|
|
@@ -811,86 +811,6 @@ func GetUserNetworkRolesWithRemoteVPNAccess(user models.User) (gwAccess map[mode
|
|
|
|
|
|
func GetFilteredNodesByUserAccess(user models.User, nodes []models.Node) (filteredNodes []models.Node) {
|
|
|
return filteredNodes
|
|
|
- nodesMap := make(map[string]struct{})
|
|
|
- allNetworkRoles := make(map[models.UserRoleID]struct{})
|
|
|
- defer func() {
|
|
|
- filteredNodes = logic.AddStaticNodestoList(filteredNodes)
|
|
|
- }()
|
|
|
- if len(user.NetworkRoles) > 0 {
|
|
|
- for _, netRoles := range user.NetworkRoles {
|
|
|
- for netRoleI := range netRoles {
|
|
|
- allNetworkRoles[netRoleI] = struct{}{}
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- if _, ok := user.NetworkRoles[models.AllNetworks]; ok {
|
|
|
- filteredNodes = nodes
|
|
|
- return
|
|
|
- }
|
|
|
- if len(user.UserGroups) > 0 {
|
|
|
- for userGID := range user.UserGroups {
|
|
|
- userG, err := GetUserGroup(userGID)
|
|
|
- if err == nil {
|
|
|
- if len(userG.NetworkRoles) > 0 {
|
|
|
- if _, ok := userG.NetworkRoles[models.AllNetworks]; ok {
|
|
|
- filteredNodes = nodes
|
|
|
- return
|
|
|
- }
|
|
|
- for _, netRoles := range userG.NetworkRoles {
|
|
|
- for netRoleI := range netRoles {
|
|
|
- allNetworkRoles[netRoleI] = struct{}{}
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- for networkRoleID := range allNetworkRoles {
|
|
|
- userPermTemplate, err := logic.GetRole(networkRoleID)
|
|
|
- if err != nil {
|
|
|
- continue
|
|
|
- }
|
|
|
- networkNodes := logic.GetNetworkNodesMemory(nodes, userPermTemplate.NetworkID.String())
|
|
|
- if userPermTemplate.FullAccess {
|
|
|
- for _, node := range networkNodes {
|
|
|
- if _, ok := nodesMap[node.ID.String()]; ok {
|
|
|
- continue
|
|
|
- }
|
|
|
- nodesMap[node.ID.String()] = struct{}{}
|
|
|
- filteredNodes = append(filteredNodes, node)
|
|
|
- }
|
|
|
-
|
|
|
- continue
|
|
|
- }
|
|
|
- if rsrcPerms, ok := userPermTemplate.NetworkLevelAccess[models.RemoteAccessGwRsrc]; ok {
|
|
|
- if _, ok := rsrcPerms[models.AllRemoteAccessGwRsrcID]; ok {
|
|
|
- for _, node := range networkNodes {
|
|
|
- if _, ok := nodesMap[node.ID.String()]; ok {
|
|
|
- continue
|
|
|
- }
|
|
|
- if node.IsIngressGateway {
|
|
|
- nodesMap[node.ID.String()] = struct{}{}
|
|
|
- filteredNodes = append(filteredNodes, node)
|
|
|
- }
|
|
|
- }
|
|
|
- } else {
|
|
|
- for gwID, scope := range rsrcPerms {
|
|
|
- if _, ok := nodesMap[gwID.String()]; ok {
|
|
|
- continue
|
|
|
- }
|
|
|
- if scope.Read {
|
|
|
- gwNode, err := logic.GetNodeByID(gwID.String())
|
|
|
- if err == nil && gwNode.IsIngressGateway {
|
|
|
- nodesMap[gwNode.ID.String()] = struct{}{}
|
|
|
- filteredNodes = append(filteredNodes, gwNode)
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- }
|
|
|
- return
|
|
|
}
|
|
|
|
|
|
func FilterNetworksByRole(allnetworks []models.Network, user models.User) []models.Network {
|
abhishek9686