Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(267)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: appengine/logdog/coordinator/auth.go

Issue 1863973002: LogDog: Update to archival V2. (Closed) Base URL: https://github.com/luci/luci-go@grpcutil-errors
Patch Set: Fix proto comment. Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « appengine/logdog/coordinator/archivalPublisher.go ('k') | appengine/logdog/coordinator/backend/archiveCron.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 package config 5 package coordinator
6 6
7 import ( 7 import (
8 "errors" 8 "errors"
9 "fmt" 9 "fmt"
10 10
11 "github.com/luci/gae/service/info" 11 "github.com/luci/gae/service/info"
12 log "github.com/luci/luci-go/common/logging" 12 log "github.com/luci/luci-go/common/logging"
13 "github.com/luci/luci-go/common/proto/logdog/svcconfig" 13 "github.com/luci/luci-go/common/proto/logdog/svcconfig"
14 "github.com/luci/luci-go/server/auth" 14 "github.com/luci/luci-go/server/auth"
15 "github.com/luci/luci-go/server/auth/identity" 15 "github.com/luci/luci-go/server/auth/identity"
16 "golang.org/x/net/context" 16 "golang.org/x/net/context"
17 ) 17 )
18 18
19 // IsAdminUser tests whether the current user belongs to the administrative 19 // IsAdminUser tests whether the current user belongs to the administrative
20 // users group. It will return an error if the user does not. 20 // users group. It will return an error if the user does not.
21 func IsAdminUser(c context.Context) error { 21 func IsAdminUser(c context.Context, svc Services) error {
22 » return isMember(c, func(cfg *svcconfig.Coordinator) string { 22 » return isMember(c, svc, func(cfg *svcconfig.Coordinator) string {
23 return cfg.AdminAuthGroup 23 return cfg.AdminAuthGroup
24 }) 24 })
25 } 25 }
26 26
27 // IsServiceUser tests whether the current user belongs to the backend services 27 // IsServiceUser tests whether the current user belongs to the backend services
28 // users group. It will return an error if the user does not. 28 // users group. It will return an error if the user does not.
29 func IsServiceUser(c context.Context) error { 29 func IsServiceUser(c context.Context, svc Services) error {
30 » return isMember(c, func(cfg *svcconfig.Coordinator) string { 30 » return isMember(c, svc, func(cfg *svcconfig.Coordinator) string {
31 return cfg.ServiceAuthGroup 31 return cfg.ServiceAuthGroup
32 }) 32 })
33 } 33 }
34 34
35 func isMember(c context.Context, groupNameFunc func(*svcconfig.Coordinator) stri ng) error { 35 func isMember(c context.Context, svc Services, groupNameFunc func(*svcconfig.Coo rdinator) string) error {
36 » cfg, err := Load(c) 36 » _, cfg, err := svc.Config(c)
37 if err != nil { 37 if err != nil {
38 return err 38 return err
39 } 39 }
40 40
41 // On dev-appserver, the superuser has implicit group membership to 41 // On dev-appserver, the superuser has implicit group membership to
42 // everything. 42 // everything.
43 if info.Get(c).IsDevAppServer() { 43 if info.Get(c).IsDevAppServer() {
44 if u := auth.CurrentUser(c); u.Superuser { 44 if u := auth.CurrentUser(c); u.Superuser {
45 log.Fields{ 45 log.Fields{
46 "identity": u.Identity, 46 "identity": u.Identity,
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after
80 80
81 func (e *MembershipError) Error() string { 81 func (e *MembershipError) Error() string {
82 return fmt.Sprintf("user %q is not a member of group %q", e.Identity, e. Group) 82 return fmt.Sprintf("user %q is not a member of group %q", e.Identity, e. Group)
83 } 83 }
84 84
85 // IsMembershipError returns whether a given error is a membership error. 85 // IsMembershipError returns whether a given error is a membership error.
86 func IsMembershipError(e error) bool { 86 func IsMembershipError(e error) bool {
87 _, ok := e.(*MembershipError) 87 _, ok := e.(*MembershipError)
88 return ok 88 return ok
89 } 89 }
OLDNEW
« no previous file with comments | « appengine/logdog/coordinator/archivalPublisher.go ('k') | appengine/logdog/coordinator/backend/archiveCron.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698