From ed1f48a4b4814d9712a09ded42dc4302b7a9ea66 Mon Sep 17 00:00:00 2001
From: abhishek9686 <abhi281342@gmail.com>
Date: Fri, 14 Feb 2025 19:59:58 +0400
Subject: [PATCH] remove node id from acls when deleted

---
 logic/acls.go     | 72 +++++++++++++++++++++++++++++++++++++++++++++++
 logic/extpeers.go |  1 +
 logic/nodes.go    |  1 +
 3 files changed, 74 insertions(+)

diff --git a/logic/acls.go b/logic/acls.go
index fbb29504..53b878a3 100644
--- a/logic/acls.go
+++ b/logic/acls.go
@@ -654,6 +654,78 @@ func IsPeerAllowed(node, peer models.Node, checkDefaultPolicy bool) bool {
 	}
 	return false
 }
+func RemoveNodeFromAclPolicy(node models.Node) {
+	var nodeID string
+	if node.IsStatic {
+		nodeID = node.StaticNode.ClientID
+	} else {
+		nodeID = node.ID.String()
+	}
+	acls, _ := ListAclsByNetwork(models.NetworkID(node.Network))
+	for _, acl := range acls {
+		delete := false
+		update := false
+		if acl.RuleType == models.DevicePolicy {
+			for i, srcI := range acl.Src {
+				if srcI.ID == models.NodeID && srcI.Value == nodeID {
+					if len(acl.Src) == 1 {
+						// delete policy
+						delete = true
+						break
+					} else {
+						acl.Src = append(acl.Src[:i], acl.Src[i+1:]...)
+						update = true
+					}
+				}
+			}
+			if delete {
+				DeleteAcl(acl)
+				continue
+			}
+			for i, dstI := range acl.Dst {
+				if dstI.ID == models.NodeID && dstI.Value == nodeID {
+					if len(acl.Dst) == 1 {
+						// delete policy
+						delete = true
+						break
+					} else {
+						acl.Dst = append(acl.Dst[:i], acl.Dst[i+1:]...)
+						update = true
+					}
+				}
+			}
+			if delete {
+				DeleteAcl(acl)
+				continue
+			}
+			if update {
+				UpsertAcl(acl)
+			}
+
+		}
+		if acl.RuleType == models.UserPolicy {
+			for i, dstI := range acl.Dst {
+				if dstI.ID == models.NodeID && dstI.Value == nodeID {
+					if len(acl.Dst) == 1 {
+						// delete policy
+						delete = true
+						break
+					} else {
+						acl.Dst = append(acl.Dst[:i], acl.Dst[i+1:]...)
+						update = true
+					}
+				}
+			}
+			if delete {
+				DeleteAcl(acl)
+				continue
+			}
+			if update {
+				UpsertAcl(acl)
+			}
+		}
+	}
+}
 
 func checkTagGroupPolicy(srcMap, dstMap map[string]struct{}, node, peer models.Node,
 	nodeTags, peerTags map[models.TagID]struct{}) bool {
diff --git a/logic/extpeers.go b/logic/extpeers.go
index 706c5631..d3e8cbd5 100644
--- a/logic/extpeers.go
+++ b/logic/extpeers.go
@@ -134,6 +134,7 @@ func DeleteExtClientAndCleanup(extClient models.ExtClient) error {
 		slog.Error("DeleteExtClientAndCleanup-update network acls:", "Error", err.Error())
 		return err
 	}
+	go RemoveNodeFromAclPolicy(extClient.ConvertToStaticNode())
 
 	return nil
 }
diff --git a/logic/nodes.go b/logic/nodes.go
index f47e6512..6f11bd13 100644
--- a/logic/nodes.go
+++ b/logic/nodes.go
@@ -312,6 +312,7 @@ func DeleteNode(node *models.Node, purge bool) error {
 	if err := DissasociateNodeFromHost(node, host); err != nil {
 		return err
 	}
+	go RemoveNodeFromAclPolicy(*node)
 
 	return nil
 }