Merge pull request #678 from openziti/canaccessshare_logging_bug

CanAccessShare Logging & Permission Mode for Private Frontends (#677)

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 ## v0.4.33
 
+FIX: Fix for log message in `Agent.CanAccessShare` (`"account '#%d' over frontends per share limit '%d'"`), which was not returning the correct limit value.
+
+FIX: Properly set `permission_mode` in `frontends` when createing a private frontend using `zrok access private` (https://github.com/openziti/zrok/issues/677)
+
 CHANGE: Updated `react-bootstrap` to version `2.10.2` (web console).
 
 CHANGE: Updated `@mui/material` to version `5.15.18` (web console).

controller/access.go

@@ -81,7 +81,7 @@ func (h *accessHandler) Handle(params share.AccessParams, principal *rest_model_
 		return share.NewAccessInternalServerError()
 	}
 
-	if _, err := str.CreateFrontend(envId, &store.Frontend{PrivateShareId: &shr.Id, Token: feToken, ZId: envZId}, trx); err != nil {
+	if _, err := str.CreateFrontend(envId, &store.Frontend{PrivateShareId: &shr.Id, Token: feToken, ZId: envZId, PermissionMode: store.ClosedPermissionMode}, trx); err != nil {
 		logrus.Errorf("error creating frontend record for user '%v': %v", principal.Email, err)
 		return share.NewAccessInternalServerError()
 	}

controller/limits/agent.go

@@ -202,7 +202,7 @@ func (a *Agent) CanAccessShare(shrId int, trx *sqlx.Tx) (bool, error) {
 					return false, err
 				}
 				if len(fes)+1 > rc.GetShareFrontends() {
-					logrus.Infof("account '#%d' over frontends per share limit '%d'", *env.AccountId, rc.GetReservedShares())
+					logrus.Infof("account '#%d' over frontends per share limit '%d'", *env.AccountId, rc.GetShareFrontends())
 					return false, nil
 				}
 			}