golang
/
netmaker
mirror of https://github.com/gravitl/netmaker


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253
							package logic

import "github.com/gravitl/netmaker/models"

// functions defined here, handle client ACLs, should be set on ee

var (
	// DenyClientNodeAccess - function to handle adding a node to an ext client's denied node set
	DenyClientNodeAccess = func(ec *models.ExtClient, clientOrNodeID string) bool { return true }
	// IsClientNodeAllowed - function to check if an ext client's denied node set contains a node ID
	IsClientNodeAllowed = func(ec *models.ExtClient, clientOrNodeID string) bool { return true }
	// AllowClientNodeAccess - function to handle removing a node ID from ext client's denied nodes, thus allowing it
	AllowClientNodeAccess = func(ec *models.ExtClient, clientOrNodeID string) bool { return true }
)

// SetClientDefaultACLs - set's a client's default ACLs based on network and nodes in network
func SetClientDefaultACLs(ec *models.ExtClient) error {
	if !isEE {
		return nil
	}
	networkNodes, err := GetNetworkNodes(ec.Network)
	if err != nil {
		return err
	}
	network, err := GetNetwork(ec.Network)
	if err != nil {
		return err
	}
	for i := range networkNodes {
		currNode := networkNodes[i]
		if network.DefaultACL == "no" || currNode.DefaultACL == "no" {
			DenyClientNodeAccess(ec, currNode.ID.String())
		}
	}
	return nil
}

// SetClientACLs - overwrites an ext client's ACL
func SetClientACLs(ec *models.ExtClient, newACLs map[string]struct{}) {
	if ec == nil || newACLs == nil || !isEE {
		return
	}
	ec.ACLs = newACLs
}

// IsClientNodeAllowedByID - checks if a given ext client ID + nodeID are allowed
func IsClientNodeAllowedByID(clientID, networkName, clientOrNodeID string) bool {
	client, err := GetExtClient(clientID, networkName)
	if err != nil {
		return false
	}
	return IsClientNodeAllowed(&client, clientOrNodeID)
}