golang
/
netmaker
mirror of https://github.com/gravitl/netmaker


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687
							package logic

import (
	"errors"
	"sort"

	"github.com/gravitl/netmaker/models"
)

// functions defined here, handle client ACLs, should be set on ee

var (
	// DenyClientNodeAccess - function to handle adding a node to an ext client's denied node set
	DenyClientNodeAccess = func(ec *models.ExtClient, clientOrNodeID string) bool {
		return true
	}
	// IsClientNodeAllowed - function to check if an ext client's denied node set contains a node ID
	IsClientNodeAllowed = func(ec *models.ExtClient, clientOrNodeID string) bool {
		return true
	}
	// AllowClientNodeAccess - function to handle removing a node ID from ext client's denied nodes, thus allowing it
	AllowClientNodeAccess = func(ec *models.ExtClient, clientOrNodeID string) bool {
		return true
	}
)

// SetClientDefaultACLs - set's a client's default ACLs based on network and nodes in network
func SetClientDefaultACLs(ec *models.ExtClient) error {
	if !isEE {
		return nil
	}
	networkNodes, err := GetNetworkNodes(ec.Network)
	if err != nil {
		return err
	}
	network, err := GetNetwork(ec.Network)
	if err != nil {
		return err
	}
	for i := range networkNodes {
		currNode := networkNodes[i]
		if network.DefaultACL == "no" || currNode.DefaultACL == "no" {
			DenyClientNodeAccess(ec, currNode.ID.String())
		} else {
			AllowClientNodeAccess(ec, currNode.ID.String())
		}
	}
	return nil
}

// SetClientACLs - overwrites an ext client's ACL
func SetClientACLs(ec *models.ExtClient, newACLs map[string]struct{}) {
	if ec == nil || newACLs == nil || !isEE {
		return
	}
	ec.DeniedACLs = newACLs
}

// IsClientNodeAllowedByID - checks if a given ext client ID + nodeID are allowed
func IsClientNodeAllowedByID(clientID, networkName, clientOrNodeID string) bool {
	client, err := GetExtClient(clientID, networkName)
	if err != nil {
		return false
	}
	return IsClientNodeAllowed(&client, clientOrNodeID)
}

// SortExtClient - Sorts slice of ExtClients by their ClientID alphabetically with numbers first
func SortExtClient(unsortedExtClient []models.ExtClient) {
	sort.Slice(unsortedExtClient, func(i, j int) bool {
		return unsortedExtClient[i].ClientID < unsortedExtClient[j].ClientID
	})
}

// GetExtClientByName - gets an ext client by name
func GetExtClientByName(ID string) (models.ExtClient, error) {
	clients, err := GetAllExtClients()
	if err != nil {
		return models.ExtClient{}, err
	}
	for i := range clients {
		if clients[i].ClientID == ID {
			return clients[i], nil
		}
	}
	return models.ExtClient{}, errors.New("client not found")
}