3 weeks ago · 96f8a9f20c
--- a/pro/controllers/users.go
+++ b/pro/controllers/users.go
@@ -574,6 +574,8 @@ func updateUserGroup(w http.ResponseWriter, r *http.Request) {
 
															 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
														
 
															 		return
														
 
															 	}
														
 
															+	proLogic.DeleteDefaultUserGroupNetworkPolicies(currUserG)
														
 
															+	proLogic.CreateDefaultUserGroupNetworkPolicies(userGroup)
														
 
															 	logic.LogEvent(&models.Event{
														
 
															 		Action: models.Update,
														
 
															 		Source: models.Subject{
														
@@ -652,6 +654,7 @@ func deleteUserGroup(w http.ResponseWriter, r *http.Request) {
 
															 		},
														
 
															 		Origin: models.Dashboard,
														
 
															 	})
														
 
															+
														
 
															 	go proLogic.UpdatesUserGwAccessOnGrpUpdates(userG.NetworkRoles, make(map[models.NetworkID]map[models.UserRoleID]struct{}))
														
 
															 	logic.ReturnSuccessResponseWithJson(w, r, nil, "deleted user group")
														
 
															 }
														
--- a/pro/logic/acls.go
+++ b/pro/logic/acls.go
@@ -455,6 +455,9 @@ func listPoliciesOfUser(user models.User, netID models.NetworkID) []models.Acl {
 
															 	if _, ok := user.UserGroups[globalNetworksUserGroupID]; ok {
														
 
															 		user.UserGroups[GetDefaultNetworkUserGroupID(netID)] = struct{}{}
														
 
															 	}
														
 
															+	if user.PlatformRoleID == models.AdminRole || user.PlatformRoleID == models.SuperAdminRole {
														
 
															+		user.UserGroups[GetDefaultNetworkAdminGroupID(netID)] = struct{}{}
														
 
															+	}
														
 
															 	for _, acl := range allAcls {
														
 
															 		if acl.NetworkID == netID && acl.RuleType == models.UserPolicy {
														
 
															 			srcMap := logic.ConvAclTagToValueMap(acl.Src)
														
--- a/pro/logic/user_mgmt.go
+++ b/pro/logic/user_mgmt.go
@@ -661,6 +661,10 @@ func UpdateUserGroup(g models.UserGroup) error {
 
															 // DeleteUserGroup - deletes user group
														
 
															 func DeleteUserGroup(gid models.UserGroupID) error {
														
 
															+	g, err := GetUserGroup(gid)
														
 
															+	if err != nil {
														
 
															+		return err
														
 
															+	}
														
 
															 	users, err := logic.GetUsersDB()
														
 
															 	if err != nil && !database.IsEmptyRecord(err) {
														
 
															 		return err
														
@@ -669,6 +673,8 @@ func DeleteUserGroup(gid models.UserGroupID) error {
 
															 		delete(user.UserGroups, gid)
														
 
															 		logic.UpsertUser(user)
														
 
															 	}
														
 
															+	// create default network gateway policies
														
 
															+	go DeleteDefaultUserGroupNetworkPolicies(g)
														
 
															 	return database.DeleteRecord(database.USER_GROUPS_TABLE_NAME, gid.String())
														
 
															 }
														
@@ -1246,6 +1252,12 @@ func CreateDefaultUserGroupNetworkPolicies(g models.UserGroup) {
 
															 	}
														
 
															 }
														
 
															+func DeleteDefaultUserGroupNetworkPolicies(g models.UserGroup) {
														
 
															+	for netID := range g.NetworkRoles {
														
 
															+		logic.DeleteAcl(models.Acl{ID: fmt.Sprintf("%s.%s-grp", netID, g.ID.String())})
														
 
															+	}
														
 
															+}
														
 
															+
														
 
															 func CreateDefaultUserPolicies(netID models.NetworkID) {
														
 
															 	if netID.String() == "" {
														
 
															 		return