From a8541a152993afc516f22aa4d7ee635220553ce4 Mon Sep 17 00:00:00 2001
From: Viktor Liu <viktor@netbird.io>
Date: Sun, 17 May 2026 06:33:23 +0200
Subject: [PATCH] Apply posture and validated-peers filtering on
 ResourceTypePeer policy resolution

---
 management/server/types/account.go | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/management/server/types/account.go b/management/server/types/account.go
index 59c64d1ff..a5cc4d010 100644
--- a/management/server/types/account.go
+++ b/management/server/types/account.go
@@ -906,7 +906,20 @@ func (a *Account) resolveRuleEndpoint(
 	validatedPeersMap map[string]struct{},
 ) ([]*nbpeer.Peer, bool) {
 	if resource.Type == ResourceTypePeer && resource.ID != "" {
-		return a.getPeerFromResource(resource, peerID)
+		resolvedPeer := a.GetPeer(resource.ID)
+		if resolvedPeer == nil {
+			return []*nbpeer.Peer{}, false
+		}
+		if len(postureChecks) > 0 && !a.validatePostureChecksOnPeer(ctx, postureChecks, resolvedPeer.ID) {
+			return []*nbpeer.Peer{}, false
+		}
+		if _, ok := validatedPeersMap[resolvedPeer.ID]; !ok {
+			return []*nbpeer.Peer{}, false
+		}
+		if resolvedPeer.ID == peerID {
+			return []*nbpeer.Peer{}, true
+		}
+		return []*nbpeer.Peer{resolvedPeer}, false
 	}
 	return a.getAllPeersFromGroups(ctx, groups, peerID, postureChecks, validatedPeersMap)
 }