3 هفته پیش · 96f8a9f20c
--- a/pro/controllers/users.go
+++ b/pro/controllers/users.go
@@ -574,6 +574,8 @@ func updateUserGroup(w http.ResponseWriter, r *http.Request) {
 
				 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
			
 
				 		return
			
 
				 	}
			
 
				+	proLogic.DeleteDefaultUserGroupNetworkPolicies(currUserG)
			
 
				+	proLogic.CreateDefaultUserGroupNetworkPolicies(userGroup)
			
 
				 	logic.LogEvent(&models.Event{
			
 
				 		Action: models.Update,
			
 
				 		Source: models.Subject{
			
@@ -652,6 +654,7 @@ func deleteUserGroup(w http.ResponseWriter, r *http.Request) {
 
				 		},
			
 
				 		Origin: models.Dashboard,
			
 
				 	})
			
 
				+
			
 
				 	go proLogic.UpdatesUserGwAccessOnGrpUpdates(userG.NetworkRoles, make(map[models.NetworkID]map[models.UserRoleID]struct{}))
			
 
				 	logic.ReturnSuccessResponseWithJson(w, r, nil, "deleted user group")
			
 
				 }
			
--- a/pro/logic/acls.go
+++ b/pro/logic/acls.go
@@ -455,6 +455,9 @@ func listPoliciesOfUser(user models.User, netID models.NetworkID) []models.Acl {
 
				 	if _, ok := user.UserGroups[globalNetworksUserGroupID]; ok {
			
 
				 		user.UserGroups[GetDefaultNetworkUserGroupID(netID)] = struct{}{}
			
 
				 	}
			
 
				+	if user.PlatformRoleID == models.AdminRole || user.PlatformRoleID == models.SuperAdminRole {
			
 
				+		user.UserGroups[GetDefaultNetworkAdminGroupID(netID)] = struct{}{}
			
 
				+	}
			
 
				 	for _, acl := range allAcls {
			
 
				 		if acl.NetworkID == netID && acl.RuleType == models.UserPolicy {
			
 
				 			srcMap := logic.ConvAclTagToValueMap(acl.Src)
			
--- a/pro/logic/user_mgmt.go
+++ b/pro/logic/user_mgmt.go
@@ -661,6 +661,10 @@ func UpdateUserGroup(g models.UserGroup) error {
 
				 
			
 
				 // DeleteUserGroup - deletes user group
			
 
				 func DeleteUserGroup(gid models.UserGroupID) error {
			
 
				+	g, err := GetUserGroup(gid)
			
 
				+	if err != nil {
			
 
				+		return err
			
 
				+	}
			
 
				 	users, err := logic.GetUsersDB()
			
 
				 	if err != nil && !database.IsEmptyRecord(err) {
			
 
				 		return err
			
@@ -669,6 +673,8 @@ func DeleteUserGroup(gid models.UserGroupID) error {
 
				 		delete(user.UserGroups, gid)
			
 
				 		logic.UpsertUser(user)
			
 
				 	}
			
 
				+	// create default network gateway policies
			
 
				+	go DeleteDefaultUserGroupNetworkPolicies(g)
			
 
				 	return database.DeleteRecord(database.USER_GROUPS_TABLE_NAME, gid.String())
			
 
				 }
			
 
				 
			
@@ -1246,6 +1252,12 @@ func CreateDefaultUserGroupNetworkPolicies(g models.UserGroup) {
 
				 	}
			
 
				 }
			
 
				 
			
 
				+func DeleteDefaultUserGroupNetworkPolicies(g models.UserGroup) {
			
 
				+	for netID := range g.NetworkRoles {
			
 
				+		logic.DeleteAcl(models.Acl{ID: fmt.Sprintf("%s.%s-grp", netID, g.ID.String())})
			
 
				+	}
			
 
				+}
			
 
				+
			
 
				 func CreateDefaultUserPolicies(netID models.NetworkID) {
			
 
				 	if netID.String() == "" {
			
 
				 		return