From b796331f3cf523b9ae732174aaccae26268be5b6 Mon Sep 17 00:00:00 2001 From: Abhishek K Date: Fri, 8 Nov 2024 13:38:17 +0400 Subject: [PATCH] preserver platfrom user admin role (#3187) --- pro/logic/migrate.go | 21 +++++++++++++++++++-- pro/logic/user_mgmt.go | 4 +--- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/pro/logic/migrate.go b/pro/logic/migrate.go index f7875f846..fedef3c9b 100644 --- a/pro/logic/migrate.go +++ b/pro/logic/migrate.go @@ -9,6 +9,9 @@ import ( func MigrateUserRoleAndGroups(user models.User) { var err error + if user.PlatformRoleID == models.AdminRole || user.PlatformRoleID == models.SuperAdminRole { + return + } if len(user.RemoteGwIDs) > 0 { // define user roles for network // assign relevant network role to user @@ -31,13 +34,27 @@ func MigrateUserRoleAndGroups(user models.User) { } } if len(user.NetworkRoles) > 0 { - for netID := range user.NetworkRoles { + for netID, netRoles := range user.NetworkRoles { var g models.UserGroup + adminAccess := false + for netRoleID := range netRoles { + permTemplate, err := logic.GetRole(netRoleID) + if err == nil { + if permTemplate.FullAccess { + adminAccess = true + } + } + } + if user.PlatformRoleID == models.ServiceUser { g, err = GetUserGroup(models.UserGroupID(fmt.Sprintf("%s-%s-grp", netID, models.NetworkUser))) } else { + role := models.NetworkUser + if adminAccess { + role = models.NetworkAdmin + } g, err = GetUserGroup(models.UserGroupID(fmt.Sprintf("%s-%s-grp", - netID, models.NetworkAdmin))) + netID, role))) } if err != nil { continue diff --git a/pro/logic/user_mgmt.go b/pro/logic/user_mgmt.go index 631459247..c3a6534ff 100644 --- a/pro/logic/user_mgmt.go +++ b/pro/logic/user_mgmt.go @@ -1229,9 +1229,7 @@ func AddGlobalNetRolesToAdmins(u models.User) { if u.PlatformRoleID != models.SuperAdminRole && u.PlatformRoleID != models.AdminRole { return } - if u.UserGroups == nil { - u.UserGroups = make(map[models.UserGroupID]struct{}) - } + u.UserGroups = make(map[models.UserGroupID]struct{}) u.UserGroups[models.UserGroupID(fmt.Sprintf("global-%s-grp", models.NetworkAdmin))] = struct{}{} logic.UpsertUser(u) }