From 070e1dd890f8fe7f96a64e6ccc4d14ef314c3c9d Mon Sep 17 00:00:00 2001
From: bcmmbaga <bethuelmbaga12@gmail.com>
Date: Mon, 21 Oct 2024 17:12:19 +0300
Subject: [PATCH] Refactor group, ns group, policy and posture checks

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
---
 management/server/group.go          |  3 +++
 management/server/nameserver.go     | 10 +++++++++-
 management/server/policy.go         |  4 ++++
 management/server/posture_checks.go | 16 ++++++++++++++--
 4 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/management/server/group.go b/management/server/group.go
index 91c06a3c0..bdb569e37 100644
--- a/management/server/group.go
+++ b/management/server/group.go
@@ -489,6 +489,9 @@ func anyGroupHasPeers(account *Account, groupIDs []string) bool {
 
 func areGroupChangesAffectPeers(account *Account, groupIDs []string) bool {
 	for _, groupID := range groupIDs {
+		if slices.Contains(account.DNSSettings.DisabledManagementGroups, groupID) {
+			return true
+		}
 		if linked, _ := isGroupLinkedToDns(account.NameServerGroups, groupID); linked {
 			return true
 		}
diff --git a/management/server/nameserver.go b/management/server/nameserver.go
index 751ca12bc..5ebd263dc 100644
--- a/management/server/nameserver.go
+++ b/management/server/nameserver.go
@@ -105,7 +105,7 @@ func (am *DefaultAccountManager) SaveNameServerGroup(ctx context.Context, accoun
 		return err
 	}
 
-	if anyGroupHasPeers(account, nsGroupToSave.Groups) || anyGroupHasPeers(account, oldNSGroup.Groups) {
+	if areNameServerGroupChangesAffectPeers(account, nsGroupToSave, oldNSGroup) {
 		am.updateAccountPeers(ctx, account)
 	}
 	am.StoreEvent(ctx, userID, nsGroupToSave.ID, accountID, activity.NameserverGroupUpdated, nsGroupToSave.EventMeta())
@@ -277,3 +277,11 @@ func validateDomain(domain string) error {
 
 	return nil
 }
+
+// areNameServerGroupChangesAffectPeers checks if the changes in the nameserver group affect the peers.
+func areNameServerGroupChangesAffectPeers(account *Account, newNSGroup, oldNSGroup *nbdns.NameServerGroup) bool {
+	if !newNSGroup.Enabled && !oldNSGroup.Enabled {
+		return false
+	}
+	return anyGroupHasPeers(account, newNSGroup.Groups) || anyGroupHasPeers(account, oldNSGroup.Groups)
+}
diff --git a/management/server/policy.go b/management/server/policy.go
index 95bae8973..cf695e5e2 100644
--- a/management/server/policy.go
+++ b/management/server/policy.go
@@ -461,6 +461,10 @@ func (am *DefaultAccountManager) savePolicy(account *Account, policyToSave *Poli
 		}
 
 		oldPolicy := account.Policies[policyIdx]
+		if !policyToSave.Enabled && !oldPolicy.Enabled {
+			return false, nil
+		}
+
 		updateAccountPeers := anyGroupHasPeers(account, oldPolicy.ruleGroups()) || anyGroupHasPeers(account, policyToSave.ruleGroups())
 
 		// Update the existing policy
diff --git a/management/server/posture_checks.go b/management/server/posture_checks.go
index ca4946703..2dccd8f59 100644
--- a/management/server/posture_checks.go
+++ b/management/server/posture_checks.go
@@ -68,8 +68,7 @@ func (am *DefaultAccountManager) SavePostureChecks(ctx context.Context, accountI
 
 	am.StoreEvent(ctx, userID, postureChecks.ID, accountID, action, postureChecks.EventMeta())
 
-	isLinked, linkedPolicy := isPostureCheckLinkedToPolicy(account, postureChecks.ID)
-	if exists && isLinked && anyGroupHasPeers(account, linkedPolicy.ruleGroups()) {
+	if arePostureCheckChangesAffectingPeers(account, postureChecks.ID, exists) {
 		am.updateAccountPeers(ctx, account)
 	}
 
@@ -224,3 +223,16 @@ func isPostureCheckLinkedToPolicy(account *Account, postureChecksID string) (boo
 	}
 	return false, nil
 }
+
+// arePostureCheckChangesAffectingPeers checks if the changes in posture checks are affecting peers.
+func arePostureCheckChangesAffectingPeers(account *Account, postureCheckID string, exists bool) bool {
+	if !exists {
+		return false
+	}
+
+	isLinked, linkedPolicy := isPostureCheckLinkedToPolicy(account, postureCheckID)
+	if !isLinked {
+		return false
+	}
+	return anyGroupHasPeers(account, linkedPolicy.ruleGroups())
+}