-	VPNAccess bool `json:"vpn_access"`
+	Create bool `json:"create"`
+	Read   bool `json:"read"`
+	Update bool `json:"update"`
+	Delete bool `json:"delete"`
 }
 
 type UserRolePermissionTemplate struct {