LogDog: Update to archival V2.

appengine/logdog/coordinator/endpoints/admin/service.go

Index: appengine/logdog/coordinator/endpoints/admin/service.go
diff --git a/appengine/logdog/coordinator/endpoints/admin/service.go b/appengine/logdog/coordinator/endpoints/admin/service.go
index 7d0382545b173a2ccc175025ac8dcc2940b10c60..0cb2bcea8be01b2a3bd7d110e25d51e12cffb015 100644
--- a/appengine/logdog/coordinator/endpoints/admin/service.go
+++ b/appengine/logdog/coordinator/endpoints/admin/service.go
@@ -5,10 +5,46 @@
 package admin
 
 import (
+	"github.com/luci/gae/service/info"
+	"github.com/luci/luci-go/appengine/logdog/coordinator"
 	"github.com/luci/luci-go/common/api/logdog_coordinator/admin/v1"
+	"github.com/luci/luci-go/common/grpcutil"
+	log "github.com/luci/luci-go/common/logging"
+	"github.com/luci/luci-go/server/auth"
+	"golang.org/x/net/context"
 )
 
 // Server is the Cloud Endpoint service structure for the administrator endpoint.
-type Server struct{}
+type Server struct {
+	coordinator.ServiceBase
+}
 
 var _ logdog.AdminServer = (*Server)(nil)
+
+// Auth returns an error if the current user does not have access to
+// adminstrative endpoints.
+func (*Server) Auth(c context.Context, svc coordinator.Services) error {
+	if err := coordinator.IsAdminUser(c, svc); err != nil {
+		log.WithError(err).Warningf(c, "User is not an administrator.")
+
+		// If we're on development server, any user can access this endpoint.
+		if info.Get(c).IsDevAppServer() {
+			log.Infof(c, "On development server, allowing admin access.")
+			return nil
+		}
+
+		u := auth.CurrentUser(c)
+		if !(u != nil && u.Superuser) {
+			return grpcutil.PermissionDenied
+		}
+
+		log.Fields{
+			"email":    u.Email,
+			"clientID": u.ClientID,
+			"name":     u.Name,
+		}.Infof(c, "User is an AppEngine superuser. Granting access.")
+		return nil
+	}
+
+	return nil
+}