| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 package coordinator | 5 package coordinator |
| 6 | 6 |
| 7 import ( | 7 import ( |
| 8 "fmt" | 8 "fmt" |
| 9 "strings" | 9 "strings" |
| 10 | 10 |
| (...skipping 30 matching lines...) Expand all Loading... |
| 41 } | 41 } |
| 42 | 42 |
| 43 // IsProjectReader tests whether the current user belongs to one of the | 43 // IsProjectReader tests whether the current user belongs to one of the |
| 44 // project's declared reader groups. | 44 // project's declared reader groups. |
| 45 // | 45 // |
| 46 // If the user is not, a MembershipError will be returned. | 46 // If the user is not, a MembershipError will be returned. |
| 47 func IsProjectReader(c context.Context, pcfg *svcconfig.ProjectConfig) error { | 47 func IsProjectReader(c context.Context, pcfg *svcconfig.ProjectConfig) error { |
| 48 return checkMember(c, pcfg.ReaderAuthGroups...) | 48 return checkMember(c, pcfg.ReaderAuthGroups...) |
| 49 } | 49 } |
| 50 | 50 |
| 51 // IsProjectWriter tests whether the current user belongs to one of the |
| 52 // project's declared writer groups. |
| 53 // |
| 54 // If the user is not a member of any of the groups, a MembershipError will be |
| 55 // returned. |
| 56 func IsProjectWriter(c context.Context, pcfg *svcconfig.ProjectConfig) error { |
| 57 return checkMember(c, pcfg.WriterAuthGroups...) |
| 58 } |
| 59 |
| 51 func checkMember(c context.Context, groups ...string) error { | 60 func checkMember(c context.Context, groups ...string) error { |
| 52 // On dev-appserver, the superuser has implicit group membership to | 61 // On dev-appserver, the superuser has implicit group membership to |
| 53 // everything. | 62 // everything. |
| 54 if info.Get(c).IsDevAppServer() { | 63 if info.Get(c).IsDevAppServer() { |
| 55 if u := auth.CurrentUser(c); u.Superuser { | 64 if u := auth.CurrentUser(c); u.Superuser { |
| 56 log.Fields{ | 65 log.Fields{ |
| 57 "identity": u.Identity, | 66 "identity": u.Identity, |
| 58 "groups": groups, | 67 "groups": groups, |
| 59 }.Infof(c, "Granting superuser implicit group membership
on development server.") | 68 }.Infof(c, "Granting superuser implicit group membership
on development server.") |
| 60 return nil | 69 return nil |
| (...skipping 30 matching lines...) Expand all Loading... |
| 91 | 100 |
| 92 func (e *MembershipError) Error() string { | 101 func (e *MembershipError) Error() string { |
| 93 return fmt.Sprintf("user %q is not a member of [%s]", e.Identity, string
s.Join(e.Groups, ", ")) | 102 return fmt.Sprintf("user %q is not a member of [%s]", e.Identity, string
s.Join(e.Groups, ", ")) |
| 94 } | 103 } |
| 95 | 104 |
| 96 // IsMembershipError returns whether a given error is a membership error. | 105 // IsMembershipError returns whether a given error is a membership error. |
| 97 func IsMembershipError(e error) bool { | 106 func IsMembershipError(e error) bool { |
| 98 _, ok := e.(*MembershipError) | 107 _, ok := e.(*MembershipError) |
| 99 return ok | 108 return ok |
| 100 } | 109 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1970823005:
LogDog: Add prefix registration endpoint. (Closed)
Base URL: https://github.com/luci/luci-go@logdog-project-archivist-useconfig