Handle group changes

This commit is contained in:
Zoltan Papp 2024-03-07 13:48:57 +01:00
parent 896599aa57
commit cd2e549032
4 changed files with 75 additions and 12 deletions

View File

@ -20,6 +20,9 @@ import (
// Returns:
// - error: An error if any occurred during the process, otherwise returns nil
func (am *DefaultAccountManager) UpdateIntegratedApprovalGroups(accountID string, userID string, groups []string) error {
unlock := am.Store.AcquireAccountLock(accountID)
defer unlock()
ok, err := am.GroupValidation(accountID, groups)
if err != nil {
log.Debugf("error validating groups: %s", err.Error())
@ -31,9 +34,6 @@ func (am *DefaultAccountManager) UpdateIntegratedApprovalGroups(accountID string
return errors.New("invalid groups")
}
unlock := am.Store.AcquireAccountLock(accountID)
defer unlock()
a, err := am.Store.GetAccountByUser(userID)
if err != nil {
return err
@ -48,6 +48,16 @@ func (am *DefaultAccountManager) UpdateIntegratedApprovalGroups(accountID string
a.Settings.Extra = extra
}
extra.IntegratedApprovalGroups = groups
am.cleanIntegratedApprovalFlag(a, groups)
err = am.updateFlags(a, groups)
if err != nil {
saveErr := am.Store.SaveAccount(a)
if saveErr != nil {
log.Errorf("failed to save account: %s", saveErr)
}
return err
}
return am.Store.SaveAccount(a)
}
@ -74,3 +84,49 @@ func (am *DefaultAccountManager) GroupValidation(accountId string, groups []stri
return true, nil
}
// updateFlags set the requiresIntegratedApproval flag to true for all peers in the account what is part of the groups, but the peer not part of the already approved list in the edr db
func (am *DefaultAccountManager) updateFlags(a *Account, groups []string) error {
approvedPeers, err := am.integratedPeerValidator.ApprovedPeersList(a.Id)
if err != nil {
log.Errorf("failed to get approved peers list: %s", err)
return err
}
for peerID, peer := range a.Peers {
peerGroups := a.GetPeerGroupsList(peerID)
if !isPeerAssignedToIntegratedApprovalGroup(peerGroups, groups) {
continue
}
// set true only that case if not yet approved in the edr db
_, ok := approvedPeers[peerID]
if ok {
continue
}
peer.Status.RequiresIntegratedApproval = true
}
return nil
}
// cleanIntegratedApprovalFlag set the requireIntegratedApproval flag to false for all peers in the account what is not part of the groups
func (am *DefaultAccountManager) cleanIntegratedApprovalFlag(a *Account, groups []string) {
for peerID, peer := range a.Peers {
peerGroups := a.GetPeerGroupsList(peerID)
if isPeerAssignedToIntegratedApprovalGroup(peerGroups, groups) {
continue
}
peer.Status.RequiresIntegratedApproval = false
}
}
func isPeerAssignedToIntegratedApprovalGroup(peersGroup []string, integratedApprovalGroups []string) bool {
for _, peerGroup := range peersGroup {
for _, ig := range integratedApprovalGroups {
if ig == peerGroup {
return true
}
}
}
return false
}

View File

@ -8,6 +8,7 @@ import (
// IntegratedApproval interface exists to avoid the circle dependencies
type IntegratedApproval interface {
PreparePeer(accountID string, peer *nbpeer.Peer, peersGroup []string, extraSettings *account.ExtraSettings) *nbpeer.Peer
IsRequiresApproval(accountID string, peer *nbpeer.Peer, peersGroup []string, extraSettings *account.ExtraSettings) bool
IsRequiresApproval(accountID string, peer *nbpeer.Peer, peersGroup []string, extraSettings *account.ExtraSettings) (bool, bool)
ApprovedPeersList(id string) (map[string]struct{}, error)
Stop()
}

View File

@ -521,9 +521,10 @@ func (am *DefaultAccountManager) SyncPeer(sync PeerSync) (*nbpeer.Peer, *Network
return nil, nil, status.Errorf(status.PermissionDenied, "peer login has expired, please log in once more")
}
requiresApproval := am.integratedPeerValidator.IsRequiresApproval(account.Id, peer, account.GetPeerGroupsList(peer.ID), account.Settings.Extra)
if peer.Status.RequiresApproval != requiresApproval {
requiresApproval, requiresIntegratedApproval := am.integratedPeerValidator.IsRequiresApproval(account.Id, peer, account.GetPeerGroupsList(peer.ID), account.Settings.Extra)
if peer.Status.RequiresApproval != requiresApproval || peer.Status.RequiresIntegratedApproval != requiresIntegratedApproval {
peer.Status.RequiresApproval = requiresApproval
peer.Status.RequiresIntegratedApproval = requiresIntegratedApproval
err = am.Store.SaveAccount(account)
if err != nil {
return nil, nil, err
@ -596,8 +597,10 @@ func (am *DefaultAccountManager) LoginPeer(login PeerLogin) (*nbpeer.Peer, *Netw
am.StoreEvent(login.UserID, peer.ID, account.Id, activity.UserLoggedInPeer, peer.EventMeta(am.GetDNSDomain()))
}
isRequiresApproval := am.integratedPeerValidator.IsRequiresApproval(account.Id, peer, account.GetPeerGroupsList(peer.ID), account.Settings.Extra)
if peer.Status.RequiresApproval != isRequiresApproval {
isRequiresApproval, isRequiresIntegratedApproval := am.integratedPeerValidator.IsRequiresApproval(account.Id, peer, account.GetPeerGroupsList(peer.ID), account.Settings.Extra)
if peer.Status.RequiresApproval != isRequiresApproval || peer.Status.RequiresIntegratedApproval != isRequiresIntegratedApproval {
peer.Status.RequiresApproval = isRequiresApproval
peer.Status.RequiresIntegratedApproval = isRequiresIntegratedApproval
shouldStoreAccount = true
}

View File

@ -57,6 +57,8 @@ type PeerStatus struct { //nolint:revive
LoginExpired bool
// RequiresApproval indicates whether peer requires approval or not
RequiresApproval bool
// RequiresIntegratedApproval indicates whether peer requires integrated approval or not
RequiresIntegratedApproval bool
}
// Location is a geo location information of a Peer based on public connection IP
@ -226,6 +228,7 @@ func (p *PeerStatus) Copy() *PeerStatus {
Connected: p.Connected,
LoginExpired: p.LoginExpired,
RequiresApproval: p.RequiresApproval,
RequiresIntegratedApproval: p.RequiresIntegratedApproval,
}
}