Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(528)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: appengine/cr-buildbucket/acl.py

Issue 2158953002: swarmbucket: add $project template parameter (Closed) Base URL: https://chromium.googlesource.com/infra/infra.git@master
Patch Set: Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | appengine/cr-buildbucket/config.py » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # Copyright 2014 The Chromium Authors. All rights reserved. 1 # Copyright 2014 The Chromium Authors. All rights reserved.
2 # Use of this source code is governed by a BSD-style license that can be 2 # Use of this source code is governed by a BSD-style license that can be
3 # found in the LICENSE file. 3 # found in the LICENSE file.
4 4
5 """Access control list implementation. 5 """Access control list implementation.
6 6
7 See Acl message in proto/project_config.proto. 7 See Acl message in proto/project_config.proto.
8 """ 8 """
9 9
10 import collections 10 import collections
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after
108 """True if current identity has any of |roles| in |bucket|.""" 108 """True if current identity has any of |roles| in |bucket|."""
109 assert bucket 109 assert bucket
110 assert roles 110 assert roles
111 errors.validate_bucket_name(bucket) 111 errors.validate_bucket_name(bucket)
112 roles = set(roles) 112 roles = set(roles)
113 assert roles.issubset(project_config_pb2.Acl.Role.values()) 113 assert roles.issubset(project_config_pb2.Acl.Role.values())
114 114
115 if auth.is_admin(): 115 if auth.is_admin():
116 raise ndb.Return(True) 116 raise ndb.Return(True)
117 117
118 bucket_cfg = yield config.get_bucket_async(bucket) 118 _, bucket_cfg = yield config.get_bucket_async(bucket)
119 identity_str = auth.get_current_identity().to_bytes() 119 identity_str = auth.get_current_identity().to_bytes()
120 if bucket_cfg: 120 if bucket_cfg:
121 for rule in bucket_cfg.acls: 121 for rule in bucket_cfg.acls:
122 if rule.role not in roles: 122 if rule.role not in roles:
123 continue 123 continue
124 if rule.identity == identity_str: 124 if rule.identity == identity_str:
125 raise ndb.Return(True) 125 raise ndb.Return(True)
126 if rule.group and auth.is_group_member(rule.group): 126 if rule.group and auth.is_group_member(rule.group):
127 raise ndb.Return(True) 127 raise ndb.Return(True)
128 raise ndb.Return(False) 128 raise ndb.Return(False)
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after
185 memcache.set(cache_key, available_buckets, 10 * 60) 185 memcache.set(cache_key, available_buckets, 10 * 60)
186 return available_buckets 186 return available_buckets
187 187
188 188
189 def current_identity_cannot(action_format, *args): # pragma: no cover 189 def current_identity_cannot(action_format, *args): # pragma: no cover
190 """Returns AuthorizationError.""" 190 """Returns AuthorizationError."""
191 action = action_format % args 191 action = action_format % args
192 msg = 'User %s cannot %s' % (auth.get_current_identity().to_bytes(), action) 192 msg = 'User %s cannot %s' % (auth.get_current_identity().to_bytes(), action)
193 logging.warning(msg) 193 logging.warning(msg)
194 return auth.AuthorizationError(msg) 194 return auth.AuthorizationError(msg)
OLDNEW
« no previous file with comments | « no previous file | appengine/cr-buildbucket/config.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698