[management] base manager

2026-05-07 01:10:03 +00:00 · 2025-02-21 15:36:00 +00:00
parent eee90fbbbf
commit 7b02e9c3a8
4 changed files with 29 additions and 39 deletions
--- a/management/server/http/middleware/access_control.go
+++ b/management/server/http/middleware/access_control.go
@@ -34,7 +34,6 @@ var tokenPathRegexp = regexp.MustCompile(`^.*/api/users/.*/tokens.*$`)
 // Handler method of the middleware which forbids all modify requests for non admin users
 func (a *AccessControl) Handler(h http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-
 		if bypass.ShouldBypass(r.URL.Path, h, w, r) {
 			return
 		}
@@ -60,18 +59,16 @@ func (a *AccessControl) Handler(h http.Handler) http.Handler {
 		if !user.HasAdminPower() {
 			switch r.Method {
 			case http.MethodDelete, http.MethodPost, http.MethodPatch, http.MethodPut:
-
-				if tokenPathRegexp.MatchString(r.URL.Path) {
-					log.WithContext(r.Context()).Debugf("valid Path")
-					h.ServeHTTP(w, r)
+				if !tokenPathRegexp.MatchString(r.URL.Path) {
+					util.WriteError(r.Context(), status.Errorf(status.PermissionDenied, "only users with admin power can perform this operation"), w)
 					return
 				}

-				util.WriteError(r.Context(), status.Errorf(status.PermissionDenied, "only users with admin power can perform this operation"), w)
-				return
+				log.WithContext(r.Context()).Debugf("valid Path")
 			}
 		}

+		// @todo get account settings and set it and user to context
 		h.ServeHTTP(w, r)
 	})
 }
--- a/management/server/networks/manager.go
+++ b/management/server/networks/manager.go
@@ -6,13 +6,13 @@ import (

 	"github.com/rs/xid"

+	"github.com/netbirdio/management-integrations/core"
 	"github.com/netbirdio/netbird/management/server/account"
 	"github.com/netbirdio/netbird/management/server/activity"
 	"github.com/netbirdio/netbird/management/server/networks/resources"
 	"github.com/netbirdio/netbird/management/server/networks/routers"
 	"github.com/netbirdio/netbird/management/server/networks/types"
 	"github.com/netbirdio/netbird/management/server/permissions"
-	"github.com/netbirdio/netbird/management/server/status"
 	"github.com/netbirdio/netbird/management/server/store"
 )

@@ -25,6 +25,7 @@ type Manager interface {
 }

 type managerImpl struct {
+	core.BaseManager
 	store              store.Store
 	accountManager     account.AccountManager
 	permissionsManager permissions.Manager
@@ -37,33 +38,28 @@ type mockManager struct {

 func NewManager(store store.Store, permissionsManager permissions.Manager, resourceManager resources.Manager, routersManager routers.Manager, accountManager account.AccountManager) Manager {
 	return &managerImpl{
-		store:              store,
-		permissionsManager: permissionsManager,
-		resourcesManager:   resourceManager,
-		routersManager:     routersManager,
-		accountManager:     accountManager,
+		BaseManager: core.NewBaseManager(core.Networks),
+		store:       store,
+		// permissionsManager: permissionsManager,
+		resourcesManager: resourceManager,
+		routersManager:   routersManager,
+		accountManager:   accountManager,
 	}
 }

 func (m *managerImpl) GetAllNetworks(ctx context.Context, accountID, userID string) ([]*types.Network, error) {
-	ok, err := m.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, permissions.Networks, permissions.Read)
+	err := m.ValidatePermissions(ctx, core.Read)
 	if err != nil {
-		return nil, status.NewPermissionValidationError(err)
-	}
-	if !ok {
-		return nil, status.NewPermissionDeniedError()
+		return nil, err
 	}

 	return m.store.GetAccountNetworks(ctx, store.LockingStrengthShare, accountID)
 }

 func (m *managerImpl) CreateNetwork(ctx context.Context, userID string, network *types.Network) (*types.Network, error) {
-	ok, err := m.permissionsManager.ValidateUserPermissions(ctx, network.AccountID, userID, permissions.Networks, permissions.Write)
+	err := m.ValidatePermissions(ctx, core.Write)
 	if err != nil {
-		return nil, status.NewPermissionValidationError(err)
-	}
-	if !ok {
-		return nil, status.NewPermissionDeniedError()
+		return nil, err
 	}

 	network.ID = xid.New().String()
@@ -82,24 +78,18 @@ func (m *managerImpl) CreateNetwork(ctx context.Context, userID string, network
 }

 func (m *managerImpl) GetNetwork(ctx context.Context, accountID, userID, networkID string) (*types.Network, error) {
-	ok, err := m.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, permissions.Networks, permissions.Read)
+	err := m.ValidatePermissions(ctx, core.Read)
 	if err != nil {
-		return nil, status.NewPermissionValidationError(err)
-	}
-	if !ok {
-		return nil, status.NewPermissionDeniedError()
+		return nil, err
 	}

 	return m.store.GetNetworkByID(ctx, store.LockingStrengthShare, accountID, networkID)
 }

 func (m *managerImpl) UpdateNetwork(ctx context.Context, userID string, network *types.Network) (*types.Network, error) {
-	ok, err := m.permissionsManager.ValidateUserPermissions(ctx, network.AccountID, userID, permissions.Networks, permissions.Write)
+	err := m.ValidatePermissions(ctx, core.Write)
 	if err != nil {
-		return nil, status.NewPermissionValidationError(err)
-	}
-	if !ok {
-		return nil, status.NewPermissionDeniedError()
+		return nil, err
 	}

 	unlock := m.store.AcquireWriteLockByUID(ctx, network.AccountID)
@@ -116,12 +106,9 @@ func (m *managerImpl) UpdateNetwork(ctx context.Context, userID string, network
 }

 func (m *managerImpl) DeleteNetwork(ctx context.Context, accountID, userID, networkID string) error {
-	ok, err := m.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, permissions.Networks, permissions.Write)
+	err := m.ValidatePermissions(ctx, core.Write)
 	if err != nil {
-		return status.NewPermissionValidationError(err)
-	}
-	if !ok {
-		return status.NewPermissionDeniedError()
+		return err
 	}

 	network, err := m.store.GetNetworkByID(ctx, store.LockingStrengthUpdate, accountID, networkID)
--- a/management/server/networks/manager_test.go
+++ b/management/server/networks/manager_test.go
@@ -6,6 +6,7 @@ import (

 	"github.com/stretchr/testify/require"

+	nbcontext "github.com/netbirdio/netbird/management/server/context"
 	"github.com/netbirdio/netbird/management/server/groups"
 	"github.com/netbirdio/netbird/management/server/mock_server"
 	"github.com/netbirdio/netbird/management/server/networks/resources"
@@ -25,6 +26,7 @@ func Test_GetAllNetworksReturnsNetworks(t *testing.T) {
 		t.Fatal(err)
 	}
 	t.Cleanup(cleanUp)
+
 	am := mock_server.MockAccountManager{}
 	permissionsManager := permissions.NewManagerMock()
 	groupsManager := groups.NewManagerMock()
@@ -32,6 +34,7 @@ func Test_GetAllNetworksReturnsNetworks(t *testing.T) {
 	resourcesManager := resources.NewManager(s, permissionsManager, groupsManager, &am)
 	manager := NewManager(s, permissionsManager, resourcesManager, routerManager, &am)

+	ctx = nbcontext.SetUserAuthInContext(ctx, nbcontext.UserAuth{AccountId: accountID, UserId: userID})
 	networks, err := manager.GetAllNetworks(ctx, accountID, userID)
 	require.NoError(t, err)
 	require.Len(t, networks, 1)