Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(171)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: appengine/logdog/coordinator/auth.go

Issue 1970823005: LogDog: Add prefix registration endpoint. (Closed) Base URL: https://github.com/luci/luci-go@logdog-project-archivist-useconfig
Patch Set: Updated patchset dependency Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« appengine/cmd/logdog_coordinator/register/module-register.yaml ('K') | « appengine/cmd/logdog_coordinator/vmuser/main.go ('k') | appengine/logdog/coordinator/context.go » ('j') | appengine/logdog/coordinator/context.go » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 package coordinator 5 package coordinator
6 6
7 import ( 7 import (
8 "fmt" 8 "fmt"
9 "strings" 9 "strings"
10 10
(...skipping 27 matching lines...) Expand all
38 cfg, err := GetServices(c).Config(c) 38 cfg, err := GetServices(c).Config(c)
39 if err != nil { 39 if err != nil {
40 return err 40 return err
41 } 41 }
42 return checkMember(c, cfg.Coordinator.ServiceAuthGroup) 42 return checkMember(c, cfg.Coordinator.ServiceAuthGroup)
43 } 43 }
44 44
45 // IsProjectReader tests whether the current user belongs to one of the 45 // IsProjectReader tests whether the current user belongs to one of the
46 // project's declared reader groups. 46 // project's declared reader groups.
47 // 47 //
48 // If the user is not a member of any groups, a MembershipError will be 48 // If the user is not a member of any of the groups, a MembershipError will be
49 // returned. 49 // returned.
50 func IsProjectReader(c context.Context, project luciConfig.ProjectName) error { 50 func IsProjectReader(c context.Context, project luciConfig.ProjectName) error {
51 pcfg, err := GetServices(c).ProjectConfig(c, project) 51 pcfg, err := GetServices(c).ProjectConfig(c, project)
52 if err != nil { 52 if err != nil {
53 return err 53 return err
54 } 54 }
55 return checkMember(c, pcfg.ReaderAuthGroups...) 55 return checkMember(c, pcfg.ReaderAuthGroups...)
56 } 56 }
57 57
58 // IsProjectWriter tests whether the current user belongs to one of the
59 // project's declared writer groups.
60 //
61 // If the user is not a member of any of the groups, a MembershipError will be
62 // returned.
63 func IsProjectWriter(c context.Context, project luciConfig.ProjectName) error {
64 pcfg, err := GetServices(c).ProjectConfig(c, project)
65 if err != nil {
66 return err
67 }
68 return checkMember(c, pcfg.WriterAuthGroups...)
69 }
70
58 func checkMember(c context.Context, groups ...string) error { 71 func checkMember(c context.Context, groups ...string) error {
59 // On dev-appserver, the superuser has implicit group membership to 72 // On dev-appserver, the superuser has implicit group membership to
60 // everything. 73 // everything.
61 if info.Get(c).IsDevAppServer() { 74 if info.Get(c).IsDevAppServer() {
62 if u := auth.CurrentUser(c); u.Superuser { 75 if u := auth.CurrentUser(c); u.Superuser {
63 log.Fields{ 76 log.Fields{
64 "identity": u.Identity, 77 "identity": u.Identity,
65 "groups": groups, 78 "groups": groups,
66 }.Infof(c, "Granting superuser implicit group membership on development server.") 79 }.Infof(c, "Granting superuser implicit group membership on development server.")
67 return nil 80 return nil
(...skipping 30 matching lines...) Expand all
98 111
99 func (e *MembershipError) Error() string { 112 func (e *MembershipError) Error() string {
100 return fmt.Sprintf("user %q is not a member of [%s]", e.Identity, string s.Join(e.Groups, ", ")) 113 return fmt.Sprintf("user %q is not a member of [%s]", e.Identity, string s.Join(e.Groups, ", "))
101 } 114 }
102 115
103 // IsMembershipError returns whether a given error is a membership error. 116 // IsMembershipError returns whether a given error is a membership error.
104 func IsMembershipError(e error) bool { 117 func IsMembershipError(e error) bool {
105 _, ok := e.(*MembershipError) 118 _, ok := e.(*MembershipError)
106 return ok 119 return ok
107 } 120 }
OLDNEW
« appengine/cmd/logdog_coordinator/register/module-register.yaml ('K') | « appengine/cmd/logdog_coordinator/vmuser/main.go ('k') | appengine/logdog/coordinator/context.go » ('j') | appengine/logdog/coordinator/context.go » ('J')

Powered by Google App Engine
This is Rietveld 408576698