Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(15)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: appengine/logdog/coordinator/endpoints/logs/service.go

Issue 1971493003: LogDog: Project READ access for user endpoints. (Closed) Base URL: https://github.com/luci/luci-go@logdog-project-service-config
Patch Set: Updated patchset dependency Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « appengine/logdog/coordinator/endpoints/logs/query_test.go ('k') | appengine/logdog/coordinator/endpoints/services/registerStream.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 package logs 5 package logs
6 6
7 import ( 7 import (
8 "github.com/golang/protobuf/proto" 8 "github.com/golang/protobuf/proto"
9 "github.com/luci/luci-go/appengine/logdog/coordinator" 9 "github.com/luci/luci-go/appengine/logdog/coordinator"
10 "github.com/luci/luci-go/appengine/logdog/coordinator/endpoints" 10 "github.com/luci/luci-go/appengine/logdog/coordinator/endpoints"
11 "github.com/luci/luci-go/common/api/logdog_coordinator/logs/v1" 11 "github.com/luci/luci-go/common/api/logdog_coordinator/logs/v1"
12 "github.com/luci/luci-go/common/config" 12 "github.com/luci/luci-go/common/config"
13 "github.com/luci/luci-go/common/grpcutil" 13 "github.com/luci/luci-go/common/grpcutil"
14 log "github.com/luci/luci-go/common/logging"
14 "golang.org/x/net/context" 15 "golang.org/x/net/context"
15 ) 16 )
16 17
17 // Server is the user-facing log access and query endpoint service. 18 // Server is the user-facing log access and query endpoint service.
18 type server struct { 19 type server struct {
19 // resultLimit is the maximum number of query results to return in a 20 // resultLimit is the maximum number of query results to return in a
20 // single query. If zero, the default will be used. 21 // single query. If zero, the default will be used.
21 // 22 //
22 // This is provided for testing purposes. 23 // This is provided for testing purposes.
23 resultLimit int 24 resultLimit int
24 } 25 }
25 26
26 // New creates a new authenticating LogsServer instance. 27 // New creates a new authenticating LogsServer instance.
27 func New() logdog.LogsServer { 28 func New() logdog.LogsServer {
28 return newService(&server{}) 29 return newService(&server{})
29 } 30 }
30 31
31 func newService(svr *server) logdog.LogsServer { 32 func newService(svr *server) logdog.LogsServer {
32 return &logdog.DecoratedLogs{ 33 return &logdog.DecoratedLogs{
33 Service: svr, 34 Service: svr,
34 Prelude: func(c context.Context, methodName string, req proto.Me ssage) (context.Context, error) { 35 Prelude: func(c context.Context, methodName string, req proto.Me ssage) (context.Context, error) {
35 // Enter a datastore namespace based on the message type . 36 // Enter a datastore namespace based on the message type .
36 // 37 //
37 // We use a type switch here because this is a shared de corator. All user 38 // We use a type switch here because this is a shared de corator. All user
38 // mesages must implement ProjectBoundMessage. 39 // mesages must implement ProjectBoundMessage.
39 pbm, ok := req.(endpoints.ProjectBoundMessage) 40 pbm, ok := req.(endpoints.ProjectBoundMessage)
40 if ok { 41 if ok {
41 » » » » if err := coordinator.WithProjectNamespace(&c, c onfig.ProjectName(pbm.GetMessageProject())); err != nil { 42 » » » » // Enter the requested project namespace. This v alidates that the
42 » » » » » // If access is explicitly denied, retur n the appropriate gRPC error. 43 » » » » // current user has READ access.
43 » » » » » if err == coordinator.ErrNoAccess { 44 » » » » project := config.ProjectName(pbm.GetMessageProj ect())
44 » » » » » » return nil, grpcutil.NotFound 45 » » » » log.Fields{
45 » » » » » } 46 » » » » » "project": project,
46 » » » » » return nil, grpcutil.Internal 47 » » » » }.Debugf(c, "User is accessing project.")
48 » » » » if err := coordinator.WithProjectNamespace(&c, p roject); err != nil {
49 » » » » » return nil, getGRPCError(c, err)
47 } 50 }
48 } 51 }
49 52
50 return c, nil 53 return c, nil
51 }, 54 },
52 } 55 }
53 } 56 }
54 57
58 func getGRPCError(c context.Context, err error) error {
59 switch {
60 case err == nil:
61 return nil
62
63 case err == config.ErrNoConfig:
64 log.WithError(err).Errorf(c, "No project configuration defined." )
65 return grpcutil.PermissionDenied
66
67 case coordinator.IsMembershipError(err):
68 log.WithError(err).Errorf(c, "User does not have READ access to project.")
69 return grpcutil.PermissionDenied
70
71 default:
72 return grpcutil.Internal
73 }
74 }
75
55 func (s *server) limit(v int, d int) int { 76 func (s *server) limit(v int, d int) int {
56 if s.resultLimit > 0 { 77 if s.resultLimit > 0 {
57 d = s.resultLimit 78 d = s.resultLimit
58 } 79 }
59 if v <= 0 || v > d { 80 if v <= 0 || v > d {
60 return d 81 return d
61 } 82 }
62 return v 83 return v
63 } 84 }
OLDNEW
« no previous file with comments | « appengine/logdog/coordinator/endpoints/logs/query_test.go ('k') | appengine/logdog/coordinator/endpoints/services/registerStream.go » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698