mirror of
https://github.com/gravitl/netmaker.git
synced 2025-10-23 17:03:17 +08:00
36 lines
991 B
Go
36 lines
991 B
Go
package proacls
|
|
|
|
import (
|
|
"github.com/gravitl/netmaker/logic/acls"
|
|
"github.com/gravitl/netmaker/logic/acls/nodeacls"
|
|
"github.com/gravitl/netmaker/models"
|
|
)
|
|
|
|
// AdjustNodeAcls - adjusts ACLs based on a node's default value
|
|
func AdjustNodeAcls(node *models.Node, networkNodes []models.Node) error {
|
|
networkID := nodeacls.NetworkID(node.Network)
|
|
nodeID := nodeacls.NodeID(node.ID)
|
|
currentACLs, err := nodeacls.FetchAllACLs(networkID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
for i := range networkNodes {
|
|
currentNodeID := nodeacls.NodeID(networkNodes[i].ID)
|
|
if currentNodeID == nodeID {
|
|
continue
|
|
}
|
|
// 2 cases
|
|
// both allow - allow
|
|
// either 1 denies - deny
|
|
if node.DoesACLAllow() {
|
|
currentACLs.ChangeAccess(acls.AclID(nodeID), acls.AclID(currentNodeID), acls.Allowed)
|
|
} else if node.DoesACLDeny() {
|
|
currentACLs.ChangeAccess(acls.AclID(nodeID), acls.AclID(currentNodeID), acls.NotAllowed)
|
|
}
|
|
}
|
|
|
|
_, err = currentACLs.Save(acls.ContainerID(node.Network))
|
|
return err
|
|
}
|