From b1e4d1158b6f227f6aab1bb40dcc50d2249a0bce Mon Sep 17 00:00:00 2001 From: Vishal Dalwadi <51291657+VishalDalwadi@users.noreply.github.com> Date: Tue, 4 Nov 2025 13:16:16 +0530 Subject: [PATCH] Release Fixes: v1.2.0 (#3713) * feat(go): allow put and post requests to self; * feat(go): add old objects to delete events; * feat(go): add search domains to UserRemoteGws; --- controllers/acls.go | 4 ++++ controllers/dns.go | 4 ++++ controllers/egress.go | 4 ++++ controllers/enrollmentkeys.go | 4 ++++ controllers/gateway.go | 4 ++++ controllers/hosts.go | 4 ++++ controllers/network.go | 4 ++++ controllers/user.go | 8 ++++++++ models/structs.go | 1 + pro/controllers/tags.go | 4 ++++ pro/controllers/users.go | 26 ++++++++++++++++++++++++++ pro/logic/security.go | 5 +++++ 12 files changed, 72 insertions(+) diff --git a/controllers/acls.go b/controllers/acls.go index 5420c84f..768a1df8 100644 --- a/controllers/acls.go +++ b/controllers/acls.go @@ -426,6 +426,10 @@ func deleteAcl(w http.ResponseWriter, r *http.Request) { }, NetworkID: acl.NetworkID, Origin: models.Dashboard, + Diff: models.Diff{ + Old: acl, + New: nil, + }, }) go mq.PublishPeerUpdate(true) logic.ReturnSuccessResponse(w, r, "deleted acl "+acl.Name) diff --git a/controllers/dns.go b/controllers/dns.go index d385a04d..ed04c6e7 100644 --- a/controllers/dns.go +++ b/controllers/dns.go @@ -316,6 +316,10 @@ func deleteNs(w http.ResponseWriter, r *http.Request) { }, NetworkID: models.NetworkID(ns.NetworkID), Origin: models.Dashboard, + Diff: models.Diff{ + Old: ns, + New: nil, + }, }) go mq.PublishPeerUpdate(false) diff --git a/controllers/egress.go b/controllers/egress.go index d0731c44..c97e27df 100644 --- a/controllers/egress.go +++ b/controllers/egress.go @@ -400,6 +400,10 @@ func deleteEgress(w http.ResponseWriter, r *http.Request) { }, NetworkID: models.NetworkID(e.Network), Origin: models.Dashboard, + Diff: models.Diff{ + Old: e, + New: nil, + }, }) // delete related acl policies acls := logic.ListAcls() diff --git a/controllers/enrollmentkeys.go b/controllers/enrollmentkeys.go index 95e32997..fa839880 100644 --- a/controllers/enrollmentkeys.go +++ b/controllers/enrollmentkeys.go @@ -97,6 +97,10 @@ func deleteEnrollmentKey(w http.ResponseWriter, r *http.Request) { Type: models.EnrollmentKeySub, }, Origin: models.Dashboard, + Diff: models.Diff{ + Old: key, + New: nil, + }, }) logger.Log(2, r.Header.Get("user"), "deleted enrollment key", keyID) w.WriteHeader(http.StatusOK) diff --git a/controllers/gateway.go b/controllers/gateway.go index 39d14220..ab918736 100644 --- a/controllers/gateway.go +++ b/controllers/gateway.go @@ -278,6 +278,10 @@ func deleteGateway(w http.ResponseWriter, r *http.Request) { Type: models.GatewaySub, }, Origin: models.Dashboard, + Diff: models.Diff{ + Old: node, + New: node, + }, }) logic.GetNodeStatus(&node, false) apiNode := node.ConvertToAPINode() diff --git a/controllers/hosts.go b/controllers/hosts.go index 10041550..27ffed2c 100644 --- a/controllers/hosts.go +++ b/controllers/hosts.go @@ -498,6 +498,10 @@ func deleteHost(w http.ResponseWriter, r *http.Request) { Type: models.DeviceSub, }, Origin: models.Dashboard, + Diff: models.Diff{ + Old: currHost, + New: nil, + }, }) apiHostData := currHost.ConvertNMHostToAPI() logger.Log(2, r.Header.Get("user"), "removed host", currHost.Name) diff --git a/controllers/network.go b/controllers/network.go index 0aa4da4f..6194a47c 100644 --- a/controllers/network.go +++ b/controllers/network.go @@ -565,6 +565,10 @@ func deleteNetwork(w http.ResponseWriter, r *http.Request) { Type: models.NetworkSub, }, Origin: models.Dashboard, + Diff: models.Diff{ + Old: network, + New: nil, + }, }) logger.Log(1, r.Header.Get("user"), "deleted network", network) w.WriteHeader(http.StatusOK) diff --git a/controllers/user.go b/controllers/user.go index 0ae9c050..7f6cf293 100644 --- a/controllers/user.go +++ b/controllers/user.go @@ -244,6 +244,10 @@ func deleteUserAccessTokens(w http.ResponseWriter, r *http.Request) { Info: a, }, Origin: models.Dashboard, + Diff: models.Diff{ + Old: a, + New: nil, + }, }) logic.ReturnSuccessResponseWithJson(w, r, nil, "revoked access token") } @@ -1580,6 +1584,10 @@ func deleteUser(w http.ResponseWriter, r *http.Request) { Type: models.UserSub, }, Origin: models.Dashboard, + Diff: models.Diff{ + Old: user, + New: nil, + }, }) // check and delete extclient with this ownerID go func() { diff --git a/models/structs.go b/models/structs.go index b1f53257..be29bdb6 100644 --- a/models/structs.go +++ b/models/structs.go @@ -56,6 +56,7 @@ type UserRemoteGws struct { DnsAddress string `json:"dns_address"` Addresses string `json:"addresses"` MatchDomains []string `json:"match_domains"` + SearchDomains []string `json:"search_domains"` } // UserRAGs - struct for user access gws diff --git a/pro/controllers/tags.go b/pro/controllers/tags.go index 8637c28f..704fd8ac 100644 --- a/pro/controllers/tags.go +++ b/pro/controllers/tags.go @@ -293,6 +293,10 @@ func deleteTag(w http.ResponseWriter, r *http.Request) { }, NetworkID: tag.Network, Origin: models.Dashboard, + Diff: models.Diff{ + Old: tag, + New: nil, + }, }) logic.ReturnSuccessResponse(w, r, "deleted tag "+tagID) } diff --git a/pro/controllers/users.go b/pro/controllers/users.go index 94956b3d..98bfaf40 100644 --- a/pro/controllers/users.go +++ b/pro/controllers/users.go @@ -352,6 +352,12 @@ func deleteUserInvite(w http.ResponseWriter, r *http.Request) { Type: models.UserInviteSub, }, Origin: models.Dashboard, + Diff: models.Diff{ + Old: models.UserInvite{ + Email: email, + }, + New: nil, + }, }) logic.ReturnSuccessResponse(w, r, "deleted user invite") } @@ -872,6 +878,10 @@ func deleteUserGroup(w http.ResponseWriter, r *http.Request) { Type: models.UserGroupSub, }, Origin: models.Dashboard, + Diff: models.Diff{ + Old: userG, + New: nil, + }, }) logic.ReturnSuccessResponseWithJson(w, r, nil, "deleted user group") @@ -1063,6 +1073,10 @@ func deleteRole(w http.ResponseWriter, r *http.Request) { Type: models.UserRoleSub, }, Origin: models.Dashboard, + Diff: models.Diff{ + Old: role, + New: nil, + }, }) go proLogic.UpdatesUserGwAccessOnRoleUpdates(role.NetworkLevelAccess, make(map[models.RsrcType]map[models.RsrcID]models.RsrcPermissionScope), role.NetworkID.String()) logic.ReturnSuccessResponseWithJson(w, r, nil, "deleted user role") @@ -1602,6 +1616,9 @@ func getUserRemoteAccessGwsV1(w http.ResponseWriter, r *http.Request) { hNs := logic.GetNameserversForNode(&node) for _, nsI := range hNs { gw.MatchDomains = append(gw.MatchDomains, nsI.MatchDomain) + if nsI.IsSearchDomain { + gw.SearchDomains = append(gw.SearchDomains, nsI.MatchDomain) + } } } gw.MatchDomains = append(gw.MatchDomains, logic.GetEgressDomainsByAccess(user, models.NetworkID(node.Network))...) @@ -1654,6 +1671,9 @@ func getUserRemoteAccessGwsV1(w http.ResponseWriter, r *http.Request) { hNs := logic.GetNameserversForNode(&node) for _, nsI := range hNs { gw.MatchDomains = append(gw.MatchDomains, nsI.MatchDomain) + if nsI.IsSearchDomain { + gw.SearchDomains = append(gw.SearchDomains, nsI.MatchDomain) + } } } gw.MatchDomains = append(gw.MatchDomains, logic.GetEgressDomainsByAccess(user, models.NetworkID(node.Network))...) @@ -1854,6 +1874,12 @@ func deletePendingUser(w http.ResponseWriter, r *http.Request) { Type: models.PendingUserSub, }, Origin: models.Dashboard, + Diff: models.Diff{ + Old: models.User{ + UserName: username, + }, + New: nil, + }, }) logic.ReturnSuccessResponse(w, r, "deleted pending "+username) } diff --git a/pro/logic/security.go b/pro/logic/security.go index 72980245..0b8d308b 100644 --- a/pro/logic/security.go +++ b/pro/logic/security.go @@ -174,6 +174,11 @@ func GlobalPermissionsCheck(username string, r *http.Request) error { if r.Method == http.MethodGet { return nil } else { + if (r.Method == http.MethodPut || r.Method == http.MethodPost) && + strings.Contains(r.URL.Path, "/api/users/"+username) { + return nil + } + return errors.New("access denied") } }