10 달 전 · aea26dfdf6
--- a/logic/acls.go
+++ b/logic/acls.go
@@ -323,8 +323,8 @@ func ListUserPolicies(u models.User) []models.Acl {
 
				 	return acls
			
 
				 }
			
 
				 
			
 
				-// ListUserPoliciesByNetwork - lists all acl user policies in a network
			
 
				-func ListUserPoliciesByNetwork(netID models.NetworkID) []models.Acl {
			
 
				+// listUserPoliciesByNetwork - lists all acl user policies in a network
			
 
				+func listUserPoliciesByNetwork(netID models.NetworkID) []models.Acl {
			
 
				 	data, err := database.FetchRecords(database.ACLS_TABLE_NAME)
			
 
				 	if err != nil && !database.IsEmptyRecord(err) {
			
 
				 		return []models.Acl{}
			
@@ -391,6 +391,11 @@ func convAclTagToValueMap(acltags []models.AclPolicyTag) map[string]struct{} {
 
				 	return aclValueMap
			
 
				 }
			
 
				 
			
 
				+func IsUserAllowedToCommunicate(userName string, peer models.Node) bool {
			
 
				+	listUserPoliciesByNetwork(models.NetworkID(peer.Network))
			
 
				+	return true
			
 
				+}
			
 
				+
			
 
				 // IsNodeAllowedToCommunicate - check node is allowed to communicate with the peer
			
 
				 func IsNodeAllowedToCommunicate(node, peer models.Node) bool {
			
 
				 	// check default policy if all allowed return true
			
--- a/logic/extpeers.go
+++ b/logic/extpeers.go
@@ -413,6 +413,16 @@ func GetExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandA
 
				 		if !IsClientNodeAllowed(&extPeer, peer.ID.String()) {
			
 
				 			continue
			
 
				 		}
			
 
				+		if extPeer.RemoteAccessClientID == "" {
			
 
				+			if !IsNodeAllowedToCommunicate(extPeer.ConvertToStaticNode(), *peer) {
			
 
				+				continue
			
 
				+			}
			
 
				+		} else {
			
 
				+			if !IsUserAllowedToCommunicate(extPeer.OwnerID, *peer) {
			
 
				+				continue
			
 
				+			}
			
 
				+		}
			
 
				+
			
 
				 		pubkey, err := wgtypes.ParseKey(extPeer.PublicKey)
			
 
				 		if err != nil {
			
 
				 			logger.Log(1, "error parsing ext pub key:", err.Error())
			
--- a/logic/peers.go
+++ b/logic/peers.go
@@ -426,6 +426,7 @@ func GetAllowedIPs(node, peer *models.Node, metrics *models.Metrics) []net.IPNet
 
				 			logger.Log(2, "could not retrieve ext peers for ", peer.ID.String(), err.Error())
			
 
				 		}
			
 
				 		for _, extPeer := range extPeers {
			
 
				+
			
 
				 			allowedips = append(allowedips, extPeer.AllowedIPs...)
			
 
				 		}
			
 
				 	}
			
--- a/models/extclient.go
+++ b/models/extclient.go
@@ -36,3 +36,14 @@ type CustomExtClient struct {
 
				 	PostDown             string              `json:"postdown" bson:"postdown" validate:"max=1024"`
			
 
				 	Tags                 map[TagID]struct{}  `json:"tags"`
			
 
				 }
			
 
				+
			
 
				+func (ext *ExtClient) ConvertToStaticNode() Node {
			
 
				+
			
 
				+	return Node{
			
 
				+		CommonNode: CommonNode{
			
 
				+			Network: ext.Network,
			
 
				+		},
			
 
				+		IsStatic:   true,
			
 
				+		StaticNode: *ext,
			
 
				+	}
			
 
				+}