From 0ffb3bd5beea9a08e6217e1d1d564c4c1aa5cb5e Mon Sep 17 00:00:00 2001
From: Michael Quigley <michael@quigley.com>
Date: Tue, 25 Jun 2024 14:09:50 -0400
Subject: [PATCH 1/4] fix for bad log message in Agent.CanAccessShare

---
 controller/limits/agent.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/controller/limits/agent.go b/controller/limits/agent.go
index 78835056..b9403063 100644
--- a/controller/limits/agent.go
+++ b/controller/limits/agent.go
@@ -202,7 +202,7 @@ func (a *Agent) CanAccessShare(shrId int, trx *sqlx.Tx) (bool, error) {
 					return false, err
 				}
 				if len(fes)+1 > rc.GetShareFrontends() {
-					logrus.Infof("account '#%d' over frontends per share limit '%d'", *env.AccountId, rc.GetReservedShares())
+					logrus.Infof("account '#%d' over frontends per share limit '%d'", *env.AccountId, rc.GetShareFrontends())
 					return false, nil
 				}
 			}

From 01f98ed08a5568033a2fd18220161940eb6d0891 Mon Sep 17 00:00:00 2001
From: Michael Quigley <michael@quigley.com>
Date: Tue, 25 Jun 2024 14:20:06 -0400
Subject: [PATCH 2/4] changelog

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7a0f10ea..5e4dcfcd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 ## v0.4.33
 
+FIX: Fix for log message in `Agent.CanAccessShare` (`"account '#%d' over frontends per share limit '%d'"`), which was not returning the correct limit value.
+
 CHANGE: Updated `react-bootstrap` to version `2.10.2` (web console).
 
 CHANGE: Updated `@mui/material` to version `5.15.18` (web console).

From f68cb7146612a1041aee5540307ec42450e817f3 Mon Sep 17 00:00:00 2001
From: Michael Quigley <michael@quigley.com>
Date: Tue, 25 Jun 2024 14:27:45 -0400
Subject: [PATCH 3/4] fix for private frontend permission mode (#677)

---
 controller/access.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/controller/access.go b/controller/access.go
index 5b9d8dce..e3fc9d9a 100644
--- a/controller/access.go
+++ b/controller/access.go
@@ -81,7 +81,7 @@ func (h *accessHandler) Handle(params share.AccessParams, principal *rest_model_
 		return share.NewAccessInternalServerError()
 	}
 
-	if _, err := str.CreateFrontend(envId, &store.Frontend{PrivateShareId: &shr.Id, Token: feToken, ZId: envZId}, trx); err != nil {
+	if _, err := str.CreateFrontend(envId, &store.Frontend{PrivateShareId: &shr.Id, Token: feToken, ZId: envZId, PermissionMode: store.ClosedPermissionMode}, trx); err != nil {
 		logrus.Errorf("error creating frontend record for user '%v': %v", principal.Email, err)
 		return share.NewAccessInternalServerError()
 	}

From a2425f77dc565a87bde9cf14276c40348605973f Mon Sep 17 00:00:00 2001
From: Michael Quigley <michael@quigley.com>
Date: Tue, 25 Jun 2024 14:28:56 -0400
Subject: [PATCH 4/4] changelog (#677)

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5e4dcfcd..f07411d9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,8 @@
 
 FIX: Fix for log message in `Agent.CanAccessShare` (`"account '#%d' over frontends per share limit '%d'"`), which was not returning the correct limit value.
 
+FIX: Properly set `permission_mode` in `frontends` when createing a private frontend using `zrok access private` (https://github.com/openziti/zrok/issues/677)
+
 CHANGE: Updated `react-bootstrap` to version `2.10.2` (web console).
 
 CHANGE: Updated `@mui/material` to version `5.15.18` (web console).