add to networks modules

management/server/networks/manager.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 
 	"github.com/rs/xid"
+	log "github.com/sirupsen/logrus"
 
 	"github.com/netbirdio/netbird/management/server/account"
 	"github.com/netbirdio/netbird/management/server/activity"
@@ -15,6 +16,7 @@ import (
 	"github.com/netbirdio/netbird/management/server/permissions/modules"
 	"github.com/netbirdio/netbird/management/server/permissions/operations"
 	"github.com/netbirdio/netbird/management/server/store"
+	nbTypes "github.com/netbirdio/netbird/management/server/types"
 	"github.com/netbirdio/netbird/shared/management/status"
 )
 
@@ -111,6 +113,14 @@ func (m *managerImpl) UpdateNetwork(ctx context.Context, userID string, network
 	return network, m.store.SaveNetwork(ctx, network)
 }
 
+// networkAffectedPeersData holds data loaded inside the transaction for affected peer resolution.
+type networkAffectedPeersData struct {
+	resourceGroupIDs []string
+	routerPeerGroups []string
+	directPeerIDs    []string
+	policies         []*nbTypes.Policy
+}
+
 func (m *managerImpl) DeleteNetwork(ctx context.Context, accountID, userID, networkID string) error {
 	ok, err := m.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Networks, operations.Delete)
 	if err != nil {
@@ -126,13 +136,22 @@ func (m *managerImpl) DeleteNetwork(ctx context.Context, accountID, userID, netw
 	}
 
 	var eventsToStore []func()
+	var affectedData *networkAffectedPeersData
 	err = m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error {
 		resources, err := transaction.GetNetworkResourcesByNetID(ctx, store.LockingStrengthUpdate, accountID, networkID)
 		if err != nil {
 			return fmt.Errorf("failed to get resources in network: %w", err)
 		}
 
+		var resourceGroupIDs []string
 		for _, resource := range resources {
+			groups, err := transaction.GetResourceGroups(ctx, store.LockingStrengthNone, accountID, resource.ID)
+			if err == nil {
+				for _, g := range groups {
+					resourceGroupIDs = append(resourceGroupIDs, g.ID)
+				}
+			}
+
 			event, err := m.resourcesManager.DeleteResourceInTransaction(ctx, transaction, accountID, userID, networkID, resource.ID)
 			if err != nil {
 				return fmt.Errorf("failed to delete resource: %w", err)
@@ -140,12 +159,19 @@ func (m *managerImpl) DeleteNetwork(ctx context.Context, accountID, userID, netw
 			eventsToStore = append(eventsToStore, event...)
 		}
 
-		routers, err := transaction.GetNetworkRoutersByNetID(ctx, store.LockingStrengthUpdate, accountID, networkID)
+		netRouters, err := transaction.GetNetworkRoutersByNetID(ctx, store.LockingStrengthUpdate, accountID, networkID)
 		if err != nil {
 			return fmt.Errorf("failed to get routers in network: %w", err)
 		}
 
-		for _, router := range routers {
+		var routerPeerGroups []string
+		var directPeerIDs []string
+		for _, router := range netRouters {
+			routerPeerGroups = append(routerPeerGroups, router.PeerGroups...)
+			if router.Peer != "" {
+				directPeerIDs = append(directPeerIDs, router.Peer)
+			}
+
 			event, err := m.routersManager.DeleteRouterInTransaction(ctx, transaction, accountID, userID, networkID, router.ID)
 			if err != nil {
 				return fmt.Errorf("failed to delete router: %w", err)
@@ -153,6 +179,24 @@ func (m *managerImpl) DeleteNetwork(ctx context.Context, accountID, userID, netw
 			eventsToStore = append(eventsToStore, event)
 		}
 
+		// load policies before deleting so group memberships are still present
+		var policies []*nbTypes.Policy
+		if len(resourceGroupIDs) > 0 {
+			policies, err = transaction.GetAccountPolicies(ctx, store.LockingStrengthNone, accountID)
+			if err != nil {
+				log.WithContext(ctx).Errorf("failed to get policies for affected peers: %v", err)
+			}
+		}
+
+		if len(resourceGroupIDs) > 0 || len(routerPeerGroups) > 0 || len(directPeerIDs) > 0 {
+			affectedData = &networkAffectedPeersData{
+				resourceGroupIDs: resourceGroupIDs,
+				routerPeerGroups: routerPeerGroups,
+				directPeerIDs:    directPeerIDs,
+				policies:         policies,
+			}
+		}
+
 		err = transaction.DeleteNetwork(ctx, accountID, networkID)
 		if err != nil {
 			return fmt.Errorf("failed to delete network: %w", err)
@@ -177,11 +221,82 @@ func (m *managerImpl) DeleteNetwork(ctx context.Context, accountID, userID, netw
 		event()
 	}
 
-	go m.accountManager.UpdateAccountPeers(ctx, accountID)
+	if affectedData != nil {
+		affectedPeerIDs := resolveNetworkAffectedPeers(ctx, m.store, accountID, affectedData)
+		if len(affectedPeerIDs) > 0 {
+			go m.accountManager.UpdateAffectedPeers(ctx, accountID, affectedPeerIDs)
+		}
+	}
 
 	return nil
 }
 
+// resolveNetworkAffectedPeers computes affected peer IDs from preloaded data outside the transaction.
+func resolveNetworkAffectedPeers(ctx context.Context, s store.Store, accountID string, data *networkAffectedPeersData) []string {
+	groupSet := make(map[string]struct{})
+
+	for _, gID := range data.routerPeerGroups {
+		groupSet[gID] = struct{}{}
+	}
+
+	if len(data.resourceGroupIDs) > 0 {
+		destSet := make(map[string]struct{}, len(data.resourceGroupIDs))
+		for _, gID := range data.resourceGroupIDs {
+			destSet[gID] = struct{}{}
+			groupSet[gID] = struct{}{}
+		}
+
+		for _, policy := range data.policies {
+			if policy == nil || !policy.Enabled {
+				continue
+			}
+			for _, rule := range policy.Rules {
+				if rule == nil || !rule.Enabled {
+					continue
+				}
+				for _, gID := range rule.Destinations {
+					if _, ok := destSet[gID]; ok {
+						for _, srcGID := range rule.Sources {
+							groupSet[srcGID] = struct{}{}
+						}
+						break
+					}
+				}
+			}
+		}
+	}
+
+	if len(groupSet) == 0 && len(data.directPeerIDs) == 0 {
+		return nil
+	}
+
+	groupIDs := make([]string, 0, len(groupSet))
+	for gID := range groupSet {
+		groupIDs = append(groupIDs, gID)
+	}
+
+	peerIDs, err := s.GetPeerIDsByGroups(ctx, accountID, groupIDs)
+	if err != nil {
+		log.WithContext(ctx).Errorf("failed to resolve peer IDs: %v", err)
+		return nil
+	}
+
+	if len(data.directPeerIDs) > 0 {
+		seen := make(map[string]struct{}, len(peerIDs))
+		for _, id := range peerIDs {
+			seen[id] = struct{}{}
+		}
+		for _, id := range data.directPeerIDs {
+			if _, exists := seen[id]; !exists {
+				peerIDs = append(peerIDs, id)
+				seen[id] = struct{}{}
+			}
+		}
+	}
+
+	return peerIDs
+}
+
 func NewManagerMock() Manager {
 	return &mockManager{}
 }