mirror of
https://github.com/netbirdio/netbird.git
synced 2024-12-04 22:10:56 +01:00
Handle group changes
This commit is contained in:
parent
896599aa57
commit
cd2e549032
@ -20,6 +20,9 @@ import (
|
||||
// Returns:
|
||||
// - error: An error if any occurred during the process, otherwise returns nil
|
||||
func (am *DefaultAccountManager) UpdateIntegratedApprovalGroups(accountID string, userID string, groups []string) error {
|
||||
unlock := am.Store.AcquireAccountLock(accountID)
|
||||
defer unlock()
|
||||
|
||||
ok, err := am.GroupValidation(accountID, groups)
|
||||
if err != nil {
|
||||
log.Debugf("error validating groups: %s", err.Error())
|
||||
@ -31,9 +34,6 @@ func (am *DefaultAccountManager) UpdateIntegratedApprovalGroups(accountID string
|
||||
return errors.New("invalid groups")
|
||||
}
|
||||
|
||||
unlock := am.Store.AcquireAccountLock(accountID)
|
||||
defer unlock()
|
||||
|
||||
a, err := am.Store.GetAccountByUser(userID)
|
||||
if err != nil {
|
||||
return err
|
||||
@ -48,6 +48,16 @@ func (am *DefaultAccountManager) UpdateIntegratedApprovalGroups(accountID string
|
||||
a.Settings.Extra = extra
|
||||
}
|
||||
extra.IntegratedApprovalGroups = groups
|
||||
|
||||
am.cleanIntegratedApprovalFlag(a, groups)
|
||||
err = am.updateFlags(a, groups)
|
||||
if err != nil {
|
||||
saveErr := am.Store.SaveAccount(a)
|
||||
if saveErr != nil {
|
||||
log.Errorf("failed to save account: %s", saveErr)
|
||||
}
|
||||
return err
|
||||
}
|
||||
return am.Store.SaveAccount(a)
|
||||
}
|
||||
|
||||
@ -74,3 +84,49 @@ func (am *DefaultAccountManager) GroupValidation(accountId string, groups []stri
|
||||
|
||||
return true, nil
|
||||
}
|
||||
|
||||
// updateFlags set the requiresIntegratedApproval flag to true for all peers in the account what is part of the groups, but the peer not part of the already approved list in the edr db
|
||||
func (am *DefaultAccountManager) updateFlags(a *Account, groups []string) error {
|
||||
approvedPeers, err := am.integratedPeerValidator.ApprovedPeersList(a.Id)
|
||||
if err != nil {
|
||||
log.Errorf("failed to get approved peers list: %s", err)
|
||||
return err
|
||||
}
|
||||
|
||||
for peerID, peer := range a.Peers {
|
||||
peerGroups := a.GetPeerGroupsList(peerID)
|
||||
if !isPeerAssignedToIntegratedApprovalGroup(peerGroups, groups) {
|
||||
continue
|
||||
}
|
||||
|
||||
// set true only that case if not yet approved in the edr db
|
||||
_, ok := approvedPeers[peerID]
|
||||
if ok {
|
||||
continue
|
||||
}
|
||||
peer.Status.RequiresIntegratedApproval = true
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// cleanIntegratedApprovalFlag set the requireIntegratedApproval flag to false for all peers in the account what is not part of the groups
|
||||
func (am *DefaultAccountManager) cleanIntegratedApprovalFlag(a *Account, groups []string) {
|
||||
for peerID, peer := range a.Peers {
|
||||
peerGroups := a.GetPeerGroupsList(peerID)
|
||||
if isPeerAssignedToIntegratedApprovalGroup(peerGroups, groups) {
|
||||
continue
|
||||
}
|
||||
peer.Status.RequiresIntegratedApproval = false
|
||||
}
|
||||
}
|
||||
|
||||
func isPeerAssignedToIntegratedApprovalGroup(peersGroup []string, integratedApprovalGroups []string) bool {
|
||||
for _, peerGroup := range peersGroup {
|
||||
for _, ig := range integratedApprovalGroups {
|
||||
if ig == peerGroup {
|
||||
return true
|
||||
}
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
@ -8,6 +8,7 @@ import (
|
||||
// IntegratedApproval interface exists to avoid the circle dependencies
|
||||
type IntegratedApproval interface {
|
||||
PreparePeer(accountID string, peer *nbpeer.Peer, peersGroup []string, extraSettings *account.ExtraSettings) *nbpeer.Peer
|
||||
IsRequiresApproval(accountID string, peer *nbpeer.Peer, peersGroup []string, extraSettings *account.ExtraSettings) bool
|
||||
IsRequiresApproval(accountID string, peer *nbpeer.Peer, peersGroup []string, extraSettings *account.ExtraSettings) (bool, bool)
|
||||
ApprovedPeersList(id string) (map[string]struct{}, error)
|
||||
Stop()
|
||||
}
|
||||
|
@ -521,9 +521,10 @@ func (am *DefaultAccountManager) SyncPeer(sync PeerSync) (*nbpeer.Peer, *Network
|
||||
return nil, nil, status.Errorf(status.PermissionDenied, "peer login has expired, please log in once more")
|
||||
}
|
||||
|
||||
requiresApproval := am.integratedPeerValidator.IsRequiresApproval(account.Id, peer, account.GetPeerGroupsList(peer.ID), account.Settings.Extra)
|
||||
if peer.Status.RequiresApproval != requiresApproval {
|
||||
requiresApproval, requiresIntegratedApproval := am.integratedPeerValidator.IsRequiresApproval(account.Id, peer, account.GetPeerGroupsList(peer.ID), account.Settings.Extra)
|
||||
if peer.Status.RequiresApproval != requiresApproval || peer.Status.RequiresIntegratedApproval != requiresIntegratedApproval {
|
||||
peer.Status.RequiresApproval = requiresApproval
|
||||
peer.Status.RequiresIntegratedApproval = requiresIntegratedApproval
|
||||
err = am.Store.SaveAccount(account)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
@ -596,8 +597,10 @@ func (am *DefaultAccountManager) LoginPeer(login PeerLogin) (*nbpeer.Peer, *Netw
|
||||
am.StoreEvent(login.UserID, peer.ID, account.Id, activity.UserLoggedInPeer, peer.EventMeta(am.GetDNSDomain()))
|
||||
}
|
||||
|
||||
isRequiresApproval := am.integratedPeerValidator.IsRequiresApproval(account.Id, peer, account.GetPeerGroupsList(peer.ID), account.Settings.Extra)
|
||||
if peer.Status.RequiresApproval != isRequiresApproval {
|
||||
isRequiresApproval, isRequiresIntegratedApproval := am.integratedPeerValidator.IsRequiresApproval(account.Id, peer, account.GetPeerGroupsList(peer.ID), account.Settings.Extra)
|
||||
if peer.Status.RequiresApproval != isRequiresApproval || peer.Status.RequiresIntegratedApproval != isRequiresIntegratedApproval {
|
||||
peer.Status.RequiresApproval = isRequiresApproval
|
||||
peer.Status.RequiresIntegratedApproval = isRequiresIntegratedApproval
|
||||
shouldStoreAccount = true
|
||||
}
|
||||
|
||||
|
@ -57,6 +57,8 @@ type PeerStatus struct { //nolint:revive
|
||||
LoginExpired bool
|
||||
// RequiresApproval indicates whether peer requires approval or not
|
||||
RequiresApproval bool
|
||||
// RequiresIntegratedApproval indicates whether peer requires integrated approval or not
|
||||
RequiresIntegratedApproval bool
|
||||
}
|
||||
|
||||
// Location is a geo location information of a Peer based on public connection IP
|
||||
@ -226,6 +228,7 @@ func (p *PeerStatus) Copy() *PeerStatus {
|
||||
Connected: p.Connected,
|
||||
LoginExpired: p.LoginExpired,
|
||||
RequiresApproval: p.RequiresApproval,
|
||||
RequiresIntegratedApproval: p.RequiresIntegratedApproval,
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user