add view only permissions for network users

2025-10-08 02:06:06 +08:00 · 2024-11-10 17:38:04 +04:00
parent 15bfcada65
commit 378bac7452
2 changed files with 62 additions and 1 deletions
--- a/models/user_mgmt.go
+++ b/models/user_mgmt.go
@@ -80,7 +80,8 @@ const (
 	AllUserRsrcID           RsrcID = "all_user"
 	AllDnsRsrcID            RsrcID = "all_dns"
 	AllFailOverRsrcID       RsrcID = "all_fail_over"
-	AllAclsRsrcID           RsrcID = "all_acls"
+	AllAclsRsrcID           RsrcID = "all_acl"
+	AllTagsRsrcID           RsrcID = "all_tag"
 )

 // Pre-Defined User Roles
--- a/pro/logic/user_mgmt.go
+++ b/pro/logic/user_mgmt.go
@@ -60,6 +60,36 @@ var NetworkUserAllPermissionTemplate = models.UserRolePermissionTemplate{
 				SelfOnly: true,
 			},
 		},
+		models.DnsRsrc: {
+			models.AllDnsRsrcID: models.RsrcPermissionScope{
+				Read: true,
+			},
+		},
+		models.AclRsrc: {
+			models.AllAclsRsrcID: models.RsrcPermissionScope{
+				Read: true,
+			},
+		},
+		models.EgressGwRsrc: {
+			models.AllEgressGwRsrcID: models.RsrcPermissionScope{
+				Read: true,
+			},
+		},
+		models.InetGwRsrc: {
+			models.AllInetGwRsrcID: models.RsrcPermissionScope{
+				Read: true,
+			},
+		},
+		models.RelayRsrc: {
+			models.AllRelayRsrcID: models.RsrcPermissionScope{
+				Read: true,
+			},
+		},
+		models.TagRsrc: {
+			models.AllTagsRsrcID: models.RsrcPermissionScope{
+				Read: true,
+			},
+		},
 	},
 }

@@ -147,6 +177,36 @@ func CreateDefaultNetworkRolesAndGroups(netID models.NetworkID) {
 					SelfOnly: true,
 				},
 			},
+			models.DnsRsrc: {
+				models.AllDnsRsrcID: models.RsrcPermissionScope{
+					Read: true,
+				},
+			},
+			models.AclRsrc: {
+				models.AllAclsRsrcID: models.RsrcPermissionScope{
+					Read: true,
+				},
+			},
+			models.EgressGwRsrc: {
+				models.AllEgressGwRsrcID: models.RsrcPermissionScope{
+					Read: true,
+				},
+			},
+			models.InetGwRsrc: {
+				models.AllInetGwRsrcID: models.RsrcPermissionScope{
+					Read: true,
+				},
+			},
+			models.RelayRsrc: {
+				models.AllRelayRsrcID: models.RsrcPermissionScope{
+					Read: true,
+				},
+			},
+			models.TagRsrc: {
+				models.AllTagsRsrcID: models.RsrcPermissionScope{
+					Read: true,
+				},
+			},
 		},
 	}
 	d, _ := json.Marshal(NetworkAdminPermissionTemplate)