zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-28 19:11:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

fetch user gw via access policy

Browse Source
This commit is contained in:
abhishek9686
2024-09-25 18:18:23 +04:00
parent fcd3325173
commit 3d327bb89e
5 changed files with 86 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
logic/acls.go
View File

@@ -143,6 +143,57 @@ func GetDefaultPolicy(netID models.NetworkID, ruleType models.AclPolicyType) (mo
return models.Acl{}, errors.New("default rule not found") return models.Acl{}, errors.New("default rule not found")
} }
func ListUserPolicies(u models.User) []models.Acl {
data, err := database.FetchRecords(database.TAG_TABLE_NAME)
if err != nil && !database.IsEmptyRecord(err) {
return []models.Acl{}
}
acls := []models.Acl{}
for _, dataI := range data {
acl := models.Acl{}
err := json.Unmarshal([]byte(dataI), &acl)
if err != nil {
continue
}
if acl.RuleType == models.UserPolicy {
srcMap := convAclTagToValueMap(acl.Src)
if _, ok := srcMap[u.UserName]; ok {
acls = append(acls, acl)
} else {
// check for user groups
for gID := range u.UserGroups {
if _, ok := srcMap[gID.String()]; ok {
acls = append(acls, acl)
break
}
}
}
}
}
return acls
}
func ListUserPoliciesByNetwork(netID models.NetworkID) []models.Acl {
data, err := database.FetchRecords(database.TAG_TABLE_NAME)
if err != nil && !database.IsEmptyRecord(err) {
return []models.Acl{}
}
acls := []models.Acl{}
for _, dataI := range data {
acl := models.Acl{}
err := json.Unmarshal([]byte(dataI), &acl)
if err != nil {
continue
}
if acl.NetworkID == netID && acl.RuleType == models.UserPolicy {
acls = append(acls, acl)
}
}
return acls
}
// listDevicePolicies - lists all device policies in a network // listDevicePolicies - lists all device policies in a network
func listDevicePolicies(netID models.NetworkID) []models.Acl { func listDevicePolicies(netID models.NetworkID) []models.Acl {
data, err := database.FetchRecords(database.TAG_TABLE_NAME) data, err := database.FetchRecords(database.TAG_TABLE_NAME)

20
logic/nodes.go
View File

@@ -702,7 +702,21 @@ func GetAllFailOvers() ([]models.Node, error) {
return igs, nil return igs, nil
} }
func GetTagMapWithNodes(netID models.NetworkID) (tagNodesMap map[models.TagID][]models.Node) { func GetTagMapWithNodes() (tagNodesMap map[models.TagID][]models.Node) {
tagNodesMap = make(map[models.TagID][]models.Node)
nodes, _ := GetAllNodes()
for _, nodeI := range nodes {
if nodeI.Tags == nil {
continue
}
for nodeTagID := range nodeI.Tags {
tagNodesMap[nodeTagID] = append(tagNodesMap[nodeTagID], nodeI)
}
}
return
}
func GetTagMapWithNodesByNetwork(netID models.NetworkID) (tagNodesMap map[models.TagID][]models.Node) {
tagNodesMap = make(map[models.TagID][]models.Node) tagNodesMap = make(map[models.TagID][]models.Node)
nodes, _ := GetNetworkNodes(netID.String()) nodes, _ := GetNetworkNodes(netID.String())
for _, nodeI := range nodes { for _, nodeI := range nodes {
@@ -710,11 +724,7 @@ func GetTagMapWithNodes(netID models.NetworkID) (tagNodesMap map[models.TagID][]
continue continue
} }
for nodeTagID := range nodeI.Tags { for nodeTagID := range nodeI.Tags {
if _, ok := tagNodesMap[nodeTagID]; ok {
tagNodesMap[nodeTagID] = append(tagNodesMap[nodeTagID], nodeI) tagNodesMap[nodeTagID] = append(tagNodesMap[nodeTagID], nodeI)
} else {
tagNodesMap[nodeTagID] = []models.Node{nodeI}
}
} }
} }
return return

2
logic/tags.go
View File

@@ -70,7 +70,7 @@ func ListTagsWithNodes(netID models.NetworkID) ([]models.TagListResp, error) {
if err != nil { if err != nil {
return []models.TagListResp{}, err return []models.TagListResp{}, err
} }
tagsNodeMap := GetTagMapWithNodes(netID) tagsNodeMap := GetTagMapWithNodesByNetwork(netID)
resp := []models.TagListResp{} resp := []models.TagListResp{}
for _, tagI := range tags { for _, tagI := range tags {
tagRespI := models.TagListResp{ tagRespI := models.TagListResp{

2
pro/controllers/users.go
View File

@@ -861,7 +861,7 @@ func getUserRemoteAccessGwsV1(w http.ResponseWriter, r *http.Request) {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal")) logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
return return
} }
userGwNodes := proLogic.GetUserRAGNodes(*user) userGwNodes := proLogic.GetUserRAGNodesV1(*user)
for _, extClient := range allextClients { for _, extClient := range allextClients {
node, ok := userGwNodes[extClient.IngressGatewayID] node, ok := userGwNodes[extClient.IngressGatewayID]
if !ok { if !ok {

17
pro/logic/user_mgmt.go
View File

@@ -508,6 +508,23 @@ func HasNetworkRsrcScope(permissionTemplate models.UserRolePermissionTemplate, n
_, ok = rsrcScope[rsrcID] _, ok = rsrcScope[rsrcID]
return ok return ok
} }
func GetUserRAGNodesV1(user models.User) (gws map[string]models.Node) {
gws = make(map[string]models.Node)
tagNodesMap := logic.GetTagMapWithNodes()
accessPolices := logic.ListUserPolicies(user)
for _, policyI := range accessPolices {
for _, dstI := range policyI.Dst {
if nodes, ok := tagNodesMap[models.TagID(dstI.Value)]; ok {
for _, node := range nodes {
gws[node.ID.String()] = node
}
}
}
}
return
}
func GetUserRAGNodes(user models.User) (gws map[string]models.Node) { func GetUserRAGNodes(user models.User) (gws map[string]models.Node) {
gws = make(map[string]models.Node) gws = make(map[string]models.Node)
userGwAccessScope := GetUserNetworkRolesWithRemoteVPNAccess(user) userGwAccessScope := GetUserNetworkRolesWithRemoteVPNAccess(user)