Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1158)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: appengine/logdog/coordinator/endpoints/logs/service.go

Issue 1971493003: LogDog: Project READ access for user endpoints. (Closed) Base URL: https://github.com/luci/luci-go@logdog-project-service-config
Patch Set: Updated patchset dependency Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« appengine/logdog/coordinator/context.go ('K') | « appengine/logdog/coordinator/endpoints/logs/query_test.go ('k') | appengine/logdog/coordinator/endpoints/services/registerStream.go » ('j') | appengine/logdog/coordinator/endpoints/services/registerStream.go » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: appengine/logdog/coordinator/endpoints/logs/service.go
diff --git a/appengine/logdog/coordinator/endpoints/logs/service.go b/appengine/logdog/coordinator/endpoints/logs/service.go
index 10039b3a5a34213384143453041ee96fd12c4e84..d7000031994f99c8adf8dbefc35b690bd7446902 100644
--- a/appengine/logdog/coordinator/endpoints/logs/service.go
+++ b/appengine/logdog/coordinator/endpoints/logs/service.go
@@ -11,6 +11,7 @@ import (
"github.com/luci/luci-go/common/api/logdog_coordinator/logs/v1"
"github.com/luci/luci-go/common/config"
"github.com/luci/luci-go/common/grpcutil"
+ log "github.com/luci/luci-go/common/logging"
"golang.org/x/net/context"
)
@@ -38,12 +39,14 @@ func newService(svr *server) logdog.LogsServer {
// mesages must implement ProjectBoundMessage.
pbm, ok := req.(endpoints.ProjectBoundMessage)
if ok {
- if err := coordinator.WithProjectNamespace(&c, config.ProjectName(pbm.GetMessageProject())); err != nil {
- // If access is explicitly denied, return the appropriate gRPC error.
- if err == coordinator.ErrNoAccess {
- return nil, grpcutil.NotFound
- }
- return nil, grpcutil.Internal
+ // Enter the requested project namespace. This validates that the
+ // current user has READ access.
+ project := config.ProjectName(pbm.GetMessageProject())
+ log.Fields{
+ "project": project,
+ }.Debugf(c, "User is accessing project.")
+ if err := coordinator.WithProjectNamespace(&c, project); err != nil {
+ return nil, getGRPCError(c, err)
}
}
@@ -52,6 +55,24 @@ func newService(svr *server) logdog.LogsServer {
}
}
+func getGRPCError(c context.Context, err error) error {
+ switch {
+ case err == nil:
+ return nil
+
+ case err == config.ErrNoConfig:
+ log.WithError(err).Errorf(c, "No project configuration defined.")
+ return grpcutil.PermissionDenied
+
+ case coordinator.IsMembershipError(err):
+ log.WithError(err).Errorf(c, "User does not have READ access to project.")
+ return grpcutil.PermissionDenied
+
+ default:
+ return grpcutil.Internal
+ }
+}
+
func (s *server) limit(v int, d int) int {
if s.resultLimit > 0 {
d = s.resultLimit
« appengine/logdog/coordinator/context.go ('K') | « appengine/logdog/coordinator/endpoints/logs/query_test.go ('k') | appengine/logdog/coordinator/endpoints/services/registerStream.go » ('j') | appengine/logdog/coordinator/endpoints/services/registerStream.go » ('J')

Powered by Google App Engine
This is Rietveld 408576698