diff --git a/management/server/http/api/openapi.yml b/management/server/http/api/openapi.yml index bf1a37bc3..ca18e0a7d 100644 --- a/management/server/http/api/openapi.yml +++ b/management/server/http/api/openapi.yml @@ -2042,6 +2042,7 @@ components: - write required: - default + - modules - role responses: not_found: diff --git a/management/server/http/api/types.gen.go b/management/server/http/api/types.gen.go index a030bf2a6..1e97655fe 100644 --- a/management/server/http/api/types.gen.go +++ b/management/server/http/api/types.gen.go @@ -1402,9 +1402,9 @@ type ResourceType string // RolePermissions defines model for RolePermissions. type RolePermissions struct { - Default map[string]bool `json:"default"` - Modules *map[string]map[string]bool `json:"modules,omitempty"` - Role string `json:"role"` + Default map[string]bool `json:"default"` + Modules map[string]map[string]bool `json:"modules"` + Role string `json:"role"` } // Route defines model for Route. diff --git a/management/server/http/handlers/users/users_handler.go b/management/server/http/handlers/users/users_handler.go index 87a2eae92..89f332bf0 100644 --- a/management/server/http/handlers/users/users_handler.go +++ b/management/server/http/handlers/users/users_handler.go @@ -11,6 +11,7 @@ import ( "github.com/netbirdio/netbird/management/server/account" "github.com/netbirdio/netbird/management/server/http/api" "github.com/netbirdio/netbird/management/server/http/util" + "github.com/netbirdio/netbird/management/server/permissions/operations" "github.com/netbirdio/netbird/management/server/permissions/roles" "github.com/netbirdio/netbird/management/server/status" "github.com/netbirdio/netbird/management/server/types" @@ -311,7 +312,7 @@ func (h *handler) getRoles(w http.ResponseWriter, r *http.Request) { util.WriteJSONObject(r.Context(), w, toRolesResponse(roles)) } -func toRolesResponse(roles map[types.UserRole]roles.RolePermissions) []api.RolePermissions { +func toRolesResponse(roles []roles.RolePermissions) []api.RolePermissions { result := make([]api.RolePermissions, 0, len(roles)) for _, permissions := range roles { @@ -325,21 +326,29 @@ func toRolesResponse(roles map[types.UserRole]roles.RolePermissions) []api.RoleP return result } +func toOperationsMapResponse(operations map[operations.Operation]bool) map[string]bool { + result := make(map[string]bool) + for op, val := range operations { + result[string(op)] = val + } + return result +} + +func toModulesMapResponse(permissions roles.Permissions) map[string]map[string]bool { + // stringify modules and operations keys + modules := make(map[string]map[string]bool) + for module, operations := range permissions { + modules[string(module)] = toOperationsMapResponse(operations) + } + return modules +} + func toUserWithPermissionsResponse(user *users.UserInfoWithPermissions, userID string) *api.User { response := toUserResponse(user.UserInfo, userID) - // stringify modules and operations keys - modules := make(map[string]map[string]bool) - for module, operations := range user.Permissions { - modules[string(module)] = make(map[string]bool) - for op, val := range operations { - modules[string(module)][string(op)] = val - } - } - response.Permissions = &api.UserPermissions{ IsRestricted: user.Restricted, - Modules: modules, + Modules: toModulesMapResponse(user.Permissions), } return response diff --git a/management/server/permissions/manager.go b/management/server/permissions/manager.go index 30b6b8506..ba97ba57c 100644 --- a/management/server/permissions/manager.go +++ b/management/server/permissions/manager.go @@ -22,7 +22,7 @@ type Manager interface { ValidateAccountAccess(ctx context.Context, accountID string, user *types.User, allowOwnerAndAdmin bool) error GetRolePermissions(ctx context.Context, role types.UserRole) (roles.Permissions, error) - GetPermissions(ctx context.Context) map[types.UserRole]roles.RolePermissions + GetPermissions(ctx context.Context) []roles.RolePermissions } type managerImpl struct { @@ -119,6 +119,16 @@ func (m *managerImpl) GetRolePermissions(ctx context.Context, role types.UserRol return permissions, nil } -func (m *managerImpl) GetPermissions(ctx context.Context) map[types.UserRole]roles.RolePermissions { - return roles.RolesMap +func (m *managerImpl) GetPermissions(ctx context.Context) []roles.RolePermissions { + permissions := make([]roles.RolePermissions, 0, len(roles.RolesMap)) + for role, roleMap := range roles.RolesMap { + rolePermissions, _ := m.GetRolePermissions(ctx, role) + + permissions = append(permissions, roles.RolePermissions{ + Role: role, + Permissions: rolePermissions, + AutoAllowNew: roleMap.AutoAllowNew, + }) + } + return permissions } diff --git a/management/server/permissions/manager_mock.go b/management/server/permissions/manager_mock.go index d862abaf1..3d2455f8d 100644 --- a/management/server/permissions/manager_mock.go +++ b/management/server/permissions/manager_mock.go @@ -39,10 +39,10 @@ func (m *MockManager) EXPECT() *MockManagerMockRecorder { } // GetPermissions mocks base method. -func (m *MockManager) GetPermissions(ctx context.Context) map[types.UserRole]roles.RolePermissions { +func (m *MockManager) GetPermissions(ctx context.Context) []roles.RolePermissions { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "GetPermissions", ctx) - ret0, _ := ret[0].(map[types.UserRole]roles.RolePermissions) + ret0, _ := ret[0].([]roles.RolePermissions) return ret0 } diff --git a/management/server/users/manager.go b/management/server/users/manager.go index 11c731e77..243e8e204 100644 --- a/management/server/users/manager.go +++ b/management/server/users/manager.go @@ -14,7 +14,7 @@ import ( type Manager interface { GetUser(ctx context.Context, userID string) (*types.User, error) - GetRoles(ctx context.Context, accountId, userId string) (map[types.UserRole]roles.RolePermissions, error) + GetRoles(ctx context.Context, accountId, userId string) ([]roles.RolePermissions, error) } type managerImpl struct { @@ -33,7 +33,7 @@ func (m *managerImpl) GetUser(ctx context.Context, userID string) (*types.User, return m.store.GetUserByUserID(ctx, store.LockingStrengthShare, userID) } -func (m *managerImpl) GetRoles(ctx context.Context, accountId, userId string) (map[types.UserRole]roles.RolePermissions, error) { +func (m *managerImpl) GetRoles(ctx context.Context, accountId, userId string) ([]roles.RolePermissions, error) { user, err := m.store.GetUserByUserID(ctx, store.LockingStrengthShare, userId) if err != nil { return nil, err