From 54925a3ec9ad32f7c921459c616970b6b1004cff Mon Sep 17 00:00:00 2001
From: Abhishek K <abhi281342@gmail.com>
Date: Thu, 9 Oct 2025 09:09:31 +0400
Subject: [PATCH 1/4] fix platform user node status, add api for unassigned
 network user api (#3687)

---
 controllers/node.go      | 74 ----------------------------------------
 pro/controllers/users.go | 45 +++++++++++++++++++++++-
 pro/logic/user_mgmt.go   |  2 +-
 3 files changed, 45 insertions(+), 76 deletions(-)

diff --git a/controllers/node.go b/controllers/node.go
index 6cea9ba2..b6da66a4 100644
--- a/controllers/node.go
+++ b/controllers/node.go
@@ -269,65 +269,6 @@ func getNetworkNodes(w http.ResponseWriter, r *http.Request) {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
 		return
 	}
-	filteredNodes := []models.Node{}
-	if r.Header.Get("ismaster") != "yes" {
-		username := r.Header.Get("user")
-		user, err := logic.GetUser(username)
-		if err != nil {
-			logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
-			return
-		}
-		userPlatformRole, err := logic.GetRole(user.PlatformRoleID)
-		if err != nil {
-			logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
-			return
-		}
-
-		if !userPlatformRole.FullAccess {
-			nodesMap := make(map[string]struct{})
-			networkRoles := user.NetworkRoles[models.NetworkID(networkName)]
-			for networkRoleID := range networkRoles {
-				userPermTemplate, err := logic.GetRole(networkRoleID)
-				if err != nil {
-					logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
-					return
-				}
-				if userPermTemplate.FullAccess {
-					break
-				}
-				if rsrcPerms, ok := userPermTemplate.NetworkLevelAccess[models.RemoteAccessGwRsrc]; ok {
-					if _, ok := rsrcPerms[models.AllRemoteAccessGwRsrcID]; ok {
-						for _, node := range nodes {
-							if _, ok := nodesMap[node.ID.String()]; ok {
-								continue
-							}
-							if node.IsIngressGateway {
-								nodesMap[node.ID.String()] = struct{}{}
-								filteredNodes = append(filteredNodes, node)
-							}
-						}
-					} else {
-						for gwID, scope := range rsrcPerms {
-							if _, ok := nodesMap[gwID.String()]; ok {
-								continue
-							}
-							if scope.Read {
-								gwNode, err := logic.GetNodeByID(gwID.String())
-								if err == nil && gwNode.IsIngressGateway {
-									filteredNodes = append(filteredNodes, gwNode)
-								}
-							}
-						}
-					}
-				}
-
-			}
-		}
-	}
-	if len(filteredNodes) > 0 {
-		nodes = filteredNodes
-	}
-
 	nodes = logic.AddStaticNodestoList(nodes)
 	nodes = logic.AddStatusToNodes(nodes, false)
 	// returns all the nodes in JSON/API format
@@ -401,21 +342,6 @@ func getNetworkNodeStatus(w http.ResponseWriter, r *http.Request) {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
 		return
 	}
-	username := r.Header.Get("user")
-	if r.Header.Get("ismaster") == "no" {
-		user, err := logic.GetUser(username)
-		if err != nil {
-			return
-		}
-		userPlatformRole, err := logic.GetRole(user.PlatformRoleID)
-		if err != nil {
-			return
-		}
-		if !userPlatformRole.FullAccess {
-			nodes = logic.GetFilteredNodesByUserAccess(*user, nodes)
-		}
-
-	}
 	nodes = logic.AddStaticNodestoList(nodes)
 	nodes = logic.AddStatusToNodes(nodes, true)
 	// return all the nodes in JSON/API format
diff --git a/pro/controllers/users.go b/pro/controllers/users.go
index a82f9b4c..c1a5c6ea 100644
--- a/pro/controllers/users.go
+++ b/pro/controllers/users.go
@@ -50,6 +50,7 @@ func UserHandlers(r *mux.Router) {
 	r.HandleFunc("/api/v1/users/group", logic.SecurityCheck(true, http.HandlerFunc(deleteUserGroup))).Methods(http.MethodDelete)
 	r.HandleFunc("/api/v1/users/add_network_user", logic.SecurityCheck(true, http.HandlerFunc(addUsertoNetwork))).Methods(http.MethodPut)
 	r.HandleFunc("/api/v1/users/remove_network_user", logic.SecurityCheck(true, http.HandlerFunc(removeUserfromNetwork))).Methods(http.MethodPut)
+	r.HandleFunc("/api/v1/users/unassigned_network_users", logic.SecurityCheck(true, http.HandlerFunc(listUnAssignedNetUsers))).Methods(http.MethodGet)
 
 	// User Invite Handlers
 	r.HandleFunc("/api/v1/users/invite", userInviteVerify).Methods(http.MethodGet)
@@ -660,6 +661,48 @@ func updateUserGroup(w http.ResponseWriter, r *http.Request) {
 	logic.ReturnSuccessResponseWithJson(w, r, userGroup, "updated user group")
 }
 
+// swagger:route GET /api/v1/users/unassigned_network_user user listUnAssignedNetUsers
+//
+// list unassigned network users.
+//
+//			Schemes: https
+//
+//			Security:
+//	  		oauth
+//
+//			Responses:
+//				200: userBodyResponse
+func listUnAssignedNetUsers(w http.ResponseWriter, r *http.Request) {
+	netID := r.URL.Query().Get("network_id")
+	if netID == "" {
+		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("network is required"), logic.BadReq))
+		return
+	}
+	var unassignedUsers []models.ReturnUser
+	users, _ := logic.GetUsers()
+	for _, user := range users {
+		if user.PlatformRoleID != models.ServiceUser {
+			continue
+		}
+		skipUser := false
+		for userGID := range user.UserGroups {
+			userG, err := proLogic.GetUserGroup(userGID)
+			if err != nil {
+				continue
+			}
+			if _, ok := userG.NetworkRoles[models.NetworkID(netID)]; ok {
+				skipUser = true
+				break
+			}
+		}
+		if skipUser {
+			continue
+		}
+		unassignedUsers = append(unassignedUsers, user)
+	}
+	logic.ReturnSuccessResponseWithJson(w, r, unassignedUsers, "returned unassigned network service users")
+}
+
 // swagger:route PUT /api/v1/users/add_network_user user addUsertoNetwork
 //
 // add user to network.
@@ -1561,7 +1604,7 @@ func getUserRemoteAccessGwsV1(w http.ResponseWriter, r *http.Request) {
 
 		gws := userGws[node.Network]
 		if gwClient.DNS == "" {
-			gwClient.DNS = node.IngressDNS
+			logic.SetDNSOnWgConfig(&node, &gwClient)
 		}
 
 		gwClient.IngressGatewayEndpoint = utils.GetExtClientEndpoint(
diff --git a/pro/logic/user_mgmt.go b/pro/logic/user_mgmt.go
index d7aa4850..2e4e200a 100644
--- a/pro/logic/user_mgmt.go
+++ b/pro/logic/user_mgmt.go
@@ -920,7 +920,7 @@ func GetUserNetworkRolesWithRemoteVPNAccess(user models.User) (gwAccess map[mode
 }
 
 func GetFilteredNodesByUserAccess(user models.User, nodes []models.Node) (filteredNodes []models.Node) {
-	return filteredNodes
+	return nodes
 }
 
 func FilterNetworksByRole(allnetworks []models.Network, user models.User) []models.Network {

From 593d754e47988f1eb4b2af291b1b4685114c6ac1 Mon Sep 17 00:00:00 2001
From: Vishal Dalwadi <51291657+VishalDalwadi@users.noreply.github.com>
Date: Fri, 10 Oct 2025 19:42:46 +0530
Subject: [PATCH 2/4] Merge pull request #3689 from gravitl/fix/node-dns

Set DNS if not
---
 logic/hosts.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/logic/hosts.go b/logic/hosts.go
index 1b28e9f3..46fb6c66 100644
--- a/logic/hosts.go
+++ b/logic/hosts.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"os"
 	"sort"
+	"strings"
 	"sync"
 
 	"github.com/google/uuid"
@@ -292,6 +293,10 @@ func UpdateHost(newHost, currentHost *models.Host) {
 	if newHost.PersistentKeepalive == 0 {
 		newHost.PersistentKeepalive = currentHost.PersistentKeepalive
 	}
+
+	if strings.TrimSpace(newHost.DNS) == "" {
+		newHost.DNS = currentHost.DNS
+	}
 }
 
 // UpdateHostFromClient - used for updating host on server with update recieved from client

From dea257fb5de2fa21f1d2f4be3c48cc9577872cac Mon Sep 17 00:00:00 2001
From: abhishek9686 <abhi281342@gmail.com>
Date: Fri, 10 Oct 2025 18:44:39 +0400
Subject: [PATCH 3/4] force update default dns

---
 migrate/migrate.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/migrate/migrate.go b/migrate/migrate.go
index d3303aea..a023c676 100644
--- a/migrate/migrate.go
+++ b/migrate/migrate.go
@@ -352,6 +352,9 @@ func updateHosts() {
 			} else {
 				host.DNS = "no"
 			}
+			if host.IsDefault {
+				host.DNS = "yes"
+			}
 			logic.UpsertHost(&host)
 		}
 		if host.IsDefault && !host.AutoUpdate {

From 9f475addeab213a4b1cbdb62292db0dddc8bf3e8 Mon Sep 17 00:00:00 2001
From: Abhishek K <abhi281342@gmail.com>
Date: Thu, 30 Oct 2025 09:40:00 +0400
Subject: [PATCH 4/4] fix pending hosts join (#3705)

---
 controllers/hosts.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/controllers/hosts.go b/controllers/hosts.go
index ac0a6f90..10041550 100644
--- a/controllers/hosts.go
+++ b/controllers/hosts.go
@@ -13,7 +13,6 @@ import (
 	"github.com/gravitl/netmaker/db"
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic"
-	"github.com/gravitl/netmaker/logic/hostactions"
 	"github.com/gravitl/netmaker/models"
 	"github.com/gravitl/netmaker/mq"
 	"github.com/gravitl/netmaker/schema"
@@ -1266,7 +1265,7 @@ func approvePendingHost(w http.ResponseWriter, r *http.Request) {
 	}
 
 	logger.Log(1, "added new node", newNode.ID.String(), "to host", h.Name)
-	hostactions.AddAction(models.HostUpdate{
+	mq.HostUpdate(&models.HostUpdate{
 		Action: models.JoinHostToNetwork,
 		Host:   *h,
 		Node:   *newNode,