From beee14b9bfe50add3d53cd9beeff5e82b46052f1 Mon Sep 17 00:00:00 2001
From: pascal <pascal@netbird.io>
Date: Fri, 27 Mar 2026 14:47:06 +0100
Subject: [PATCH] fix merge conflicts

---
 .../reverseproxy/service/manager/manager.go   | 18 ++++-------
 .../testing/testing_tools/channel/channel.go  | 30 +++++++++----------
 management/server/networks/manager.go         | 21 ++++++-------
 .../server/networks/resources/manager.go      | 21 ++++++-------
 management/server/networks/routers/manager.go | 13 ++++----
 5 files changed, 43 insertions(+), 60 deletions(-)

diff --git a/management/internals/modules/reverseproxy/service/manager/manager.go b/management/internals/modules/reverseproxy/service/manager/manager.go
index e3c3522e7..2dabb84e5 100644
--- a/management/internals/modules/reverseproxy/service/manager/manager.go
+++ b/management/internals/modules/reverseproxy/service/manager/manager.go
@@ -99,14 +99,6 @@ func (m *Manager) StartExposeReaper(ctx context.Context) {
 
 // GetActiveClusters returns all active proxy clusters with their connected proxy count.
 func (m *Manager) GetActiveClusters(ctx context.Context, accountID, userID string) ([]proxy.Cluster, error) {
-	ok, err := m.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Services, operations.Read)
-	if err != nil {
-		return nil, status.NewPermissionValidationError(err)
-	}
-	if !ok {
-		return nil, status.NewPermissionDeniedError()
-	}
-
 	return m.store.GetActiveProxyClusters(ctx)
 }
 
@@ -483,12 +475,12 @@ func (m *Manager) executeServiceUpdate(ctx context.Context, transaction store.St
 	}
 
 	if existingService.Terminated {
-			return status.Errorf(status.PermissionDenied, "service is terminated and cannot be updated")
-		}
+		return status.Errorf(status.PermissionDenied, "service is terminated and cannot be updated")
+	}
 
-		if err := validateProtocolChange(existingService.Mode, service.Mode); err != nil {
-			return err
-		}
+	if err := validateProtocolChange(existingService.Mode, service.Mode); err != nil {
+		return err
+	}
 
 	updateInfo.oldCluster = existingService.ProxyCluster
 	updateInfo.domainChanged = existingService.Domain != service.Domain
diff --git a/management/server/http/testing/testing_tools/channel/channel.go b/management/server/http/testing/testing_tools/channel/channel.go
index 42517c678..6d635733e 100644
--- a/management/server/http/testing/testing_tools/channel/channel.go
+++ b/management/server/http/testing/testing_tools/channel/channel.go
@@ -127,10 +127,10 @@ func BuildApiBlackBoxWithDBState(t testing_tools.TB, sqlFile string, expectedPee
 		GetPATInfoFunc:                  authManager.GetPATInfo,
 	}
 
-	groupsManager := groups.NewManager(store, permissionsManager, am)
-	routersManager := routers.NewManager(store, permissionsManager, am)
-	resourcesManager := resources.NewManager(store, permissionsManager, groupsManager, am, serviceManager)
-	networksManager := networks.NewManager(store, permissionsManager, resourcesManager, routersManager, am)
+	groupsManager := groups.NewManager(store, am)
+	routersManager := routers.NewManager(store, am)
+	resourcesManager := resources.NewManager(store, groupsManager, am, serviceManager)
+	networksManager := networks.NewManager(store, resourcesManager, routersManager, am)
 	customZonesManager := zonesManager.NewManager(store, am, "")
 	zoneRecordsManager := recordsManager.NewManager(store, am)
 
@@ -210,8 +210,8 @@ func BuildApiBlackBoxWithDBStateAndPeerChannel(t testing_tools.TB, sqlFile strin
 	proxyController := integrations.NewController(store)
 	userManager := users.NewManager(store)
 	permissionsManager := permissions.NewManager(store)
-	settingsManager := settings.NewManager(store, userManager, integrations.NewManager(&activity.InMemoryEventStore{}), permissionsManager, settings.IdpConfig{})
-	peersManager := peers.NewManager(store, permissionsManager)
+	settingsManager := settings.NewManager(store, userManager, integrations.NewManager(&activity.InMemoryEventStore{}), settings.IdpConfig{})
+	peersManager := peers.NewManager(store)
 
 	jobManager := job.NewJobManager(nil, store, peersManager)
 
@@ -223,7 +223,7 @@ func BuildApiBlackBoxWithDBStateAndPeerChannel(t testing_tools.TB, sqlFile strin
 		t.Fatalf("Failed to create manager: %v", err)
 	}
 
-	accessLogsManager := accesslogsmanager.NewManager(store, permissionsManager, nil)
+	accessLogsManager := accesslogsmanager.NewManager(store, nil)
 	proxyTokenStore, err := nbgrpc.NewOneTimeTokenStore(ctx, 5*time.Minute, 10*time.Minute, 100)
 	if err != nil {
 		t.Fatalf("Failed to create proxy token store: %v", err)
@@ -238,13 +238,13 @@ func BuildApiBlackBoxWithDBStateAndPeerChannel(t testing_tools.TB, sqlFile strin
 		t.Fatalf("Failed to create proxy manager: %v", err)
 	}
 	proxyServiceServer := nbgrpc.NewProxyServiceServer(accessLogsManager, proxyTokenStore, pkceverifierStore, nbgrpc.ProxyOIDCConfig{}, peersManager, userManager, proxyMgr)
-	domainManager := manager.NewManager(store, proxyMgr, permissionsManager, am)
+	domainManager := manager.NewManager(store, proxyMgr, am)
 	serviceProxyController, err := proxymanager.NewGRPCController(proxyServiceServer, noopMeter)
 	if err != nil {
 		t.Fatalf("Failed to create proxy controller: %v", err)
 	}
 	domainManager.SetClusterCapabilities(serviceProxyController)
-	serviceManager := reverseproxymanager.NewManager(store, am, permissionsManager, serviceProxyController, domainManager)
+	serviceManager := reverseproxymanager.NewManager(store, am, serviceProxyController, domainManager)
 	proxyServiceServer.SetServiceManager(serviceManager)
 	am.SetServiceManager(serviceManager)
 
@@ -257,12 +257,12 @@ func BuildApiBlackBoxWithDBStateAndPeerChannel(t testing_tools.TB, sqlFile strin
 		GetPATInfoFunc:                  authManager.GetPATInfo,
 	}
 
-	groupsManager := groups.NewManager(store, permissionsManager, am)
-	routersManager := routers.NewManager(store, permissionsManager, am)
-	resourcesManager := resources.NewManager(store, permissionsManager, groupsManager, am, serviceManager)
-	networksManager := networks.NewManager(store, permissionsManager, resourcesManager, routersManager, am)
-	customZonesManager := zonesManager.NewManager(store, am, permissionsManager, "")
-	zoneRecordsManager := recordsManager.NewManager(store, am, permissionsManager)
+	groupsManager := groups.NewManager(store, am)
+	routersManager := routers.NewManager(store, am)
+	resourcesManager := resources.NewManager(store, groupsManager, am, serviceManager)
+	networksManager := networks.NewManager(store, resourcesManager, routersManager, am)
+	customZonesManager := zonesManager.NewManager(store, am, "")
+	zoneRecordsManager := recordsManager.NewManager(store, am)
 
 	apiHandler, err := http2.NewAPIHandler(context.Background(), am, networksManager, resourcesManager, routersManager, groupsManager, geoMock, authManagerMock, metrics, validatorMock, proxyController, permissionsManager, peersManager, settingsManager, customZonesManager, zoneRecordsManager, networkMapController, nil, serviceManager, nil, nil, nil, nil)
 	if err != nil {
diff --git a/management/server/networks/manager.go b/management/server/networks/manager.go
index b23a0e410..95b96ea13 100644
--- a/management/server/networks/manager.go
+++ b/management/server/networks/manager.go
@@ -6,7 +6,6 @@ import (
 
 	"github.com/rs/xid"
 
-	"github.com/netbirdio/netbird/management/internals/modules/permissions"
 	"github.com/netbirdio/netbird/management/server/account"
 	"github.com/netbirdio/netbird/management/server/activity"
 	"github.com/netbirdio/netbird/management/server/networks/resources"
@@ -24,23 +23,21 @@ type Manager interface {
 }
 
 type managerImpl struct {
-	store              store.Store
-	accountManager     account.Manager
-	permissionsManager permissions.Manager
-	resourcesManager   resources.Manager
-	routersManager     routers.Manager
+	store            store.Store
+	accountManager   account.Manager
+	resourcesManager resources.Manager
+	routersManager   routers.Manager
 }
 
 type mockManager struct {
 }
 
-func NewManager(store store.Store, permissionsManager permissions.Manager, resourceManager resources.Manager, routersManager routers.Manager, accountManager account.Manager) Manager {
+func NewManager(store store.Store, resourceManager resources.Manager, routersManager routers.Manager, accountManager account.Manager) Manager {
 	return &managerImpl{
-		store:              store,
-		permissionsManager: permissionsManager,
-		resourcesManager:   resourceManager,
-		routersManager:     routersManager,
-		accountManager:     accountManager,
+		store:            store,
+		resourcesManager: resourceManager,
+		routersManager:   routersManager,
+		accountManager:   accountManager,
 	}
 }
 
diff --git a/management/server/networks/resources/manager.go b/management/server/networks/resources/manager.go
index 5a9ea442b..c5fab812f 100644
--- a/management/server/networks/resources/manager.go
+++ b/management/server/networks/resources/manager.go
@@ -7,7 +7,6 @@ import (
 
 	log "github.com/sirupsen/logrus"
 
-	"github.com/netbirdio/netbird/management/internals/modules/permissions"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
 	"github.com/netbirdio/netbird/management/server/account"
 	"github.com/netbirdio/netbird/management/server/activity"
@@ -31,23 +30,21 @@ type Manager interface {
 }
 
 type managerImpl struct {
-	store              store.Store
-	permissionsManager permissions.Manager
-	groupsManager      groups.Manager
-	accountManager     account.Manager
-	serviceManager     service.Manager
+	store          store.Store
+	groupsManager  groups.Manager
+	accountManager account.Manager
+	serviceManager service.Manager
 }
 
 type mockManager struct {
 }
 
-func NewManager(store store.Store, permissionsManager permissions.Manager, groupsManager groups.Manager, accountManager account.Manager, reverseproxyManager service.Manager) Manager {
+func NewManager(store store.Store, groupsManager groups.Manager, accountManager account.Manager, reverseproxyManager service.Manager) Manager {
 	return &managerImpl{
-		store:              store,
-		permissionsManager: permissionsManager,
-		groupsManager:      groupsManager,
-		accountManager:     accountManager,
-		serviceManager:     reverseproxyManager,
+		store:          store,
+		groupsManager:  groupsManager,
+		accountManager: accountManager,
+		serviceManager: reverseproxyManager,
 	}
 }
 
diff --git a/management/server/networks/routers/manager.go b/management/server/networks/routers/manager.go
index 9864d7def..d861855c1 100644
--- a/management/server/networks/routers/manager.go
+++ b/management/server/networks/routers/manager.go
@@ -7,7 +7,6 @@ import (
 
 	"github.com/rs/xid"
 
-	"github.com/netbirdio/netbird/management/internals/modules/permissions"
 	"github.com/netbirdio/netbird/management/server/account"
 	"github.com/netbirdio/netbird/management/server/activity"
 	"github.com/netbirdio/netbird/management/server/networks/routers/types"
@@ -27,19 +26,17 @@ type Manager interface {
 }
 
 type managerImpl struct {
-	store              store.Store
-	permissionsManager permissions.Manager
-	accountManager     account.Manager
+	store          store.Store
+	accountManager account.Manager
 }
 
 type mockManager struct {
 }
 
-func NewManager(store store.Store, permissionsManager permissions.Manager, accountManager account.Manager) Manager {
+func NewManager(store store.Store, accountManager account.Manager) Manager {
 	return &managerImpl{
-		store:              store,
-		permissionsManager: permissionsManager,
-		accountManager:     accountManager,
+		store:          store,
+		accountManager: accountManager,
 	}
 }