remove default net group from user when deleted

controllers/user.go

@@ -529,20 +529,23 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
 			return
 
 		}
-		// user cannot update his own roles and groups
-		if len(user.NetworkRoles) != len(userchange.NetworkRoles) || !reflect.DeepEqual(user.NetworkRoles, userchange.NetworkRoles) {
-			err = errors.New("user cannot update self update their network roles")
-			slog.Error("failed to update user", "caller", caller.UserName, "attempted to update user", username, "error", err)
-			logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
-			return
-		}
-		// user cannot update his own roles and groups
-		if len(user.UserGroups) != len(userchange.UserGroups) || !reflect.DeepEqual(user.UserGroups, userchange.UserGroups) {
-			err = errors.New("user cannot update self update their groups")
-			slog.Error("failed to update user", "caller", caller.UserName, "attempted to update user", username, "error", err)
-			logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
-			return
+		if servercfg.IsPro {
+			// user cannot update his own roles and groups
+			if len(user.NetworkRoles) != len(userchange.NetworkRoles) || !reflect.DeepEqual(user.NetworkRoles, userchange.NetworkRoles) {
+				err = errors.New("user cannot update self update their network roles")
+				slog.Error("failed to update user", "caller", caller.UserName, "attempted to update user", username, "error", err)
+				logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
+				return
+			}
+			// user cannot update his own roles and groups
+			if len(user.UserGroups) != len(userchange.UserGroups) || !reflect.DeepEqual(user.UserGroups, userchange.UserGroups) {
+				err = errors.New("user cannot update self update their groups")
+				slog.Error("failed to update user", "caller", caller.UserName, "attempted to update user", username, "error", err)
+				logic.ReturnErrorResponse(w, r, logic.FormatError(err, "forbidden"))
+				return
+			}
 		}
+
 	}
 	if ismaster {
 		if user.PlatformRoleID != models.SuperAdminRole && userchange.PlatformRoleID == models.SuperAdminRole {

pro/logic/user_mgmt.go

@@ -139,15 +139,28 @@ func DeleteNetworkRoles(netID string) {
 	if err != nil {
 		return
 	}
+	defaultUserGrp := fmt.Sprintf("%s-%s-grp", netID, models.NetworkUser)
+	defaultAdminGrp := fmt.Sprintf("%s-%s-grp", netID, models.NetworkAdmin)
 	for _, user := range users {
+		var upsert bool
 		if _, ok := user.NetworkRoles[models.NetworkID(netID)]; ok {
 			delete(user.NetworkRoles, models.NetworkID(netID))
+			upsert = true
+		}
+		if _, ok := user.UserGroups[models.UserGroupID(defaultUserGrp)]; ok {
+			delete(user.UserGroups, models.UserGroupID(defaultUserGrp))
+			upsert = true
+		}
+		if _, ok := user.UserGroups[models.UserGroupID(defaultAdminGrp)]; ok {
+			delete(user.UserGroups, models.UserGroupID(defaultAdminGrp))
+			upsert = true
+		}
+		if upsert {
 			logic.UpsertUser(user)
 		}
-
 	}
-	database.DeleteRecord(database.USER_GROUPS_TABLE_NAME, fmt.Sprintf("%s-%s-grp", netID, models.NetworkUser))
-	database.DeleteRecord(database.USER_GROUPS_TABLE_NAME, fmt.Sprintf("%s-%s-grp", netID, models.NetworkAdmin))
+	database.DeleteRecord(database.USER_GROUPS_TABLE_NAME, defaultUserGrp)
+	database.DeleteRecord(database.USER_GROUPS_TABLE_NAME, defaultAdminGrp)
 	userGs, _ := ListUserGroups()
 	for _, userGI := range userGs {
 		if _, ok := userGI.NetworkRoles[models.NetworkID(netID)]; ok {