include all modules in roles response

2026-04-17 15:56:39 +00:00 · 2025-04-17 19:23:45 +01:00
parent 8551ffc44d
commit a4de398b08
6 changed files with 41 additions and 21 deletions
--- a/management/server/http/api/openapi.yml
+++ b/management/server/http/api/openapi.yml
@@ -2042,6 +2042,7 @@ components:
              - write
      required:
        - default
+        - modules
        - role
  responses:
    not_found:
--- a/management/server/http/api/types.gen.go
+++ b/management/server/http/api/types.gen.go
@@ -1402,9 +1402,9 @@ type ResourceType string

 // RolePermissions defines model for RolePermissions.
 type RolePermissions struct {
-	Default map[string]bool             `json:"default"`
-	Modules *map[string]map[string]bool `json:"modules,omitempty"`
-	Role    string                      `json:"role"`
+	Default map[string]bool            `json:"default"`
+	Modules map[string]map[string]bool `json:"modules"`
+	Role    string                     `json:"role"`
 }

 // Route defines model for Route.
--- a/management/server/http/handlers/users/users_handler.go
+++ b/management/server/http/handlers/users/users_handler.go
@@ -11,6 +11,7 @@ import (
 	"github.com/netbirdio/netbird/management/server/account"
 	"github.com/netbirdio/netbird/management/server/http/api"
 	"github.com/netbirdio/netbird/management/server/http/util"
+	"github.com/netbirdio/netbird/management/server/permissions/operations"
 	"github.com/netbirdio/netbird/management/server/permissions/roles"
 	"github.com/netbirdio/netbird/management/server/status"
 	"github.com/netbirdio/netbird/management/server/types"
@@ -311,7 +312,7 @@ func (h *handler) getRoles(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(r.Context(), w, toRolesResponse(roles))
 }

-func toRolesResponse(roles map[types.UserRole]roles.RolePermissions) []api.RolePermissions {
+func toRolesResponse(roles []roles.RolePermissions) []api.RolePermissions {
 	result := make([]api.RolePermissions, 0, len(roles))

 	for _, permissions := range roles {
@@ -325,21 +326,29 @@ func toRolesResponse(roles map[types.UserRole]roles.RolePermissions) []api.RoleP
 	return result
 }

+func toOperationsMapResponse(operations map[operations.Operation]bool) map[string]bool {
+	result := make(map[string]bool)
+	for op, val := range operations {
+		result[string(op)] = val
+	}
+	return result
+}
+
+func toModulesMapResponse(permissions roles.Permissions) map[string]map[string]bool {
+	// stringify modules and operations keys
+	modules := make(map[string]map[string]bool)
+	for module, operations := range permissions {
+		modules[string(module)] = toOperationsMapResponse(operations)
+	}
+	return modules
+}
+
 func toUserWithPermissionsResponse(user *users.UserInfoWithPermissions, userID string) *api.User {
 	response := toUserResponse(user.UserInfo, userID)

-	// stringify modules and operations keys
-	modules := make(map[string]map[string]bool)
-	for module, operations := range user.Permissions {
-		modules[string(module)] = make(map[string]bool)
-		for op, val := range operations {
-			modules[string(module)][string(op)] = val
-		}
-	}
-
 	response.Permissions = &api.UserPermissions{
 		IsRestricted: user.Restricted,
-		Modules:      modules,
+		Modules:      toModulesMapResponse(user.Permissions),
 	}

 	return response
--- a/management/server/permissions/manager.go
+++ b/management/server/permissions/manager.go
@@ -22,7 +22,7 @@ type Manager interface {
 	ValidateAccountAccess(ctx context.Context, accountID string, user *types.User, allowOwnerAndAdmin bool) error

 	GetRolePermissions(ctx context.Context, role types.UserRole) (roles.Permissions, error)
-	GetPermissions(ctx context.Context) map[types.UserRole]roles.RolePermissions
+	GetPermissions(ctx context.Context) []roles.RolePermissions
 }

 type managerImpl struct {
@@ -119,6 +119,16 @@ func (m *managerImpl) GetRolePermissions(ctx context.Context, role types.UserRol
 	return permissions, nil
 }

-func (m *managerImpl) GetPermissions(ctx context.Context) map[types.UserRole]roles.RolePermissions {
-	return roles.RolesMap
+func (m *managerImpl) GetPermissions(ctx context.Context) []roles.RolePermissions {
+	permissions := make([]roles.RolePermissions, 0, len(roles.RolesMap))
+	for role, roleMap := range roles.RolesMap {
+		rolePermissions, _ := m.GetRolePermissions(ctx, role)
+
+		permissions = append(permissions, roles.RolePermissions{
+			Role:         role,
+			Permissions:  rolePermissions,
+			AutoAllowNew: roleMap.AutoAllowNew,
+		})
+	}
+	return permissions
 }
--- a/management/server/permissions/manager_mock.go
+++ b/management/server/permissions/manager_mock.go
@@ -39,10 +39,10 @@ func (m *MockManager) EXPECT() *MockManagerMockRecorder {
 }

 // GetPermissions mocks base method.
-func (m *MockManager) GetPermissions(ctx context.Context) map[types.UserRole]roles.RolePermissions {
+func (m *MockManager) GetPermissions(ctx context.Context) []roles.RolePermissions {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetPermissions", ctx)
-	ret0, _ := ret[0].(map[types.UserRole]roles.RolePermissions)
+	ret0, _ := ret[0].([]roles.RolePermissions)
 	return ret0
 }

--- a/management/server/users/manager.go
+++ b/management/server/users/manager.go
@@ -14,7 +14,7 @@ import (

 type Manager interface {
 	GetUser(ctx context.Context, userID string) (*types.User, error)
-	GetRoles(ctx context.Context, accountId, userId string) (map[types.UserRole]roles.RolePermissions, error)
+	GetRoles(ctx context.Context, accountId, userId string) ([]roles.RolePermissions, error)
 }

 type managerImpl struct {
@@ -33,7 +33,7 @@ func (m *managerImpl) GetUser(ctx context.Context, userID string) (*types.User,
 	return m.store.GetUserByUserID(ctx, store.LockingStrengthShare, userID)
 }

-func (m *managerImpl) GetRoles(ctx context.Context, accountId, userId string) (map[types.UserRole]roles.RolePermissions, error) {
+func (m *managerImpl) GetRoles(ctx context.Context, accountId, userId string) ([]roles.RolePermissions, error) {
 	user, err := m.store.GetUserByUserID(ctx, store.LockingStrengthShare, userId)
 	if err != nil {
 		return nil, err