From a80992dc02acf83d1554a9a366cd437809be3a38 Mon Sep 17 00:00:00 2001
From: Pallab Pain <pallabkumarpain@gmail.com>
Date: Thu, 7 Mar 2024 12:14:29 +0530
Subject: [PATCH] fix: makes file-based ACL accessible from APIs

---
 hscontrol/grpcv1.go | 29 ++++++++++++++++++++++++-----
 1 file changed, 24 insertions(+), 5 deletions(-)

diff --git a/hscontrol/grpcv1.go b/hscontrol/grpcv1.go
index 8f72d2520ee..389198a6e4e 100644
--- a/hscontrol/grpcv1.go
+++ b/hscontrol/grpcv1.go
@@ -659,12 +659,31 @@ func (api headscaleV1APIServer) GetACL(
 	_ context.Context,
 	_ *v1.GetACLRequest,
 ) (*v1.GetACLResponse, error) {
-	acl, err := api.h.db.GetACL()
-	if err != nil {
-		if db.IsNotFoundError(err) {
-			return nil, types.ErrACLPolicyNotFound
+	var (
+		acl *types.ACL
+		err error
+	)
+
+	// Get the ACL from the database or the file, depending on the
+	// configuration. If the ACL is not found, return an error.
+	switch api.h.cfg.ACL.PolicyMode {
+	case types.ACLPolicyModeDB:
+		acl, err = api.h.db.GetACL()
+		if err != nil {
+			if db.IsNotFoundError(err) {
+				return nil, types.ErrACLPolicyNotFound
+			}
+			return nil, err
+		}
+	case types.ACLPolicyModeFile:
+		aclBytes, err := api.h.ACLPolicy.Bytes()
+		if err != nil {
+			return nil, err
+		}
+
+		acl = &types.ACL{
+			Policy: aclBytes,
 		}
-		return nil, err
 	}
 
 	return &v1.GetACLResponse{