diff --git a/management/server/permissions/roles/network_admin.go b/management/server/permissions/roles/network_admin.go new file mode 100644 index 000000000..761933386 --- /dev/null +++ b/management/server/permissions/roles/network_admin.go @@ -0,0 +1,91 @@ +package roles + +import ( + "github.com/netbirdio/netbird/management/server/permissions/modules" + "github.com/netbirdio/netbird/management/server/permissions/operations" + "github.com/netbirdio/netbird/management/server/types" +) + +var NetworkAdmin = RolePermissions{ + Role: types.UserRoleNetworkAdmin, + AutoAllowNew: map[operations.Operation]bool{ + operations.Read: false, + operations.Create: false, + operations.Update: false, + operations.Delete: false, + }, + Permissions: Permissions{ + modules.Networks: { + operations.Read: true, + operations.Create: true, + operations.Update: true, + operations.Delete: true, + }, + modules.Groups: { + operations.Read: true, + operations.Create: false, + operations.Update: false, + operations.Delete: false, + }, + modules.Settings: { + operations.Read: true, + operations.Create: false, + operations.Update: false, + operations.Delete: false, + }, + modules.Accounts: { + operations.Read: true, + operations.Create: false, + operations.Update: false, + operations.Delete: false, + }, + modules.Dns: { + operations.Read: true, + operations.Create: true, + operations.Update: true, + operations.Delete: true, + }, + modules.Nameservers: { + operations.Read: true, + operations.Create: true, + operations.Update: true, + operations.Delete: true, + }, + modules.Events: { + operations.Read: true, + operations.Create: false, + operations.Update: false, + operations.Delete: false, + }, + modules.Policies: { + operations.Read: true, + operations.Create: true, + operations.Update: true, + operations.Delete: true, + }, + modules.Routes: { + operations.Read: true, + operations.Create: true, + operations.Update: true, + operations.Delete: true, + }, + modules.Users: { + operations.Read: true, + operations.Create: false, + operations.Update: false, + operations.Delete: false, + }, + modules.SetupKeys: { + operations.Read: true, + operations.Create: false, + operations.Update: false, + operations.Delete: false, + }, + modules.Pats: { + operations.Read: true, + operations.Create: true, + operations.Update: true, + operations.Delete: true, + }, + }, +} diff --git a/management/server/permissions/roles/role_permissions.go b/management/server/permissions/roles/role_permissions.go index aca812fe2..754e568f5 100644 --- a/management/server/permissions/roles/role_permissions.go +++ b/management/server/permissions/roles/role_permissions.go @@ -15,8 +15,9 @@ type RolePermissions struct { type Permissions map[modules.Module]map[operations.Operation]bool var RolesMap = map[types.UserRole]RolePermissions{ - types.UserRoleOwner: Owner, - types.UserRoleAdmin: Admin, - types.UserRoleUser: User, - types.UserRoleAuditor: Auditor, + types.UserRoleOwner: Owner, + types.UserRoleAdmin: Admin, + types.UserRoleUser: User, + types.UserRoleAuditor: Auditor, + types.UserRoleNetworkAdmin: NetworkAdmin, } diff --git a/management/server/types/user.go b/management/server/types/user.go index 419e688f5..e17a29bee 100644 --- a/management/server/types/user.go +++ b/management/server/types/user.go @@ -16,6 +16,7 @@ const ( UserRoleUnknown UserRole = "unknown" UserRoleBillingAdmin UserRole = "billing_admin" UserRoleAuditor UserRole = "auditor" + UserRoleNetworkAdmin UserRole = "network_admin" UserStatusActive UserStatus = "active" UserStatusDisabled UserStatus = "disabled"