appengine/components/components/auth/ui/acl.py - Issue 2013943002: Changing license header, again!

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: appengine/components/components/auth/ui/acl.py

Issue 2013943002: Changing license header, again! (Closed) Base URL: git@github.com:luci/luci-py.git@master

Patch Set: Fixed third parties Created 4 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « appengine/components/components/auth/tokens_test.py ('k') | appengine/components/components/auth/ui/app.py » ('j') | no next file with comments »

OLD	NEW
1 # Copyright 2015 The LUCI Authors. All rights reserved.	1 # Copyright 2015 The LUCI Authors. All rights reserved.

2 # Use of this source code is governed by the Apache v2.0 license that can be	2 # Use of this source code is governed under the Apache License, Version 2.0

3 # found in the LICENSE file.	3 # that can be found in the LICENSE file.

4	4

5 """Top level access control for Auth API itself."""	5 """Top level access control for Auth API itself."""

6	6

7 from .. import api	7 from .. import api

8	8

9	9

10 ACCESS_GROUP_NAME = 'auth-service-access'	10 ACCESS_GROUP_NAME = 'auth-service-access'

11	11

12	12

13 def has_access(identity=None):	13 def has_access(identity=None):

14 """Returns True if current caller can access groups and other auth data.	14 """Returns True if current caller can access groups and other auth data.

15	15

16 Used in @require(...) decorators of API handlers.	16 Used in @require(...) decorators of API handlers.

17	17

18 It is a top level check that acts as an access guard for both reads and	18 It is a top level check that acts as an access guard for both reads and

19 writes. Individual entities are protected by additional checks.	19 writes. Individual entities are protected by additional checks.

20	20

21 By default, passing 'has_access' check grants read-only access to everything	21 By default, passing 'has_access' check grants read-only access to everything

22 (via UI or API). Write access is controlled by more fine-grain ACLs.	22 (via UI or API). Write access is controlled by more fine-grain ACLs.

23 """	23 """

24 # TODO(vadimsh): Remove 'groups-readonly-access' once everything is migrated	24 # TODO(vadimsh): Remove 'groups-readonly-access' once everything is migrated

25 # to 'auth-service-access'.	25 # to 'auth-service-access'.

26 identity = identity or api.get_current_identity()	26 identity = identity or api.get_current_identity()

27 return (	27 return (

28 api.is_admin(identity) or	28 api.is_admin(identity) or

29 api.is_group_member(ACCESS_GROUP_NAME, identity) or	29 api.is_group_member(ACCESS_GROUP_NAME, identity) or

30 api.is_group_member('groups-readonly-access', identity))	30 api.is_group_member('groups-readonly-access', identity))

OLD	NEW