From a657a96b66683a7b6f5abcc09ccef9a5f0638bbd Mon Sep 17 00:00:00 2001 From: Zoltan Papp Date: Wed, 6 Mar 2024 16:12:12 +0100 Subject: [PATCH] Handle account level and group level validation in same logic --- management/server/account.go | 1 + management/server/http/peers_handler.go | 12 +++++++----- management/server/integrated_approval.go | 5 +++++ 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/management/server/account.go b/management/server/account.go index 56d4c262f..4db62e8dc 100644 --- a/management/server/account.go +++ b/management/server/account.go @@ -128,6 +128,7 @@ type AccountManager interface { ListPostureChecks(accountID, userID string) ([]*posture.Checks, error) GetIdpManager() idp.Manager UpdateIntegratedApprovalGroups(accountID string, userID string, groups []string) error + IsRequiresApproval(accountID string, peer *nbpeer.Peer, peersGroup []string, extraSettings *account.ExtraSettings) bool GroupValidation(accountId string, groups []string) (bool, error) } diff --git a/management/server/http/peers_handler.go b/management/server/http/peers_handler.go index d4d2558e8..ca58b23b8 100644 --- a/management/server/http/peers_handler.go +++ b/management/server/http/peers_handler.go @@ -63,8 +63,8 @@ func (h *PeersHandler) getPeer(account *server.Account, peerID, userID string, w netMap := account.GetPeerNetworkMap(peerID, h.accountManager.GetDNSDomain()) accessiblePeers := toAccessiblePeers(netMap, dnsDomain) - - util.WriteJSONObject(w, toSinglePeerResponse(peerToReturn, groupsInfo, dnsDomain, accessiblePeers)) + isRequiresApproval := h.accountManager.IsRequiresApproval(account.Id, peer, account.GetPeerGroupsList(peer.ID), account.Settings.Extra) + util.WriteJSONObject(w, toSinglePeerResponse(peerToReturn, groupsInfo, dnsDomain, accessiblePeers, isRequiresApproval)) } func (h *PeersHandler) updatePeer(account *server.Account, user *server.User, peerID string, w http.ResponseWriter, r *http.Request) { @@ -94,7 +94,8 @@ func (h *PeersHandler) updatePeer(account *server.Account, user *server.User, pe netMap := account.GetPeerNetworkMap(peerID, h.accountManager.GetDNSDomain()) accessiblePeers := toAccessiblePeers(netMap, dnsDomain) - util.WriteJSONObject(w, toSinglePeerResponse(peer, groupMinimumInfo, dnsDomain, accessiblePeers)) + // todo return with valid peer approval status + util.WriteJSONObject(w, toSinglePeerResponse(peer, groupMinimumInfo, dnsDomain, accessiblePeers, false)) } func (h *PeersHandler) deletePeer(accountID, userID string, peerID string, w http.ResponseWriter) { @@ -166,6 +167,7 @@ func (h *PeersHandler) GetAllPeers(w http.ResponseWriter, r *http.Request) { accessiblePeerNumbers := h.accessiblePeersNumber(account, peer.ID) + // todo extend with peer approval status respBody = append(respBody, toPeerListItemResponse(peerToReturn, groupMinimumInfo, dnsDomain, accessiblePeerNumbers)) } util.WriteJSONObject(w, respBody) @@ -230,7 +232,7 @@ func toGroupsInfo(groups map[string]*server.Group, peerID string) []api.GroupMin return groupsInfo } -func toSinglePeerResponse(peer *nbpeer.Peer, groupsInfo []api.GroupMinimum, dnsDomain string, accessiblePeer []api.AccessiblePeer) *api.Peer { +func toSinglePeerResponse(peer *nbpeer.Peer, groupsInfo []api.GroupMinimum, dnsDomain string, accessiblePeer []api.AccessiblePeer, approval bool) *api.Peer { osVersion := peer.Meta.OSVersion if osVersion == "" { osVersion = peer.Meta.Core @@ -257,7 +259,7 @@ func toSinglePeerResponse(peer *nbpeer.Peer, groupsInfo []api.GroupMinimum, dnsD LastLogin: peer.LastLogin, LoginExpired: peer.Status.LoginExpired, AccessiblePeers: accessiblePeer, - ApprovalRequired: &peer.Status.RequiresApproval, + ApprovalRequired: &approval, CountryCode: peer.Location.CountryCode, CityName: peer.Location.CityName, } diff --git a/management/server/integrated_approval.go b/management/server/integrated_approval.go index 80e1a9ce2..7284c35a9 100644 --- a/management/server/integrated_approval.go +++ b/management/server/integrated_approval.go @@ -6,6 +6,7 @@ import ( "github.com/google/martian/v3/log" "github.com/netbirdio/netbird/management/server/account" + nbpeer "github.com/netbirdio/netbird/management/server/peer" ) // UpdateIntegratedApprovalGroups updates the integrated approval groups for a specified account. @@ -51,6 +52,10 @@ func (am *DefaultAccountManager) UpdateIntegratedApprovalGroups(accountID string return am.Store.SaveAccount(a) } +func (am *DefaultAccountManager) IsPeerRequiresApproval(accountID string, peer *nbpeer.Peer) bool { + return am.integratedPeerValidator.IsRequiresApproval(accountID, peer, nil, nil) +} + func (am *DefaultAccountManager) GroupValidation(accountId string, groups []string) (bool, error) { if len(groups) == 0 { return true, nil