appengine/config_service/api.py - Issue 1224913002: luci-config: fine-grained acls

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: appengine/config_service/api.py

Issue 1224913002: luci-config: fine-grained acls (Closed) Base URL: git@github.com:luci/luci-py.git@master

Patch Set: fine-grained acls for service configs Created 5 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: appengine/config_service/api.py

diff --git a/appengine/config_service/api.py b/appengine/config_service/api.py

index 4b628f5b683c4d4a7504b7fab530c1d42e0205c1..ed2a37ae7d16e1fe9ffc346ead7206e233a332b5 100644

--- a/appengine/config_service/api.py

+++ b/appengine/config_service/api.py

@@ -55,8 +55,7 @@ class ConfigApi(remote.Service):

def can_read_config_set(self, config_set):

try:

- return acl.can_read_config_set(

- config_set, headers=self.request_state.headers)

+ return acl.can_read_config_set(config_set)

except ValueError:

raise endpoints.BadRequestException('Invalid config set: %s' % config_set)

@@ -185,9 +184,9 @@ class ConfigApi(remote.Service):

The project list is stored in services/luci-config:projects.cfg.

"""

- if not acl.can_read_project_list():

- raise endpoints.ForbiddenException()

- return self.GetProjectsResponseMessage(projects=get_projects())

+ return self.GetProjectsResponseMessage(

+ projects=[p for p in get_projects() if acl.has_project_access(p.id)],

+ )

##############################################################################

# endpoint: get_refs

@@ -207,7 +206,7 @@ class ConfigApi(remote.Service):

path='projects/{project_id}/refs')

def get_refs(self, request):

"""Gets list of refs of a project."""

- if not acl.can_read_project_config(request.project_id):

+ if not acl.has_project_access(request.project_id):

raise endpoints.NotFoundException()

ref_names = get_ref_names(request.project_id)

if ref_names is None:

@@ -304,10 +303,8 @@ def get_config_multi(config_sets, path, hashes_only):

Returns empty config list if requester does not have project access.

"""

- if not acl.has_project_access():

- raise endpoints.ForbiddenException()

res = GetConfigMultiResponseMessage()

+ config_sets = filter(acl.can_read_config_set, config_sets)

configs = storage.get_latest_multi_async(

config_sets, path, hashes_only).get_result()

for config in configs:

« appengine/config_service/acl.py ('K') | « appengine/config_service/acl_test.py ('k') | appengine/config_service/api_test.py » ('j') | no next file with comments »