appengine/logdog/coordinator/context.go - Issue 1971493003: LogDog: Project READ access for user endpoints.

Unified Diff: appengine/logdog/coordinator/context.go

Issue 1971493003: LogDog: Project READ access for user endpoints. (Closed) Base URL: https://github.com/luci/luci-go@logdog-project-service-config

Patch Set: Updated patchset dependency Created 4 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« appengine/logdog/coordinator/auth.go ('K') | « appengine/logdog/coordinator/config/projects.go ('k') | appengine/logdog/coordinator/coordinatorTest/context.go » ('j') | appengine/logdog/coordinator/endpoints/services/registerStream.go » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: appengine/logdog/coordinator/context.go

diff --git a/appengine/logdog/coordinator/context.go b/appengine/logdog/coordinator/context.go

index 5731601fb0dd5eb88eaa0dc009654e04c166ad4c..6ca78c5af37332f33b7ed1c436cfaefc12da72d3 100644

--- a/appengine/logdog/coordinator/context.go

+++ b/appengine/logdog/coordinator/context.go

@@ -8,7 +8,6 @@ import (

"fmt"

"github.com/luci/gae/service/info"

- "github.com/luci/luci-go/appengine/logdog/coordinator/config"

luciConfig "github.com/luci/luci-go/common/config"

log "github.com/luci/luci-go/common/logging"

"golang.org/x/net/context"

@@ -34,9 +33,11 @@ func GetServices(c context.Context) Services {

// WithProjectNamespace sets the current namespace to the project name.

-// It will fail if either the project name or the project's namespace is

-// invalid. In the event of an error, the supplied Context will be not be

-// modified or invalidated.

+// It will return an error if the project name or the project's namespace is

+// invalid

nodir 2016/05/19 00:38:58 period missing

dnj (Google) 2016/05/19 16:12:34 Done.

+//

+// If the current user does not have READ permission for the project, a

+// MembershipError will be returned.

func WithProjectNamespace(c *context.Context, project luciConfig.ProjectName) error {

return withProjectNamespaceImpl(c, project, true)

}

@@ -53,25 +54,18 @@ func WithProjectNamespaceNoAuth(c *context.Context, project luciConfig.ProjectNa

func withProjectNamespaceImpl(c *context.Context, project luciConfig.ProjectName, auth bool) error {

// TODO(dnj): REQUIRE this to be non-empty once namespacing is mandatory.

if project == "" {

- log.Debugf(*c, "Using default namespace.")

return nil

}

if err := project.Validate(); err != nil {

- log.Fields{

- log.ErrorKey: err,

- "project": project,

- }.Errorf(*c, "Project name is invalid.")

+ log.WithError(err).Errorf(*c, "Project name is invalid.")

return err

}

- // Validate the user's access to the named project, if authenticating.

+ // Validate the user's READ access to the named project, if authenticating.

if auth {

- if err := config.AssertProjectAccess(*c, project); err != nil {

- log.Fields{

- log.ErrorKey: err,

- "project": project,

- }.Errorf(*c, "User cannot access requested project.")

+ if err := IsProjectReader(*c, project); err != nil {

+ log.WithError(err).Errorf(*c, "User cannot access requested project.")

return err

}

@@ -87,9 +81,6 @@ func withProjectNamespaceImpl(c *context.Context, project luciConfig.ProjectName

return err

}

- log.Fields{

- "project": project,

- }.Debugf(*c, "Using project namespace.")

*c = nc

return nil

}