From 89249b414f136c5a7eeb400d97570d5a2d9390b9 Mon Sep 17 00:00:00 2001
From: Pascal Fischer <pascal@netbird.io>
Date: Mon, 4 Dec 2023 14:53:38 +0100
Subject: [PATCH] move peer validation into getPeerconnectionResources

---
 management/server/account.go | 1 -
 management/server/policy.go  | 3 +++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/management/server/account.go b/management/server/account.go
index 14fd241a1..baaea2005 100644
--- a/management/server/account.go
+++ b/management/server/account.go
@@ -368,7 +368,6 @@ func (a *Account) GetPeerNetworkMap(peerID, dnsDomain string) *NetworkMap {
 		}
 	}
 	aclPeers, firewallRules := a.getPeerConnectionResources(peerID)
-	aclPeers = additions.ValidatePeers(aclPeers)
 	// exclude expired peers
 	var peersToConnect []*nbpeer.Peer
 	var expiredPeers []*nbpeer.Peer
diff --git a/management/server/policy.go b/management/server/policy.go
index 37718a3e0..0eb2fb538 100644
--- a/management/server/policy.go
+++ b/management/server/policy.go
@@ -5,6 +5,7 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/netbirdio/management-integrations/additions"
 	log "github.com/sirupsen/logrus"
 
 	"github.com/netbirdio/netbird/management/proto"
@@ -220,6 +221,8 @@ func (a *Account) getPeerConnectionResources(peerID string) ([]*nbpeer.Peer, []*
 
 			sourcePeers, peerInSources := getAllPeersFromGroups(a, rule.Sources, peerID)
 			destinationPeers, peerInDestinations := getAllPeersFromGroups(a, rule.Destinations, peerID)
+			sourcePeers = additions.ValidatePeers(sourcePeers)
+			destinationPeers = additions.ValidatePeers(destinationPeers)
 
 			if rule.Bidirectional {
 				if peerInSources {