add deprecation in the settings update

controllers/network.go

@@ -16,6 +16,7 @@ import (
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic"
 	"github.com/gravitl/netmaker/logic/acls"
+	"github.com/gravitl/netmaker/logic/acls/nodeacls"
 	"github.com/gravitl/netmaker/models"
 	"github.com/gravitl/netmaker/mq"
 	"github.com/gravitl/netmaker/servercfg"
@@ -42,6 +43,8 @@ func networkHandlers(r *mux.Router) {
 	r.HandleFunc("/api/networks/{networkname}/acls", logic.SecurityCheck(true, http.HandlerFunc(getNetworkACL))).
 		Methods(http.MethodGet)
 	r.HandleFunc("/api/networks/{networkname}/egress_routes", logic.SecurityCheck(true, http.HandlerFunc(getNetworkEgressRoutes)))
+	r.HandleFunc("/api/networks/{networkname}/old_acl_status", logic.SecurityCheck(true, http.HandlerFunc(OldNetworkACLStatus))).
+		Methods(http.MethodGet)
 }
 
 // @Summary     Lists all networks
@@ -430,6 +433,40 @@ func getNetworkACL(w http.ResponseWriter, r *http.Request) {
 	json.NewEncoder(w).Encode(networkACL)
 }
 
+// @Summary     Check a Old ACL Status (Access Control List)
+// @Router      /api/networks/{networkname}/old_acl_status [get]
+// @Tags        Networks
+// @Security    oauth
+// @Param       networkname path string true "Network name"
+// @Produce     json
+// @Success     200 {object} acls.ACLContainer
+// @Failure     500 {object} models.ErrorResponse
+func OldNetworkACLStatus(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set("Content-Type", "application/json")
+	var params = mux.Vars(r)
+	netname := params["networkname"]
+	var networkACL acls.ACLContainer
+	networkACL, err := nodeacls.FetchAllACLs(nodeacls.NetworkID(netname))
+	if err != nil {
+		logic.ReturnSuccessResponse(w, r, "false")
+		return
+	}
+	disableOldAcls := true
+	for _, aclNode := range networkACL {
+		for _, allowed := range aclNode {
+			if allowed != acls.Allowed {
+				disableOldAcls = false
+				break
+			}
+		}
+	}
+	msg := "true"
+	if disableOldAcls {
+		msg = "false"
+	}
+	logic.ReturnSuccessResponse(w, r, msg)
+}
+
 // @Summary     Get a network Egress routes
 // @Router      /api/networks/{networkname}/egress_routes [get]
 // @Tags        Networks

logic/settings.go

@@ -11,6 +11,8 @@ import (
 
 	"github.com/gravitl/netmaker/config"
 	"github.com/gravitl/netmaker/database"
+	"github.com/gravitl/netmaker/logic/acls"
+	"github.com/gravitl/netmaker/logic/acls/nodeacls"
 	"github.com/gravitl/netmaker/models"
 	"github.com/gravitl/netmaker/servercfg"
 )
@@ -61,7 +63,10 @@ func UpsertServerSettings(s models.ServerSettings) error {
 		}
 	}
 	s.GroupFilters = groupFilters
-
+	if !s.OldAClsSupport {
+		// set defaults for old acl settings
+		go setDefaultsforOldAclCfg()
+	}
 	data, err := json.Marshal(s)
 	if err != nil {
 		return err
@@ -73,6 +78,36 @@ func UpsertServerSettings(s models.ServerSettings) error {
 	return nil
 }
 
+func setDefaultsforOldAclCfg() {
+	nets, _ := GetNetworks()
+	for _, netI := range nets {
+		if netI.DefaultACL != "yes" {
+			netI.DefaultACL = "yes"
+			UpsertNetwork(netI)
+		}
+		networkACL, err := nodeacls.FetchAllACLs(nodeacls.NetworkID(netI.NetID))
+		if err != nil {
+			continue
+		}
+		for id, aclNode := range networkACL {
+			for aclID, allowed := range aclNode {
+				if allowed != acls.Allowed {
+					aclNode.Allow(aclID)
+				}
+			}
+			networkACL.UpdateACL(id, aclNode)
+		}
+		networkACL.Save(acls.ContainerID(netI.NetID))
+	}
+	nodes, _ := GetAllNodes()
+	for _, node := range nodes {
+		if node.DefaultACL != "yes" {
+			node.DefaultACL = "yes"
+			UpsertNode(&node)
+		}
+	}
+}
+
 func GetUserSettings(userID string) models.UserSettings {
 	data, err := database.FetchRecord(database.SERVER_SETTINGS, userID)
 	if err != nil {