Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1249)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: appengine/config_service/api.py

Issue 1224913002: luci-config: fine-grained acls (Closed) Base URL: git@github.com:luci/luci-py.git@master
Patch Set: mentioned in doc that trusted services also have access Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« appengine/config_service/acl.py ('K') | « appengine/config_service/acl_test.py ('k') | appengine/config_service/api_test.py » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: appengine/config_service/api.py
diff --git a/appengine/config_service/api.py b/appengine/config_service/api.py
index 4b628f5b683c4d4a7504b7fab530c1d42e0205c1..ed2a37ae7d16e1fe9ffc346ead7206e233a332b5 100644
--- a/appengine/config_service/api.py
+++ b/appengine/config_service/api.py
@@ -55,8 +55,7 @@ class ConfigApi(remote.Service):
def can_read_config_set(self, config_set):
try:
- return acl.can_read_config_set(
- config_set, headers=self.request_state.headers)
+ return acl.can_read_config_set(config_set)
except ValueError:
raise endpoints.BadRequestException('Invalid config set: %s' % config_set)
@@ -185,9 +184,9 @@ class ConfigApi(remote.Service):
The project list is stored in services/luci-config:projects.cfg.
"""
- if not acl.can_read_project_list():
- raise endpoints.ForbiddenException()
- return self.GetProjectsResponseMessage(projects=get_projects())
+ return self.GetProjectsResponseMessage(
+ projects=[p for p in get_projects() if acl.has_project_access(p.id)],
+ )
##############################################################################
# endpoint: get_refs
@@ -207,7 +206,7 @@ class ConfigApi(remote.Service):
path='projects/{project_id}/refs')
def get_refs(self, request):
"""Gets list of refs of a project."""
- if not acl.can_read_project_config(request.project_id):
+ if not acl.has_project_access(request.project_id):
raise endpoints.NotFoundException()
ref_names = get_ref_names(request.project_id)
if ref_names is None:
@@ -304,10 +303,8 @@ def get_config_multi(config_sets, path, hashes_only):
Returns empty config list if requester does not have project access.
"""
- if not acl.has_project_access():
- raise endpoints.ForbiddenException()
-
res = GetConfigMultiResponseMessage()
+ config_sets = filter(acl.can_read_config_set, config_sets)
configs = storage.get_latest_multi_async(
config_sets, path, hashes_only).get_result()
for config in configs:
« appengine/config_service/acl.py ('K') | « appengine/config_service/acl_test.py ('k') | appengine/config_service/api_test.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698