From 2f8bf6743efaff3029f28d36c6220502369d974e Mon Sep 17 00:00:00 2001
From: NHAS <jordanatararimu@gmail.com>
Date: Wed, 8 May 2024 20:01:45 +1200
Subject: [PATCH] Fix issue with new groups format not being picked up in
 effective acls

---
 internal/data/acls.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/internal/data/acls.go b/internal/data/acls.go
index 7f72d37f..482baa34 100644
--- a/internal/data/acls.go
+++ b/internal/data/acls.go
@@ -82,7 +82,7 @@ func GetEffectiveAcl(username string) acls.Acl {
 	resultingACLs.Allow = []string{config.Values.Wireguard.ServerAddress.String() + "/32"}
 
 	txn := etcd.Txn(context.Background())
-	txn.Then(clientv3.OpGet("wag-acls-*"), clientv3.OpGet("wag-acls-"+username), clientv3.OpGet(MembershipKey), clientv3.OpGet(dnsKey))
+	txn.Then(clientv3.OpGet("wag-acls-*"), clientv3.OpGet("wag-acls-"+username), clientv3.OpGet(MembershipKey+"-"+username), clientv3.OpGet(dnsKey))
 	resp, err := txn.Commit()
 	if err != nil {
 		log.Println("failed to get policy data for user", username, "err:", err)
@@ -118,15 +118,15 @@ func GetEffectiveAcl(username string) acls.Acl {
 
 	// Membership map for finding all the other policies
 	if resp.Responses[2].GetResponseRange().GetCount() != 0 {
-		var rGroupLookup map[string]map[string]bool
+		var userGroups []string
 
-		err = json.Unmarshal(resp.Responses[2].GetResponseRange().Kvs[0].Value, &rGroupLookup)
+		err = json.Unmarshal(resp.Responses[2].GetResponseRange().Kvs[0].Value, &userGroups)
 		if err == nil {
 			txn := etcd.Txn(context.Background())
 
 			//If the user belongs to a series of groups, grab those, and add their rules
 			var ops []clientv3.Op
-			for group := range rGroupLookup[username] {
+			for _, group := range userGroups {
 				ops = append(ops, clientv3.OpGet("wag-acls-"+group))
 			}